Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

AV security 2012

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

AV security 2012

Unread postby docs_babe2007 » November 13th, 2011, 5:43 pm

My computer has been infected with AV security 2012. I have no clue where to begin to remove or uninstall it. I did not DL anything for it. I dont know if you need this but I am running windows 7. I tried to get a DDS log but my computer is not letting me. Thank you for any help you can provide.
docs_babe2007
Active Member
 
Posts: 8
Joined: November 13th, 2011, 5:15 pm
Advertisement
Register to Remove

Re: AV security 2012

Unread postby mambass » November 14th, 2011, 7:59 am

Hi docs_babe2007, :)

Welcome to the forum.

My nickname is mambass and I'll be helping you with any malware problems.

Before we begin...please read and follow these important guidelines so things will proceed smoothly.

  1. If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. Please read all instructions carefully before executing them and perform the steps in the order given.
    lf you have any questions or problems executing these instructions, <<STOP>> do not proceed but rather post back with the question or problem.
  4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
  5. You must have Administrator rights permissions for this computer.
  6. DO NOT run any other fix or removal tools unless instructed to do so!
  7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
  9. Only reply to this thread. Do not start another thread.
  10. The absence of symptoms does not imply the absence of malware. Please, continue responding, until I give you the "All Clean".
  11. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
  12. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
  13. The logs I request can take a while to research, so please be patient.
  14. I am currently in training at Malware Removal University. Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side, you will have two people working together to resolve your malware issues.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

How to back up or transfer your data on a Windows-based computer

-----------------------------------------------------------

I am currently reviewing your situation and will return, as soon as possible, with additional instructions.

Thanks,

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: AV security 2012

Unread postby docs_babe2007 » November 14th, 2011, 9:11 pm

thank you for your help.
docs_babe2007
Active Member
 
Posts: 8
Joined: November 13th, 2011, 5:15 pm

Re: AV security 2012

Unread postby mambass » November 17th, 2011, 8:27 am

Hi docs_babe2007, :)

I apologize for the delay in getting back to you.

Your operating system has a built-in utility called User Access Control (UAC).

  • All tools used in my instructions require Adminstrator privileges and therefore must be executed by right-clicking on the program's icon or directory entry and then selecting Run As Administrator from the popup menu.
  • Please select the Allow option when prompted by UAC for any instructions that I provide.
For more information please see User Account Control (UAC) in Windows 7

Also, for any of my instructions that state: Click Start …, the Start button for your operating system is the Windows orb button Image.

-------------------------------------

Note: The infection may prohibit you from downloading tools to your system. If that happens then please perform the download steps on another computer and then transfer the downloaded file from that computer to the Desktop of the infected computer using external media such as a USB Flash Drive, CD/DVD or external drive.


  1. Create a System Restore Point – Windows 7

    1. Click Start and then right-click My Computer and select Properties in the popup menu. The System window will open.
    2. Click System Protection in the left pane. The System Properties dialog will open with the System Protection tab selected which contains a button labeled Create… .
    3. Click the Create… button. A dialog will open containing a text box where a description of the restore point can be entered.
    4. Type "Before malware removal" in the text box and then click the Create button. The restore point will be created after which a message will be displayed stating The restore point was created successfully..
    5. Click the Close button to close the message dialog.
    6. Click the OK button to close the System Properties dialog.
    7. Close the System window.

      Important: If you have NOT successfully create a System Restore Point then do not go any further but instead post back so that we can determine why it was unsuccessful.


  2. Download and run ComboFix
    • Please download ComboFix from one of the following links.

      Link 1.

      Link 2.

      **IMPORTANT !!! Save ComboFix.exe to your Desktop**
    • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    • Right-click on ComboFix.exe, select Run As Administrator in the popup menu & follow the prompts
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper



  3. Download and run Malwarebytes

    Please download Malwarebytes' Anti-Malware and save to your desktop.

    • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
      Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. A description of how your computer is running and any Malware symptoms that are still present.
  3. The contents of the ComboFix log.
  4. The contents of the Malwarebytes log.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: AV security 2012

Unread postby docs_babe2007 » November 17th, 2011, 1:42 pm

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8183

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/17/2011 9:37:14 AM
mbam-log-2011-11-17 (09-37-14).txt

Scan type: Quick scan
Objects scanned: 168549
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R99gTqqYCekVzNx8234A (Trojan.FakeAlert.CLGen) -> Value: R99gTqqYCekVzNx8234A -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\docs_babe\AppData\Roaming\ldr.ini (Malware.Trace) -> Not selected for removal.

