Jacee Posted November 14, 2012 Share Posted November 14, 2012 No.. it should not take anywhere near that long! Did you right click on Combofix.exe icon and choose to run as Administrator? Link to comment Share on other sites More sharing options...
mizsam Posted November 14, 2012 Author Share Posted November 14, 2012 no i left clicked and its running as admin. should i restart it? thank you. Link to comment Share on other sites More sharing options...
mizsam Posted November 14, 2012 Author Share Posted November 14, 2012 i am sorry i know what i did wrong and i am now redoing the combo scan and will post the log as soon as i can. thank you Link to comment Share on other sites More sharing options...
Jacee Posted November 14, 2012 Share Posted November 14, 2012 Okay Link to comment Share on other sites More sharing options...
mizsam Posted November 14, 2012 Author Share Posted November 14, 2012 Running the Combo scan for a few hours again, seems when it gets to 48 it just hangs and doesn't seem like it wants to proceed. Is this normal and should i just keep waiting....thank you Link to comment Share on other sites More sharing options...
Jacee Posted November 14, 2012 Share Posted November 14, 2012 Do you still have IOBit running? Right click on the bottom Taskbar, then click on start Task manager, click the Processes tab and see if it's running Link to comment Share on other sites More sharing options...
mizsam Posted November 14, 2012 Author Share Posted November 14, 2012 (edited) i believe i uninstalled iobit when you mentioned earlier that i had things that were no needed on my computer, i did check the processes and do not see it there...thank you does this combo program have a blinking curser Edited November 14, 2012 by mizsam Link to comment Share on other sites More sharing options...
Jacee Posted November 14, 2012 Share Posted November 14, 2012 Okay ... yes, Combofix has a blinking line, not the arrow, tho'. I want you to delete Combofix.exe. Re-enable Avast. Now, We're going to 'flush the bad DNS cache' and restore Microsoft's Host file. Copy and paste these lines in Note pad. @Echo on pushdwindowssystem32driversetc attrib -h -s -r hosts echo 127.0.0.1 localhost>HOSTS attrib +r +h +s hosts popd ipconfig /release ipconfig /renew ipconfig /flushdns netsh winsock reset all netsh int ip reset all shutdown -r -t 1 del %0 Save as flush.bat to your desktop. Next, right click on right click the .bat file (it will look like a 'gear' icon) and choose to run as Administrator. Your computer will reboot itself.[/b]. Enable Avast and go back online to re-download a fresh version of Combofix. Download Combofix from any of the links below, and save it to your desktop.<--Important Link 1 Link 3 Click on this link Here to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. If your anti-virus or firewall complains, please allow this script to run as it is not malicious. Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem. Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working. This includes Antivirus, Firewall, and any Spyware scanners that run in the background. [/color] Double click combofix.exe and follow the prompts. When finished, it will produce a log for you. Note: Do not mouseclick combofix's window while its running. That may cause it to stallPlease be patient while the scan runs, at times it may appear to stall. When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply After rebooting ensure your Security applications have been re-enabled. In your next reply post: ComboFix.txt ***A guide and tutorial on "How to use Combofix" can be found here: http://www.bleepingc...to-use-combofix IF CF won't run: Before "saving" it to your desktop, rename Combofix.exe to sVchost.exe Link to comment Share on other sites More sharing options...
mizsam Posted November 14, 