ComboFix 11-11-17.03 - docs_babe 11/17/2011 8:44.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1643.523 [GMT -8:00]
Running from: c:\users\docs_babe\Downloads\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Brand Affinity Technologies
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_w3i20110531.crx
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_w3i20110531.xpi
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ieupdate.msi
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\program files (x86)\LP
c:\program files (x86)\LP\2262\7D7.exe
c:\program files (x86)\LP\2262\ED1B.tmp
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\users\docs_babe\AppData\Roaming\2048E
c:\users\docs_babe\AppData\Roaming\2048E\0B022.exe
c:\users\docs_babe\AppData\Roaming\2048E\EA0D.048
c:\users\docs_babe\AppData\Roaming\chrome.exe
c:\users\docs_babe\AppData\Roaming\dwme.exe
c:\users\docs_babe\AppData\Roaming\java.exe
c:\users\docs_babe\AppData\Roaming\Microsoft\2262\7D7.exe
c:\windows\security\Database\tmp.edb
c:\windows\system64
c:\windows\Tasks\At1.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FTSvc
-------\Service_FTSvc
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 17:07 . 2011-11-17 17:07 -------- d-----w- c:\users\docs_babe\AppData\Roaming\s4aQH6sWKfLgZjC
2011-11-17 17:07 . 2011-11-17 17:07 -------- d-----w- c:\users\docs_babe\AppData\Roaming\HIVrzONtx0c2b3n
2011-11-17 16:57 . 2011-11-17 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-17 16:18 . 2011-11-17 16:18 127 ----a-w- c:\users\docs_babe\AppData\Roaming\Microsoft\2262\bl303905_64.bat
2011-11-17 16:17 . 2011-11-17 16:23 -------- d-----w- c:\users\docs_babe\AppData\Roaming\ncSS1ivD3onFam5
2011-11-17 16:17 . 2011-11-17 16:17 -------- d-----w- c:\users\docs_babe\AppData\Roaming\gqqhYCCwkUlBtx0
2011-11-17 16:17 . 2011-11-17 16:17 -------- d-----w- c:\users\docs_babe\AppData\Roaming\GaQQHH6dWK7RLgT
2011-11-17 16:17 . 2011-11-17 16:23 -------- d-----w- c:\users\docs_babe\AppData\Roaming\aFFpG5aQJ6dK8RT
2011-11-17 16:17 . 2011-11-17 16:17 -------- d-----w- c:\users\docs_babe\AppData\Roaming\mssQQJ66dE
2011-11-17 16:17 . 2011-11-17 16:17 -------- d-----w- c:\users\docs_babe\AppData\Roaming\D4HsKfLgZYwrOtP
2011-11-17 16:14 . 2011-11-17 16:14 -------- d-----w- c:\users\docs_babe\AppData\Roaming\kvD2onF4mQEg9X
2011-11-17 16:14 . 2011-11-17 16:14 -------- d-----w- c:\users\docs_babe\AppData\Roaming\wnFaH5WJ7EgqXUe
2011-11-17 15:18 . 2011-11-17 15:23 -------- d-----w- c:\users\docs_babe\AppData\Roaming\DeOzzP0yc1v2Fm5
2011-11-17 15:18 . 2011-11-17 15:18 -------- d-----w- c:\users\docs_babe\AppData\Roaming\IJThCUrOtPc1Don
2011-11-17 15:18 . 2011-11-17 15:18 -------- d-----w- c:\users\docs_babe\AppData\Roaming\dyyxAuvvS2oF35J
2011-11-17 15:18 . 2011-11-17 15:23 -------- d-----w- c:\users\docs_babe\AppData\Roaming\PnnnF44pmH5sJdK
2011-11-17 15:18 . 2011-11-17 15:18 -------- d-----w- c:\users\docs_babe\AppData\Roaming\TEELL8ggRZqkelt
2011-11-17 15:18 . 2011-11-17 15:18 -------- d-----w- c:\users\docs_babe\AppData\Roaming\F5ssQJJ7dEKgR9h
2011-11-17 15:15 . 2011-11-17 15:15 -------- d-----w- c:\users\docs_babe\AppData\Roaming\sK7fRL9XqYeIrNA
2011-11-17 15:15 . 2011-11-17 15:15 -------- d-----w- c:\users\docs_babe\AppData\Roaming\GxA0uvS2iFpGaHd
2011-11-15 01:07 . 2011-11-15 01:07 -------- d-----w- c:\users\docs_babe\AppData\Roaming\TzzPPyyA1uS2b3m
2011-11-15 01:07 . 2011-11-15 01:07 -------- d-----w- c:\users\docs_babe\AppData\Roaming\CTTXwjUCelB
2011-11-13 22:00 . 2011-11-13 22:38 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2011-11-13 21:00 . 2011-11-13 21:00 -------- d-----w- c:\users\docs_babe\AppData\Roaming\qiWWK77fEgZYwlb
2011-11-13 21:00 . 2011-11-13 21:00 -------- d-----w- c:\users\docs_babe\AppData\Roaming\XDD33pn4HsK7f9V
2011-11-13 21:00 . 2011-11-13 21:00 -------- d-----w- c:\users\docs_babe\AppData\Roaming\pjCIrOx0c
2011-11-13 20:31 . 2011-11-17 15:14 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-11-13 20:31 . 2011-11-17 15:14 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-11-13 20:06 . 2011-11-13 20:06 -------- d-----w- c:\users\docs_babe\AppData\Roaming\tWW77dEEL8
2011-11-13 20:06 . 2011-11-13 20:06 -------- d-----w- c:\users\docs_babe\AppData\Roaming\kBBtyiiDoFa
2011-11-13 20:06 . 2011-11-13 20:06 -------- d-----w- c:\users\docs_babe\AppData\Roaming\UZqqjYCwkVrOx0
2011-11-13 20:06 . 2011-11-13 20:06 -------- d-----w- c:\users\docs_babe\AppData\Roaming\sFFF3pmG5aQ
2011-11-13 20:06 . 2011-11-13 20:06 -------- d-----w- c:\users\docs_babe\AppData\Roaming\okIBBzzOyxA
2011-11-13 20:06 . 2011-11-13 20:06 -------- d-----w- c:\users\docs_babe\AppData\Roaming\cssK7EL9qjYC
2011-11-13 20:03 . 2011-11-13 20:03 -------- d-----w- c:\users\docs_babe\AppData\Roaming\yQ7dEKgZYjVlzNc
2011-11-13 20:03 . 2011-11-13 20:03 -------- d-----w- c:\users\docs_babe\AppData\Roaming\HQ7dEKgZYjVlzNc
2011-11-13 20:03 . 2011-11-13 20:03 -------- d-----w- c:\users\docs_babe\AppData\Roaming\kLghCVlt0Sv3na5
2011-11-13 19:43 . 2011-11-13 19:43 -------- d-----w- c:\users\docs_babe\AppData\Roaming\TLL99hTqU
2011-11-13 19:43 . 2011-11-13 19:43 -------- d-----w- c:\users\docs_babe\AppData\Roaming\xbbbF3pmG5aJ6W
2011-11-13 19:43 . 2011-11-13 19:43 -------- d-----w- c:\users\docs_babe\AppData\Roaming\tBrrzzPNyxA1vSo
2011-11-13 19:43 . 2011-11-15 01:52 -------- d-----w- c:\users\docs_babe\AppData\Roaming\assQJJ7dEK8gZ9Y
2011-11-13 19:43 . 2011-11-13 19:43 -------- d-----w- c:\users\docs_babe\AppData\Roaming\VkkkUVVelOBzPyc
2011-11-13 19:43 . 2011-11-13 19:43 -------- d-----w- c:\users\docs_babe\AppData\Roaming\dNNtx0uc1iDoGmW
2011-11-13 19:38 . 2011-11-13 19:38 -------- d-----w- c:\users\docs_babe\AppData\Roaming\Vx0ciDna6WKE
2011-11-13 19:38 . 2011-11-13 19:38 -------- d-----w- c:\users\docs_babe\AppData\Roaming\E111D3onGm
2011-11-13 19:38 . 2011-11-13 19:38 -------- d-----w- c:\users\docs_babe\AppData\Roaming\ayAv2b3naHf9X
2011-11-13 19:38 . 2011-11-13 19:38 -------- d-----w- c:\users\docs_babe\AppData\Roaming\rkBNubG6f
2011-11-13 19:38 . 2011-11-13 19:38 -------- d-----w- c:\users\docs_babe\AppData\Roaming\pSbp5Q6KfLhXjeB
2011-11-13 19:38 . 2011-11-13 19:38 -------- d-----w- c:\users\docs_babe\AppData\Roaming\Ap5Q6KfLh
2011-11-13 19:25 . 2011-11-17 15:12 -------- d-----w- c:\programdata\PC Tools
2011-11-13 19:24 . 2011-11-13 19:24 -------- d-----w- c:\program files (x86)\8EA0D
2011-11-13 18:33 . 2011-11-13 18:33 -------- d-----w- c:\users\docs_babe\AppData\Roaming\iSbp56KR9XjCIrN
2011-11-13 18:33 . 2011-11-13 18:33 -------- d-----w- c:\users\docs_babe\AppData\Roaming\WtN12FGJERTwClB
2011-11-13 12:39 . 2011-11-13 12:39 -------- d-----w- c:\users\docs_babe\AppData\Roaming\v8fRL9hTXjeIrOy
2011-11-13 12:39 . 2011-11-13 12:39 -------- d-----w- c:\users\docs_babe\AppData\Roaming\LrzxAuS2oFpGaJW
2011-11-13 12:39 . 2011-11-13 12:39 -------- d-----w- c:\users\docs_babe\AppData\Roaming\JXwjUCeIB
2011-11-13 12:39 . 2011-11-13 12:39 -------- d-----w- c:\users\docs_babe\AppData\Roaming\bL9gTXqjYeIrOt
2011-11-13 12:39 . 2011-11-13 12:39 -------- d-----w- c:\users\docs_babe\AppData\Roaming\d8fRZ9TXwUeIrPx
2011-11-13 12:39 . 2011-11-13 12:39 -------- d-----w- c:\users\docs_babe\AppData\Roaming\d8fRZ9hTXjClBzN
2011-11-13 12:39 . 2011-11-13 12:39 -------- d-----w- c:\users\docs_babe\AppData\Roaming\U5sQJ7dEKgZhXjV
2011-11-13 09:10 . 2011-11-13 09:10 -------- d-----w- c:\users\docs_babe\AppData\Roaming\ZvD2onF4pHsJdKg
2011-11-13 09:10 . 2011-11-13 09:10 -------- d-----w- c:\users\docs_babe\AppData\Roaming\hUVelOBtz0c1
2011-11-13 09:09 . 2011-11-13 09:09 -------- d-----w- c:\users\docs_babe\AppData\Roaming\dkIVrzONtAu2Dna
2011-11-13 08:55 . 2011-11-13 08:55 -------- d-----w- c:\users\docs_babe\AppData\Roaming\wL9gTXqjYeIrOtA
2011-11-13 08:55 . 2011-11-13 08:55 -------- d-----w- c:\users\docs_babe\AppData\Roaming\YvS2ibF3pGaHdKf
2011-11-13 08:32 . 2011-11-13 08:32 -------- d-----w- c:\users\docs_babe\AppData\Roaming\cYCwkUVrlBx0c1v
2011-11-13 08:11 . 2011-11-13 08:11 -------- d-----w- c:\users\docs_babe\AppData\Roaming\eLLL8ggTZqhCwk
2011-11-13 08:11 . 2011-11-13 08:11 -------- d-----w- c:\users\docs_babe\AppData\Roaming\X666sWWJ7f
2011-11-13 07:41 . 2011-11-17 15:09 -------- d-----w- c:\users\docs_babe\AppData\Roaming\Sammsoft
2011-11-13 07:16 . 2011-11-13 07:16 -------- d-----w- c:\users\docs_babe\AppData\Roaming\YjYCekIVrOtAuSi
2011-11-13 07:16 . 2011-11-13 07:16 -------- d-----w- c:\users\docs_babe\AppData\Roaming\wD3pnG4aQ6W7E
2011-11-13 05:12 . 2011-11-13 05:12 -------- d-----w- c:\users\docs_babe\AppData\Roaming\XYXwwUUelIBzNyA
2011-11-13 05:12 . 2011-11-13 05:12 -------- d-----w- c:\users\docs_babe\AppData\Roaming\x4pmm55QJ7dKgZ9
2011-11-13 01:02 . 2011-11-13 01:02 102400 ----a-w- c:\users\docs_babe\AppData\Roaming\Microsoft\2262\E28C.tmp
2011-11-13 01:01 . 2011-11-15 01:53 -------- d-----w- c:\users\docs_babe\AppData\Roaming\8EA0D
2011-11-13 01:01 . 2011-11-13 01:01 -------- d-----w- c:\users\docs_babe\AppData\Roaming\YaaQQJ66dW
2011-11-13 01:01 . 2011-11-13 01:01 -------- d-----w- c:\users\docs_babe\AppData\Roaming\cNNNyxxA1uS2b3m
2011-11-13 01:01 . 2011-11-13 01:01 -------- d-----w- c:\users\docs_babe\AppData\Roaming\HK77LqYkVtAc2D
2011-11-13 01:01 . 2011-11-13 01:01 -------- d-----w- c:\users\docs_babe\AppData\Roaming\PSS11ibDon4aHs
2011-11-13 01:01 . 2011-11-13 01:01 -------- d-----w- c:\users\docs_babe\AppData\Roaming\S777fEEL9gTqj
2011-11-11 12:55 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5914221-D7C7-48A1-B398-86B164B596BF}\mpengine.dll
2011-11-09 15:58 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 15:58 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:57 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:57 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 18:31 . 2011-11-07 18:31 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-10-28 08:24 . 2011-10-28 08:24 -------- d-----w- c:\users\docs_babe\AppData\Roaming\AnvSoft
2011-10-28 08:24 . 2011-10-28 08:24 -------- d-----w- c:\program files (x86)\AnvSoft
2011-10-26 17:12 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 17:12 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 10:21 . 2011-10-17 10:21 0 ----a-w- c:\windows\SysWow64\sho237.tmp
2011-10-12 02:00 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-10 18:55 . 2011-10-10 18:55 18944 ----a-r- c:\users\docs_babe\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-10-01 03:21 . 2011-10-11 19:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-11 19:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:40 . 2011-10-11 19:47 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:40 . 2011-10-11 19:47 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:43 . 2011-10-11 19:47 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-11 19:47 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-20 05:45 . 2011-10-11 19:49 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 05:41 . 2011-10-11 19:49 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-20 04:38 . 2011-10-11 19:49 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-08-20 04:35 . 2011-10-11 19:49 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-20 04:20 . 2011-10-11 19:49 482816 ----a-w- c:\windows\system32\html.iec
2011-08-20 03:26 . 2011-10-11 19:49 386048 ----a-w- c:\windows\SysWow64\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-08-19 16:45 790304 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Linkury Chrome Smartbar"="c:\program files (x86)\Linkury\Linkury.exe" [2011-09-25 103224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-09-26 19554952]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-10 1176064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-12 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"R99gTqqYCekVzNx8234A"="c:\users\docs_babe\AppData\Roaming\okIBBzzOyxA\AV Security 2012v121.exe" [2011-11-13 2940416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-12 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2138382880-4281427160-2979675762-1001Core.job
- c:\users\docs_babe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 01:24]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2138382880-4281427160-2979675762-1001UA.job
- c:\users\docs_babe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 01:24]
.
2011-11-10 c:\windows\Tasks\HPCeeScheduleFordocs_babe.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2011-11-17 c:\windows\Tasks\HPCeeScheduleForWIN-LR7E2N8LO2K$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"combofix"="c:\combofix\CF5913.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:54869
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{8A86D350-37AB-410A-8531-7D1363F317B3} - c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
Wow6432Node-HKCU-Run-SQ6K9TjCkrOtPcb - c:\users\docs_babe\AppData\Roaming\dwme.exe
Wow6432Node-HKCU-Run-ZucS2ibD3n4Q - c:\users\docs_babe\AppData\Roaming\dwme.exe
Wow6432Node-HKCU-Run-ZzPNx1So3GQd8LT - c:\users\docs_babe\AppData\Roaming\dwme.exe
Wow6432Node-HKCU-Run-uqYrlOx0cbnmsJf - c:\users\docs_babe\AppData\Roaming\dwme.exe
Wow6432Node-HKCU-Run-7D7.exe - c:\users\docs_babe\AppData\Roaming\Microsoft\2262\7D7.exe
Wow6432Node-HKLM-Run-EucS1ibD3n4m6W78234A - c:\windows\system32\AV Security 2012v121.exe
Wow6432Node-HKLM-Run-DF4amH5sW7E8RqY - c:\users\docs_babe\AppData\Roaming\dwme.exe
Wow6432Node-HKLM-Run-OibF3pnG5Q6W7R98234A - c:\windows\system32\AV Security 2012v121.exe
Wow6432Node-HKLM-Run-aKEgqCIlt0Sbo4H - c:\users\docs_babe\AppData\Roaming\dwme.exe
Wow6432Node-HKLM-Run-K3ppnG5aQHW7fL98234A - c:\windows\system32\AV Security 2012v121.exe
Wow6432Node-HKLM-Run-cgggTTZCwUVlBx0 - c:\users\docs_babe\AppData\Roaming\dwme.exe
Wow6432Node-HKLM-Run-OFF33pmGG5 - c:\users\docs_babe\AppData\Roaming\dwme.exe
Wow6432Node-HKLM-Run-oBrrzA2inaHdW7R8234A - c:\windows\system32\AV Security 2012v121.exe
Wow6432Node-HKLM-Run-ikIVVllOtx - c:\users\docs_babe\AppData\Roaming\dwme.exe
Wow6432Node-HKLM-Run-HsssWWJ7fghYwVO - c:\users\docs_babe\AppData\Roaming\dwme.exe
Wow6432Node-HKLM-Run-7D7.exe - c:\program files (x86)\LP\2262\7D7.exe
Wow6432Node-HKLM-Run-iONNA0uuvS2bFpG8234A - c:\windows\system32\AV Security 2012v121.exe
Wow6432Node-HKLM-Run-sFp5Q66EKfRZTw8234A - c:\users\docs_babe\AppData\Roaming\PnnnF44pmH5sJdK\AV Security 2012v121.exe
Wow6432Node-HKLM-Run-P22oobF4pmG5QJ8234A - c:\windows\system32\AV Security 2012v121.exe
Wow6432Node-HKLM-Run-KccSSbna6WEgZYw - c:\users\docs_babe\AppData\Roaming\dwme.exe
Wow6432Node-HKLM-Run-vvvSS2ibF38234A - c:\users\docs_babe\AppData\Roaming\aFFpG5aQJ6dK8RT\AV Security 2012v121.exe
Wow6432Node-HKLM-Run-zqjjYYCekI - c:\users\docs_babe\AppData\Roaming\dwme.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2011-11-17 09:16:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-17 17:16
.
Pre-Run: 192,201,838,592 bytes free
Post-Run: 191,683,571,712 bytes free
.
- - End Of File - - 19D20387C17C6E130721BD9257FDB366

Everything seems to be running fine. I want to thank you so much for your help :)
Docs_babe2007
docs_babe2007
Active Member
 
Posts: 8
Joined: November 13th, 2011, 5:15 pm

Re: AV security 2012

Unread postby mambass » November 18th, 2011, 2:07 pm

Hi docs_babe2007,

docs_babe2007 wrote:Everything seems to be running fine. I want to thank you so much for your help :)
You're welcome and thank you for your patience. :)

But stay with me here. There are still a number of things that need to be cleaned up and a few more scans to see what else may have been left behind.

  1. Question concerning ProxyServer
    Can you please let me know if you established the ProxyServer identified in the following log entry?
    Code: Select all
     uInternet Settings,ProxyServer = http=127.0.0.1:54869 

  2. ComboFix is in the wrong location
    Please move ComboFix from your downloads directory (c:\users\docs_babe\Downloads) to your Desktop. It's necessary that we run ComboFix from the desktop.


  3. ComboFix - CFScript
    This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
    You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
    1. Please open Notepad and copy/paste all the text below... into the window:
      Code: Select all
      File::
      c:\windows\SysWow64\sho237.tmp
      c:\Users\docs_babe\AppData\Roaming\ldr.ini
      
       Folder::
      c:\users\docs_babe\AppData\Roaming\s4aQH6sWKfLgZjC
      c:\users\docs_babe\AppData\Roaming\HIVrzONtx0c2b3n
      c:\users\docs_babe\AppData\Roaming\ncSS1ivD3onFam5
      c:\users\docs_babe\AppData\Roaming\gqqhYCCwkUlBtx0
      c:\users\docs_babe\AppData\Roaming\GaQQHH6dWK7RLgT
      c:\users\docs_babe\AppData\Roaming\aFFpG5aQJ6dK8RT
      c:\users\docs_babe\AppData\Roaming\mssQQJ66dE
      c:\users\docs_babe\AppData\Roaming\D4HsKfLgZYwrOtP
      c:\users\docs_babe\AppData\Roaming\kvD2onF4mQEg9X
      c:\users\docs_babe\AppData\Roaming\wnFaH5WJ7EgqXUe
      c:\users\docs_babe\AppData\Roaming\DeOzzP0yc1v2Fm5
      c:\users\docs_babe\AppData\Roaming\IJThCUrOtPc1Don
      c:\users\docs_babe\AppData\Roaming\dyyxAuvvS2oF35J
      c:\users\docs_babe\AppData\Roaming\PnnnF44pmH5sJdK
      c:\users\docs_babe\AppData\Roaming\TEELL8ggRZqkelt
      c:\users\docs_babe\AppData\Roaming\F5ssQJJ7dEKgR9h
      c:\users\docs_babe\AppData\Roaming\sK7fRL9XqYeIrNA
      c:\users\docs_babe\AppData\Roaming\GxA0uvS2iFpGaHd
      c:\users\docs_babe\AppData\Roaming\TzzPPyyA1uS2b3m
      c:\users\docs_babe\AppData\Roaming\CTTXwjUCelB
      c:\users\docs_babe\AppData\Roaming\qiWWK77fEgZYwlb
      c:\users\docs_babe\AppData\Roaming\XDD33pn4HsK7f9V
      c:\users\docs_babe\AppData\Roaming\tWW77dEEL8
      c:\users\docs_babe\AppData\Roaming\kBBtyiiDoFa
      c:\users\docs_babe\AppData\Roaming\UZqqjYCwkVrOx0
      c:\users\docs_babe\AppData\Roaming\sFFF3pmG5aQ
      c:\users\docs_babe\AppData\Roaming\okIBBzzOyxA
      c:\users\docs_babe\AppData\Roaming\cssK7EL9qjYC
      c:\users\docs_babe\AppData\Roaming\yQ7dEKgZYjVlzNc
      c:\users\docs_babe\AppData\Roaming\HQ7dEKgZYjVlzNc
      c:\users\docs_babe\AppData\Roaming\kLghCVlt0Sv3na5
      c:\users\docs_babe\AppData\Roaming\TLL99hTqU
      c:\users\docs_babe\AppData\Roaming\xbbbF3pmG5aJ6W
      c:\users\docs_babe\AppData\Roaming\tBrrzzPNyxA1vSo
      c:\users\docs_babe\AppData\Roaming\assQJJ7dEK8gZ9Y
      c:\users\docs_babe\AppData\Roaming\VkkkUVVelOBzPyc
      c:\users\docs_babe\AppData\Roaming\dNNtx0uc1iDoGmW
      c:\users\docs_babe\AppData\Roaming\Vx0ciDna6WKE
      c:\users\docs_babe\AppData\Roaming\E111D3onGm
      c:\users\docs_babe\AppData\Roaming\ayAv2b3naHf9X
      c:\users\docs_babe\AppData\Roaming\rkBNubG6f
      c:\users\docs_babe\AppData\Roaming\pSbp5Q6KfLhXjeB
      c:\users\docs_babe\AppData\Roaming\Ap5Q6KfLh
      c:\users\docs_babe\AppData\Roaming\iSbp56KR9XjCIrN
      c:\users\docs_babe\AppData\Roaming\WtN12FGJERTwClB
      c:\users\docs_babe\AppData\Roaming\v8fRL9hTXjeIrOy
      c:\users\docs_babe\AppData\Roaming\LrzxAuS2oFpGaJW
      c:\users\docs_babe\AppData\Roaming\JXwjUCeIB
      c:\users\docs_babe\AppData\Roaming\bL9gTXqjYeIrOt
      c:\users\docs_babe\AppData\Roaming\d8fRZ9TXwUeIrPx
      c:\users\docs_babe\AppData\Roaming\d8fRZ9hTXjClBzN
      c:\users\docs_babe\AppData\Roaming\U5sQJ7dEKgZhXjV
      c:\users\docs_babe\AppData\Roaming\ZvD2onF4pHsJdKg
      c:\users\docs_babe\AppData\Roaming\hUVelOBtz0c1
      c:\users\docs_babe\AppData\Roaming\dkIVrzONtAu2Dna
      c:\users\docs_babe\AppData\Roaming\wL9gTXqjYeIrOtA
      c:\users\docs_babe\AppData\Roaming\YvS2ibF3pGaHdKf
      c:\users\docs_babe\AppData\Roaming\cYCwkUVrlBx0c1v
      c:\users\docs_babe\AppData\Roaming\eLLL8ggTZqhCwk
      c:\users\docs_babe\AppData\Roaming\X666sWWJ7f
      c:\users\docs_babe\AppData\Roaming\YjYCekIVrOtAuSi
      c:\users\docs_babe\AppData\Roaming\wD3pnG4aQ6W7E
      c:\users\docs_babe\AppData\Roaming\XYXwwUUelIBzNyA
      c:\users\docs_babe\AppData\Roaming\x4pmm55QJ7dKgZ9
      c:\users\docs_babe\AppData\Roaming\YaaQQJ66dW
      c:\users\docs_babe\AppData\Roaming\cNNNyxxA1uS2b3m
      c:\users\docs_babe\AppData\Roaming\HK77LqYkVtAc2D
      c:\users\docs_babe\AppData\Roaming\PSS11ibDon4aHs
      c:\users\docs_babe\AppData\Roaming\S777fEEL9gTqj
      c:\program files (x86)\8EA0D
      c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
      
       Registry::
      [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
      
      [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "R99gTqqYCekVzNx8234A"=-
       
    2. Save it to your desktop as CFScript.txt
    3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
      *Only* when the 2 items above (Step 3) have been taken care of...
    4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
      Image
      This will cause ComboFix to run again.
      Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
      Do Not touch your computer when ComboFix is running!
    5. When finished ComboFix will create a log file... you can save this file to a convenient place.
    Please copy/paste the ComboFix log file in your next reply.


  4. Download and run DDS
    Now that the AV Security 2012 infection has been removed, please download and run DDS per the instructions here and post the DDS.txt and Attach.txt logs in your reply.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. Your response concerning the ProxyServer entry.
  3. The contents of the ComboFix log.
  4. The contents of the DDS.txt and Attach.txt logs
  5. After posting your reply message, please verify that the last line of the last report is present in the post. If any log is cut off then please post the logs in sections.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: AV security 2012

Unread postby docs_babe2007 » November 19th, 2011, 3:51 am

I got a warning saying that I have spydoctor installed. When I tried to find/locate it, I cant. I am not sure what or where the file is.

I dont know what that proxyserver is. Or anything about it.

ComboFix 11-11-19.01 - docs_babe 11/18/2011 23:12:52.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1643.538 [GMT -8:00]
Running from: c:\users\docs_babe\Desktop\ComboFix.exe
Command switches used :: c:\users\docs_babe\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\docs_babe\AppData\Roaming\ldr.ini"
"c:\windows\SysWow64\sho237.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\8EA0D
c:\program files (x86)\8EA0D\lvvm.exe
c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}\0x0409.ini
c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}\HP Support Assistant.msi
c:\users\docs_babe\AppData\Roaming\aFFpG5aQJ6dK8RT
c:\users\docs_babe\AppData\Roaming\Ap5Q6KfLh
c:\users\docs_babe\AppData\Roaming\assQJJ7dEK8gZ9Y
c:\users\docs_babe\AppData\Roaming\ayAv2b3naHf9X
c:\users\docs_babe\AppData\Roaming\ayAv2b3naHf9X\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\bL9gTXqjYeIrOt
c:\users\docs_babe\AppData\Roaming\cNNNyxxA1uS2b3m
c:\users\docs_babe\AppData\Roaming\cssK7EL9qjYC
c:\users\docs_babe\AppData\Roaming\CTTXwjUCelB
c:\users\docs_babe\AppData\Roaming\cYCwkUVrlBx0c1v
c:\users\docs_babe\AppData\Roaming\D4HsKfLgZYwrOtP
c:\users\docs_babe\AppData\Roaming\d8fRZ9hTXjClBzN
c:\users\docs_babe\AppData\Roaming\d8fRZ9hTXjClBzN\AV Security 2012v121.exe
c:\users\docs_babe\AppData\Roaming\d8fRZ9TXwUeIrPx
c:\users\docs_babe\AppData\Roaming\d8fRZ9TXwUeIrPx\AV Security 2012v121.exe
c:\users\docs_babe\AppData\Roaming\DeOzzP0yc1v2Fm5
c:\users\docs_babe\AppData\Roaming\dkIVrzONtAu2Dna
c:\users\docs_babe\AppData\Roaming\dNNtx0uc1iDoGmW
c:\users\docs_babe\AppData\Roaming\dyyxAuvvS2oF35J
c:\users\docs_babe\AppData\Roaming\E111D3onGm
c:\users\docs_babe\AppData\Roaming\E111D3onGm\AV Security 2012v121.exe
c:\users\docs_babe\AppData\Roaming\eLLL8ggTZqhCwk
c:\users\docs_babe\AppData\Roaming\eLLL8ggTZqhCwk\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\F5ssQJJ7dEKgR9h
c:\users\docs_babe\AppData\Roaming\GaQQHH6dWK7RLgT
c:\users\docs_babe\AppData\Roaming\gqqhYCCwkUlBtx0
c:\users\docs_babe\AppData\Roaming\GxA0uvS2iFpGaHd
c:\users\docs_babe\AppData\Roaming\HIVrzONtx0c2b3n
c:\users\docs_babe\AppData\Roaming\HK77LqYkVtAc2D
c:\users\docs_babe\AppData\Roaming\HQ7dEKgZYjVlzNc
c:\users\docs_babe\AppData\Roaming\hUVelOBtz0c1
c:\users\docs_babe\AppData\Roaming\IJThCUrOtPc1Don
c:\users\docs_babe\AppData\Roaming\iSbp56KR9XjCIrN
c:\users\docs_babe\AppData\Roaming\iSbp56KR9XjCIrN\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\JXwjUCeIB
c:\users\docs_babe\AppData\Roaming\kBBtyiiDoFa
c:\users\docs_babe\AppData\Roaming\kLghCVlt0Sv3na5
c:\users\docs_babe\AppData\Roaming\kvD2onF4mQEg9X
c:\users\docs_babe\AppData\Roaming\kvD2onF4mQEg9X\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\ldr.ini
c:\users\docs_babe\AppData\Roaming\LrzxAuS2oFpGaJW
c:\users\docs_babe\AppData\Roaming\mssQQJ66dE
c:\users\docs_babe\AppData\Roaming\ncSS1ivD3onFam5
c:\users\docs_babe\AppData\Roaming\okIBBzzOyxA
c:\users\docs_babe\AppData\Roaming\PnnnF44pmH5sJdK
c:\users\docs_babe\AppData\Roaming\pSbp5Q6KfLhXjeB
c:\users\docs_babe\AppData\Roaming\PSS11ibDon4aHs
c:\users\docs_babe\AppData\Roaming\PSS11ibDon4aHs\AV Security 2012v121.exe
c:\users\docs_babe\AppData\Roaming\qiWWK77fEgZYwlb
c:\users\docs_babe\AppData\Roaming\rkBNubG6f
c:\users\docs_babe\AppData\Roaming\s4aQH6sWKfLgZjC
c:\users\docs_babe\AppData\Roaming\S777fEEL9gTqj
c:\users\docs_babe\AppData\Roaming\sFFF3pmG5aQ
c:\users\docs_babe\AppData\Roaming\sK7fRL9XqYeIrNA
c:\users\docs_babe\AppData\Roaming\sK7fRL9XqYeIrNA\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\tBrrzzPNyxA1vSo
c:\users\docs_babe\AppData\Roaming\TEELL8ggRZqkelt
c:\users\docs_babe\AppData\Roaming\TLL99hTqU
c:\users\docs_babe\AppData\Roaming\TLL99hTqU\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\tWW77dEEL8
c:\users\docs_babe\AppData\Roaming\tWW77dEEL8\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\TzzPPyyA1uS2b3m
c:\users\docs_babe\AppData\Roaming\TzzPPyyA1uS2b3m\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\U5sQJ7dEKgZhXjV
c:\users\docs_babe\AppData\Roaming\UZqqjYCwkVrOx0
c:\users\docs_babe\AppData\Roaming\v8fRL9hTXjeIrOy
c:\users\docs_babe\AppData\Roaming\v8fRL9hTXjeIrOy\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\VkkkUVVelOBzPyc
c:\users\docs_babe\AppData\Roaming\Vx0ciDna6WKE
c:\users\docs_babe\AppData\Roaming\wD3pnG4aQ6W7E
c:\users\docs_babe\AppData\Roaming\wD3pnG4aQ6W7E\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\wL9gTXqjYeIrOtA
c:\users\docs_babe\AppData\Roaming\wnFaH5WJ7EgqXUe
c:\users\docs_babe\AppData\Roaming\WtN12FGJERTwClB
c:\users\docs_babe\AppData\Roaming\x4pmm55QJ7dKgZ9
c:\users\docs_babe\AppData\Roaming\X666sWWJ7f
c:\users\docs_babe\AppData\Roaming\xbbbF3pmG5aJ6W
c:\users\docs_babe\AppData\Roaming\XDD33pn4HsK7f9V
c:\users\docs_babe\AppData\Roaming\XDD33pn4HsK7f9V\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\XYXwwUUelIBzNyA
c:\users\docs_babe\AppData\Roaming\XYXwwUUelIBzNyA\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\YaaQQJ66dW
c:\users\docs_babe\AppData\Roaming\YaaQQJ66dW\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\YjYCekIVrOtAuSi
c:\users\docs_babe\AppData\Roaming\yQ7dEKgZYjVlzNc
c:\users\docs_babe\AppData\Roaming\yQ7dEKgZYjVlzNc\AV Security 2012.ico
c:\users\docs_babe\AppData\Roaming\YvS2ibF3pGaHdKf
c:\users\docs_babe\AppData\Roaming\ZvD2onF4pHsJdKg
c:\users\docs_babe\AppData\Roaming\ZvD2onF4pHsJdKg\AV Security 2012.ico
c:\windows\SysWow64\sho237.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 07:26 . 2011-11-19 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-17 17:28 . 2011-11-17 17:28 -------- d-----w- c:\users\docs_babe\AppData\Roaming\Malwarebytes
2011-11-17 17:28 . 2011-11-17 17:28 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 17:28 . 2011-11-17 17:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-17 17:28 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 16:18 . 2011-11-17 16:18 127 ----a-w- c:\users\docs_babe\AppData\Roaming\Microsoft\2262\bl303905_64.bat
2011-11-13 22:00 . 2011-11-13 22:38 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2011-11-13 21:00 . 2011-11-13 21:00 -------- d-----w- c:\users\docs_babe\AppData\Roaming\pjCIrOx0c
2011-11-13 20:31 . 2011-11-17 15:14 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-11-13 20:31 . 2011-11-17 15:14 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-11-13 19:25 . 2011-11-17 15:12 -------- d-----w- c:\programdata\PC Tools
2011-11-13 07:41 . 2011-11-17 15:09 -------- d-----w- c:\users\docs_babe\AppData\Roaming\Sammsoft
2011-11-13 01:02 . 2011-11-13 01:02 102400 ----a-w- c:\users\docs_babe\AppData\Roaming\Microsoft\2262\E28C.tmp
2011-11-13 01:01 . 2011-11-15 01:53 -------- d-----w- c:\users\docs_babe\AppData\Roaming\8EA0D
2011-11-11 12:55 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5914221-D7C7-48A1-B398-86B164B596BF}\mpengine.dll
2011-11-09 15:58 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 15:58 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:57 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:57 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-10-28 08:24 . 2011-10-28 08:24 -------- d-----w- c:\users\docs_babe\AppData\Roaming\AnvSoft
2011-10-28 08:24 . 2011-10-28 08:24 -------- d-----w- c:\program files (x86)\AnvSoft
2011-10-26 17:12 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 17:12 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 02:00 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-10 18:55 . 2011-10-10 18:55 18944 ----a-r- c:\users\docs_babe\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-10-01 03:21 . 2011-10-11 19:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-11 19:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:40 . 2011-10-11 19:47 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:40 . 2011-10-11 19:47 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:43 . 2011-10-11 19:47 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-11 19:47 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-17_17.07.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-05 19:05 . 2011-11-19 07:29 35728 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-19 07:29 42170 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-09 22:17 . 2011-11-19 07:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 22:17 . 2011-11-17 17:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 22:17 . 2011-11-17 17:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-09 22:17 . 2011-11-19 07:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-09 22:17 . 2011-11-17 17:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-09 22:17 . 2011-11-19 07:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-09 21:50 . 2011-11-19 07:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 21:50 . 2011-11-17 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 21:50 . 2011-11-17 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-09 21:50 . 2011-11-19 07:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-15 18:19 . 2011-11-17 15:13 5548 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-15 18:19 . 2011-11-19 06:33 5548 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-09 21:51 . 2011-11-19 07:29 6622 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2138382880-4281427160-2979675762-1001_UserData.bin
- 2011-11-17 16:59 . 2011-11-17 16:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-19 07:27 . 2011-11-19 07:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-19 07:27 . 2011-11-19 07:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-17 16:59 . 2011-11-17 16:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-11-17 16:59 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-19 07:27 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-10 03:51 . 2011-11-19 05:33 161948 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 05:01 . 2011-11-17 16:58 230084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-19 07:26 230084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2011-11-19 07:27 2605056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-17 16:59 2605056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-19 07:27 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-17 16:59 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2011-11-19 06:51 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-11-17 15:29 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-04-27 02:21 . 2011-11-17 15:14 3007056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-27 02:21 . 2011-11-19 06:33 3007056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8A86D350-37AB-410A-8531-7D1363F317B3}]
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Linkury Chrome Smartbar"="c:\program files (x86)\Linkury\Linkury.exe" [2011-09-25 103224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-09-26 19554952]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-10 1176064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-12 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-12 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2138382880-4281427160-2979675762-1001Core.job
- c:\users\docs_babe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 01:24]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2138382880-4281427160-2979675762-1001UA.job
- c:\users\docs_babe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 01:24]
.
2011-11-10 c:\windows\Tasks\HPCeeScheduleFordocs_babe.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2011-11-19 c:\windows\Tasks\HPCeeScheduleForWIN-LR7E2N8LO2K$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:54869
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2011-11-18 23:36:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-19 07:36
ComboFix2.txt 2011-11-19 06:44
ComboFix3.txt 2011-11-17 17:16
.
Pre-Run: 191,812,902,912 bytes free
Post-Run: 191,760,384,000 bytes free
.
- - End Of File - - 837AADC63966152EDC1270A533093199



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by docs_babe at 23:46:03 on 2011-11-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1643.497 [GMT -8:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\docs_babe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=127.0.0.1:54869
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Linkury Chrome Smartbar] C:\Program Files (x86)\Linkury\Linkury.exe startup
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{89B2165E-3F3B-403E-AFDE-A21F962A4710} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{89B2165E-3F3B-403E-AFDE-A21F962A4710}\2456C6B696E6F5E4B2F5140373635383 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{F814DF4C-6240-4401-8B93-60F2F568F426} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-X64: Fantapper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-26 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-11 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-17 17:28:58 -------- d-----w- C:\Users\docs_babe\AppData\Roaming\Malwarebytes
2011-11-17 17:28:45 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-17 17:28:42 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-17 17:28:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-17 16:18:21 127 ----a-w- C:\Users\docs_babe\AppData\Roaming\Microsoft\2262\bl303905_64.bat
2011-11-17 15:33:30 98816 ----a-w- C:\Windows\sed.exe
2011-11-17 15:33:30 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-17 15:33:30 256000 ----a-w- C:\Windows\PEV.exe
2011-11-17 15:33:30 208896 ----a-w- C:\Windows\MBR.exe
2011-11-13 22:00:58 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
2011-11-13 21:00:53 -------- d-----w- C:\Users\docs_babe\AppData\Roaming\pjCIrOx0c
2011-11-13 20:31:52 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-11-13 20:31:52 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-11-13 19:25:17 -------- d-----w- C:\ProgramData\PC Tools
2011-11-13 07:41:47 -------- d-----w- C:\Users\docs_babe\AppData\Roaming\Sammsoft
2011-11-13 01:02:01 102400 ----a-w- C:\Users\docs_babe\AppData\Roaming\Microsoft\2262\E28C.tmp
2011-11-13 01:01:56 -------- d-----w- C:\Users\docs_babe\AppData\Roaming\8EA0D
2011-11-11 12:55:33 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5914221-D7C7-48A1-B398-86B164B596BF}\mpengine.dll
2011-11-09 15:58:20 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 15:58:20 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 15:57:57 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 15:57:53 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-10-28 08:24:37 -------- d-----w- C:\Users\docs_babe\AppData\Roaming\AnvSoft
2011-10-28 08:24:01 -------- d-----w- C:\Program Files (x86)\AnvSoft
2011-10-28 04:51:58 -------- d-----w- C:\Users\docs_babe\AppData\Local\{FDEE99FC-3DCC-463A-95B3-9B4A11D0F649}
2011-10-28 04:51:42 -------- d-----w- C:\Users\docs_babe\AppData\Local\{7AFBFBA4-B6A7-413B-A7D9-A686F5A82769}
2011-10-26 17:12:55 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 17:12:55 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 23:46:58.93 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/9/2011 2:49:29 PM
System Uptime: 11/18/2011 11:27:08 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3577
Processor: AMD C-50 Processor | Socket FT1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 178.651 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.863 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 11/7/2011 10:22:43 AM - HPSF Applying updates
RP22: 11/7/2011 10:32:22 AM - Installed HP Support Assistant
RP23: 11/7/2011 10:41:05 AM - Windows Modules Installer
RP24: 11/7/2011 10:43:14 AM - Windows Modules Installer
RP25: 11/8/2011 7:06:21 AM - Windows Update
RP26: 11/11/2011 3:00:20 AM - Windows Update
RP27: 11/11/2011 4:53:50 AM - Windows Update
RP28: 11/12/2011 3:00:12 AM - Windows Update
RP30: 11/12/2011 5:25:05 PM - Windows Defender Checkpoint
RP31: 11/12/2011 11:24:01 PM - SLOW-PCfighter (64-bit) Backup
RP33: 11/12/2011 11:34:08 PM - PC Optimizer Pro64 Backup
RP34: 11/12/2011 11:40:06 PM - ARO 2011 - Before Installation
RP35: 11/12/2011 11:41:53 PM - ARO 2011 - FIRST RUN
RP36: 11/12/2011 11:57:25 PM - ARO 2011 Sat, Nov 12, 11 23:57
RP37: 11/13/2011 12:07:38 AM - ARO 2011 - Before Optimize
RP38: 11/13/2011 12:12:40 AM - Removed WeatherBug
RP39: 11/13/2011 12:19:05 AM - Removed WeatherBug
RP40: 11/13/2011 12:38:02 AM - Removed Blio
RP41: 11/13/2011 12:52:04 AM - ARO 2011- Before One Click
RP42: 11/17/2011 7:04:33 AM - Before malware removal
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Any Video Converter 3.3.0
ASPCA Tri Reminder by We-Care.com v4.0.12.5
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Community Smartbar
Compaq Setup Manager
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Fantapper Player
Farm Frenzy
FATE
Final Drive Nitro
Google Chrome
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.1.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
InstaCodecs
InstallIQ Updater
Java Auto Updater
Java(TM) 6 Update 27
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Penguins!
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype™ 5.5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/18/2011 11:30:17 PM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.
11/18/2011 11:30:17 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.
11/18/2011 11:26:33 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/18/2011 11:24:41 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/18/2011 10:37:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
11/18/2011 10:37:54 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/17/2011 8:44:12 AM, Error: Service Control Manager [7034] - The Fantapper Player Update Service service terminated unexpectedly. It has done this 1 time(s).
11/17/2011 8:42:29 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
11/17/2011 7:16:12 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
11/17/2011 7:15:04 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
11/17/2011 7:15:04 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
11/17/2011 7:12:07 AM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
11/16/2011 9:54:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
11/16/2011 2:44:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sdCoreService service.
11/14/2011 5:08:45 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: After starting, the service hung in a start-pending state.
11/14/2011 5:08:42 PM, Error: Service Control Manager [7022] - The Application Virtualization Client service hung on starting.
11/13/2011 4:47:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
11/13/2011 12:51:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/13/2011 12:49:54 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/13/2011 12:49:54 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/13/2011 12:49:54 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/13/2011 12:49:54 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/13/2011 12:19:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/13/2011 12:16:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2011 12:16:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/13/2011 12:16:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/13/2011 12:16:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2011 12:16:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/13/2011 12:16:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
11/13/2011 12:16:35 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2011 11:35:33 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2011 1:46:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RoxioNow Service service.
.
==== End Of File ===========================
docs_babe2007
Active Member
 
Posts: 8
Joined: November 13th, 2011, 5:15 pm

Re: AV security 2012

Unread postby mambass » November 20th, 2011, 7:16 am

Hi docs_babe2007,

Thank you for the logs. :)

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Create a System Restore Point – Windows 7

    1. Click Start and then right-click My Computer and select Properties in the popup menu. The System window will open.
    2. Click System Protection in the left pane. The System Properties dialog will open with the System Protection tab selected which contains a button labeled Create… .
    3. Click the Create… button. A dialog will open containing a text box where a description of the restore point can be entered.
    4. Type "Before uninstalling software" in the text box and then click the Create button. The restore point will be created after which a message will be displayed stating The restore point was created successfully..
    5. Click the Close button to close the message dialog.
    6. Click the OK button to close the System Properties dialog.
    7. Close the System window.

      Important: If you have NOT successfully created a System Restore Point then do not go any further but instead post back so that we can determine why it was unsuccessful.



  2. Uninstall Programs

    1. Click Start > All Programs > Accessories > Run. The Run window will be displayed.
    2. Type appwiz.cpl in the Run window's textbox and click the OK button. The Uninstall or change a program window will be displayed.
    3. Close all windows/applications other than the Uninstall or change a program window.
    4. For each of the following applications that you can find in the list of applications displayed in the Uninstall or change a program window (some may not be present):

      Fantapper Player
      Java Auto Updater
      Java(TM) 6 Update 27

      1. Find and click the application's entry. The entry will become highlighted and an Uninstall button will appear above the list of applications.
        • If the entry cannot be found then move on to the next entry in the list
      2. Click the Uninstall button to begin the removal process.
      3. Carefully read any questions asked by the Uninstaller. Some questions may be worded to deceive you into not removing the program.
      4. Repeat these steps for the next entry in the list of applications to be removed until they have all been removed.
        • Be careful to only remove the applications shown above.

    5. Close the Uninstall or change a program window.


  3. Reboot (restart) your computer


  4. ComboFix - CFScript
    This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
    You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
    1. Please open Notepad and copy/paste all the text below... into the window:
      Code: Select all
      DeQuarantine::
      C:\Qoobox\Quarantine\C\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
      C:\Qoobox\Quarantine\C\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}\0x0409.ini
      C:\Qoobox\Quarantine\C\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}\HP Support Assistant.msi
      
      Folder::
      c:\users\docs_babe\AppData\Roaming\pjCIrOx0c 
      c:\users\docs_babe\AppData\Roaming\8EA0D
      c:\program files (x86)\Yontoo Layers Runtime
      C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player 
      
       DDS::  
      uInternet Settings,ProxyServer = http=127.0.0.1:54869
      BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
      TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
       mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
      DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
      BHO-X64: AcroIEHelperStub - No File
      BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
      BHO-X64: Fantapper - No File
      BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
      TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File 
       
    2. Save it to your desktop as CFScript.txt
    3. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
      Image
      This will cause ComboFix to run again.
      Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
      Do Not touch your computer when ComboFix is running!
    4. When finished ComboFix will create 2 log files (ComboFix.txt and DeQuarantine_log.txt... you can save these files to a convenient place.
    Please copy/paste the 2 ComboFix log files in your next reply.



  5. Update JAVA
    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your computer. Keeping Java up-to-date is highly recommended.

    1. Click here to display the Java SE Downloads page.
    2. Find the area labeled Java SE 7u1 and then click the JRE Download button to the far right. The Java SE Runtime Environment 7 Downloads page will be displayed.
    3. Click the Accept License Agreement radio button.
    4. Find the table entry for Windows x86 Offline, then click the Download link to the right labeled jre-7u1-windows-i586.exe and save the download to your Desktop.
    5. Close all windows/applications. There should be no application tabs displayed at the bottom of your screen.
    6. Right-click the jre-7u1-windows-i586.exe icon on your Desktop and select Run As Administrator in the popup menu to run the Java installer and then follow the prompts until Java has been successfully installed.
    7. Delete file jre-7u1-windows-i586.exe on your Desktop


  6. Security Check

    1. Click here or here to download Security Check by screen317 and save it to your Desktop.
    2. Right-click the Security Check icon on your Desktop, select Run As Administrator in the popup menu and follow the onscreen instructions inside of the black box. Upon completion a Notepad window will open with the report.
    3. Copy the results from the Notepad window and paste them in your reply.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the ComboFix.txt and DeQuarantine_log.txt logs.
  3. The contents of the Security Check report.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: AV security 2012

Unread postby docs_babe2007 » November 20th, 2011, 3:31 pm

when I tried to uninstall fantapper player it would not let me, came up with error: 1001 exception occurred while initializing the instillation.

ComboFix 11-11-19.01 - docs_babe 11/20/2011 10:37:16.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1643.568 [GMT -8:00]
Running from: c:\users\docs_babe\Desktop\ComboFix.exe
Command switches used :: c:\users\docs_babe\Desktop\cfscript.txt
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Yontoo Layers Runtime
c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
c:\users\docs_babe\AppData\Roaming\8EA0D
c:\users\docs_babe\AppData\Roaming\8EA0D\lvvm.exe
c:\users\docs_babe\AppData\Roaming\pjCIrOx0c
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-20 18:50 . 2011-11-20 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 18:37 . 2011-11-20 18:37 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-11-17 17:28 . 2011-11-17 17:28 -------- d-----w- c:\users\docs_babe\AppData\Roaming\Malwarebytes
2011-11-17 17:28 . 2011-11-17 17:28 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 17:28 . 2011-11-17 17:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-17 17:28 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 16:18 . 2011-11-17 16:18 127 ----a-w- c:\users\docs_babe\AppData\Roaming\Microsoft\2262\bl303905_64.bat
2011-11-13 22:00 . 2011-11-13 22:38 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2011-11-13 20:31 . 2011-11-17 15:14 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-11-13 20:31 . 2011-11-17 15:14 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-11-13 19:25 . 2011-11-17 15:12 -------- d-----w- c:\programdata\PC Tools
2011-11-13 07:41 . 2011-11-17 15:09 -------- d-----w- c:\users\docs_babe\AppData\Roaming\Sammsoft
2011-11-13 01:02 . 2011-11-13 01:02 102400 ----a-w- c:\users\docs_babe\AppData\Roaming\Microsoft\2262\E28C.tmp
2011-11-11 12:55 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5914221-D7C7-48A1-B398-86B164B596BF}\mpengine.dll
2011-11-09 15:58 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 15:58 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:57 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:57 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-10-28 08:24 . 2011-10-28 08:24 -------- d-----w- c:\users\docs_babe\AppData\Roaming\AnvSoft
2011-10-28 08:24 . 2011-10-28 08:24 -------- d-----w- c:\program files (x86)\AnvSoft
2011-10-26 17:12 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 17:12 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 02:00 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-10 18:55 . 2011-10-10 18:55 18944 ----a-r- c:\users\docs_babe\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-10-01 03:21 . 2011-10-11 19:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-11 19:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:40 . 2011-10-11 19:47 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:40 . 2011-10-11 19:47 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:43 . 2011-10-11 19:47 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-11 19:47 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-17_17.07.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-05 19:05 . 2011-11-20 18:54 36566 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-20 18:54 42334 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-10-09 22:17 . 2011-11-17 17:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-09 22:17 . 2011-11-20 18:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-09 22:17 . 2011-11-20 18:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-09 22:17 . 2011-11-17 17:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-09 22:17 . 2011-11-20 18:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-09 22:17 . 2011-11-17 17:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-09 21:50 . 2011-11-17 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-09 21:50 . 2011-11-20 18:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 21:50 . 2011-11-17 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-09 21:50 . 2011-11-20 18:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-15 18:19 . 2011-11-17 15:13 5548 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-15 18:19 . 2011-11-20 18:19 5548 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-09 21:51 . 2011-11-20 18:54 6726 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2138382880-4281427160-2979675762-1001_UserData.bin
- 2011-11-17 16:59 . 2011-11-17 16:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-20 18:52 . 2011-11-20 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-20 18:52 . 2011-11-20 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-17 16:59 . 2011-11-17 16:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-11-20 18:52 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-17 16:59 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-10 03:51 . 2011-11-20 05:17 162812 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-10-09 23:36 . 2011-11-20 17:51 239374 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2011-11-17 16:58 230084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-20 18:51 230084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2011-11-20 18:52 2605056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-17 16:59 2605056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-20 18:52 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-17 16:59 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2011-11-20 05:37 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-11-17 15:29 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-04-27 02:21 . 2011-11-17 15:14 3007056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-27 02:21 . 2011-11-19 06:33 3007056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Linkury Chrome Smartbar"="c:\program files (x86)\Linkury\Linkury.exe" [2011-09-25 103224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-09-26 19554952]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-10 1176064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-12 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-12 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2138382880-4281427160-2979675762-1001Core.job
- c:\users\docs_babe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 01:24]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2138382880-4281427160-2979675762-1001UA.job
- c:\users\docs_babe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10 01:24]
.
2011-11-10 c:\windows\Tasks\HPCeeScheduleFordocs_babe.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2011-11-20 c:\windows\Tasks\HPCeeScheduleForWIN-LR7E2N8LO2K$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2011-11-20 11:01:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 19:01
ComboFix2.txt 2011-11-19 07:36
ComboFix3.txt 2011-11-19 06:44
ComboFix4.txt 2011-11-17 17:16
C:\DeQuarantine.txt
.
Pre-Run: 190,673,272,832 bytes free
Post-Run: 190,675,542,016 bytes free
.
- - End Of File - - B5C9D39FB47063B184D801FC0309E79E

C:\Qoobox\Quarantine\C\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}\0x0409.ini -> C:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}\0x0409.ini
C:\Qoobox\Quarantine\C\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}\HP Support Assistant.msi -> C:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}\HP Support Assistant.msi
2 File(s) copied


Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 7 Update 1
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````
docs_babe2007
Active Member
 
Posts: 8
Joined: November 13th, 2011, 5:15 pm

Re: AV security 2012

Unread postby mambass » November 21st, 2011, 8:17 am

Hi docs_babe2007, :)

Things seem to be looking better now. You're doing a great job! :thumbup:

Are you experiencing any signs of malware on your computer?

It appears that something has removed your Spyware Doctor antivirus software. Your system is currently unprotected. It is important that you install an antivirus product at this time. I have provided instructions below to download and install Microsoft Security Essentials. This is free antivirus software provided by Microsoft. Of course you can install another antivirus product of your choice at this point or at a later point. If you choose the latter than we need to install Microsoft Security Essentials now so that you'll be protected and you will need to uninstall it before installing a replacement product. One important point: never have more than one antivirus package installed at the same time.

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Download and run TFC (Temp File Cleaner)

    1. Click here to download TFC by OldTimer and save it to your Desktop. A TFC.exe icon will appear on your Desktop.
    2. Close all windows/applications. There should be no application tabs displayed at the bottom of your screen.
    3. Right-click the TFC.exe icon on your Desktop and select Run As Administrator to run TFC.
    4. Click Yes if prompted to reboot. A reboot is not always required but when it is required it is important that the reboot be performed before any other steps or use of your computer.


  2. ESET Online Scanner

    1. Close all windows/applications. There should be no application tabs displayed at the bottom of your screen.
    2. Click here to display the Free ESET Online Antivirus Scanner web page.
    3. Click the ESET Online Scanner button. ESET will be downloaded and executed

      • If Internet Explorer is the browser being used then:
        1. The ESET Online Scanner EULA will be displayed.
        2. Check (tick) the Yes, I accept the Terms of User checkbox and then click the Start button. The ESET Online Scanner window will open.
        3. If the ESET scanner Active-X component is not currently installed on your computer then the Active-X component will be downloaded.and installed. You may need to:
          • Click on a statement such as "The website wants to install the following add-on:…" at the top of the window to display a pop-up menu.
          • Click the "Install This Add-On for All Users on This Computer…" item in the pop-up menu in order to keep the browser from blocking the download
          • Click the Retry button in a subsequent message window to restart the download.
          • Click the Install button if an Internet Explorer – Security Warning message is displayed.

      • If a browser other than Internet Explorer is being used then:
        1. The Internet browser support frame will be displayed indicating that you must download the ESET Smart Installer application.
        2. Click the esetsmartinstaller_enu.exe link and save the installer to your Desktop.
        3. Right-click the esetsmartinstaller_enu.exe icon on your Desktop and select Run As Administrator to run the installer. The Terms of use window will be displayed.
        4. Check (tick) the Yes, I accept the Terms of User checkbox and then click the Start button. The components will be downloaded and registered.

    4. The Computer scan settings frame will be displayed.
    5. Uncheck (untick) (i.e., remove the check/tick mark from) the Remove found threats checkbox.
    6. Check/tick the Scan archives checkbox.
    7. Click the Advanced settings link. Additional options will be displayed.
    8. Check (tick) the following advanced settings options
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    9. Click the Start button.
      • The virus signature database will be downloaded and the scan will begin.
      • This will take a while so please be patient.
      • Do not touch the mouse or the keyboard while the scan is running or the scan may stall.
      • Wait for the scan to finish.
    10. Click the Finish button. The ESET window will close.
    11. Open file C:\Program Files\ESET\ESET Online Scanner\log.txt using Notepad.
    12. Copy the contents of the log Notepad window and paste it into your reply.
    13. Close the Notepad window.


  3. Download and Install Microsoft Security Essentials
    Microsoft Security Essentials is free Antivirus software provided by Microsoft for systems running a genuine copy of the Windows operating system.

    1. Goto www.microsoft.com/security_essentials/ to display the web page from which you can download the Microsoft Security Essentials Installer and save it to your Desktop. The Installer icon will appear on your Desktop.
    2. Right-click the Installer icon and select Run As Administrator to install the software.
    3. Once installed, let it update its virus definitions.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the ESET report.
  3. A description of how your computer is running and any Malware symptoms that are still present.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: AV security 2012

Unread postby docs_babe2007 » November 21st, 2011, 5:28 pm

no error on my part everything is running smooth...


# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=215179c8b693574bb6b6289c28ff45cc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-21 09:04:35
# local_time=2011-11-21 01:04:35 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776638 66 94 0 73442891 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=172803
# found=16
# cleaned=0
# scan_time=10034
C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\8EA0D\lvvm.exe.vir a variant of Win32/Kryptik.ABW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\LP\2262\7D7.exe.vir a variant of Win32/Kryptik.VHX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\docs_babe\AppData\Roaming\chrome.exe.vir a variant of Win32/Kryptik.VIC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\docs_babe\AppData\Roaming\dwme.exe.vir a variant of Win32/Kryptik.VHX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\docs_babe\AppData\Roaming\java.exe.vir a variant of Win32/Kryptik.VIC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\docs_babe\AppData\Roaming\2048E\0B022.exe.vir a variant of Win32/Kryptik.VKW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\docs_babe\AppData\Roaming\8EA0D\lvvm.exe.vir a variant of Win32/Kryptik.VKW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\docs_babe\AppData\Roaming\d8fRZ9hTXjClBzN\AV Security 2012v121.exe.vir a variant of Win32/Kryptik.VIC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\docs_babe\AppData\Roaming\d8fRZ9TXwUeIrPx\AV Security 2012v121.exe.vir a variant of Win32/Kryptik.VIC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\docs_babe\AppData\Roaming\E111D3onGm\AV Security 2012v121.exe.vir a variant of Win32/Kryptik.VIC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\docs_babe\AppData\Roaming\Microsoft\2262\7D7.exe.vir a variant of Win32/Kryptik.VOZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\docs_babe\AppData\Roaming\PSS11ibDon4aHs\AV Security 2012v121.exe.vir a variant of Win32/Kryptik.VIC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\docs_babe\AppData\Roaming\Microsoft\2262\E28C.tmp Win32/PSW.Agent.NTM trojan (unable to clean) 00000000000000000000000000000000 I


from what I see there is no malware symptoms as of now :)
docs_babe2007
Active Member
 
Posts: 8
Joined: November 13th, 2011, 5:15 pm

Re: AV security 2012

Unread postby mambass » November 22nd, 2011, 7:55 am

Hi docs_babe2007, :)

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Remove file using OTM

    1. Click here to download OTM.exe...by Old Timer and save it to your desktop.
    2. Right-click the OTM.exe icon on your desktop and select Run as Administrator from the popup menu. The OTM window will be displayed as shown below.
      Note: The numbers in dark red parentheses in the instructions below, such as (1), refer to the corresponding numbered elements in the window image shown below.

      Image

    3. Copy all of the text from the box below (do not include the word Code:) and paste it into the "Paste Instructions for Items to be Moved" box identified as (1) in the diagram above.
      • Note: Do not type these commands but rather use cut/paste, otherwise errors in typing could damage your machine.
      Code: Select all
      :Files
      C:\Users\docs_babe\AppData\Roaming\Microsoft\2262\E28C.tmp
      
      :Commands
      [EmptyFlash]
      [emptytemp]
      [ClearAllRestorePoints]
      [Reboot] 

    4. Close all windows/applications other than OTM. OTM should be the only application tab shown at the bottom of the screen.
    5. Click the MoveIt! button identified as (2) in the diagram above.
      • Desktop icons may disappear while OTM removes files.
      • A message window will be displayed asking if the system can be rebooted now.
    6. Click the Yes button in the message window to allow the reboot to be performed. The system will reboot.
      • Note: If the system does not reboot after OTM has finished removing files, reboot the system manually.
    7. Log in after the reboot.
    8. If you receive the "Open File – Security Warning" message, click Run to allow OTM to finish its tasks.
    9. A Notepad window will open with the report from the OTM operations.
    10. Copy the contents of the report and paste it into your next reply.
      • Note: If you need to retrieve the report contents at a later time, the report can be found in the file C:\_OTM\MovedFiles\mmddyy_hhmmss.log where "mmddyy_hhmmss" represents the date_time when the report was created.
    11. Close the Notepad window.


  2. Check Windows Defender service
    Please include in your reply any changes that were made in this step.

    1. Click Start > All Programs > Accessories > Run. The Run window will be displayed.
    2. Type services.msc in the Run window's textbox and click the OK button. The Services window will be displayed.
    3. Double-click the entry for Windows Defender. The Windows Defender Properties window will be displayed.
    4. Select option Automatic (Delayed Start) in the Startup type: dropdown list if that is not the currently selected value.
    5. Click the Start button if the Service status is anything other than Started.
    6. Click the OK button to close the Windows Defender Properties window.
    7. Verify that "Started" is the value displayed in the Status column for the Windows Defender entry in the Services window.
    8. Close the Services window.


  3. Check Windows Defender settings
    Please include in your reply any changes that were made in this step.

    1. Click Start > Control Panel to display the Control Panel.
    2. Click the Windows Defender entry. The Windows Defender window will be displayed.
    3. Click the Tools button at the top of the screen and then click the Options link in the Tools and Settings frame.
    4. Click Automatic scanning in the left pane,
      • Verify that Automatically scan my computer is checked (ticked).
      • Check (tick) Check for updated definitions before scanning.
      • Set other options based on your preferences.
    5. Click Default Actions in the left pane.
      • Verify that Recommended action based on definitions is selected for each level of alert items.
    6. Click Real-time protection in the left pane.
      • Verify that all items are checked (ticked).
    7. Click Excluded files and folders in the left pane.
      • Remove any entries in the list that you have not previously added to the list.
    8. Click Excluded file types in the left pane.
      • Remove any entries in the list that you have not previously added to the list.
    9. Click Advanced in the left pane.
      • Review the options and check or uncheck options based on your preferences.
    10. Click the Save button if any changes were made.
    11. Click the Scan button at the top of the window. A quick malware scan will be performed.
    12. Close the Windows Defender and Control Panel windows.


  4. Security Check

    1. Right-click the Security Check icon on your Desktop, select Run As Administrator in the popup menu and follow the onscreen instructions inside of the black box. Upon completion a Notepad window will open with the report.
    2. Copy the results from the Notepad window and paste them in your reply.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTM log.
  3. A description of any changes required for the Windows Defender service or settings.
  4. The contents of the Security Check report.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: AV security 2012

Unread postby docs_babe2007 » November 22nd, 2011, 4:01 pm

When I tried to do II i got all the way to the area I was supposed to double click windows defender. And windows defender was not there. I'm more then positive that i'm doing it right. Please let me know if there is something else I can do. And I was not sure if I should go on to the other steps without finishing up II, so I stopped and decided to email you. Thank you



All processes killed
========== FILES ==========
C:\Users\docs_babe\AppData\Roaming\Microsoft\2262\E28C.tmp moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: docs_babe
->Flash cache emptied: 1175 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: docs_babe
->Temp folder emptied: 25988347 bytes
->Temporary Internet Files folder emptied: 5381506 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 356010170 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31118 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 369.00 mb


Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.19.0 log created on 11222011_113619

Files moved on Reboot...
C:\Users\docs_babe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
docs_babe2007
Active Member
 
Posts: 8
Joined: November 13th, 2011, 5:15 pm

Re: AV security 2012

Unread postby mambass » November 23rd, 2011, 6:34 am

Hi docs_babe2007, :)

docs_babd2007 wrote:When I tried to do II i got all the way to the area I was supposed to double click windows defender. And windows defender was not there. I'm more then positive that i'm doing it right.
I agree that you're doing everything correctly. :thumbup:

Skip steps II and III. Please run Security Check as directed in Step IV and include the contents of that log in your reply.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: AV security 2012

Unread postby docs_babe2007 » November 23rd, 2011, 2:25 pm

Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 7 Update 1
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````


Thank you I was not sure what to do. So I thought it best that I just reply to you :)
docs_babe2007
Active Member
 
Posts: 8
Joined: November 13th, 2011, 5:15 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 131 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware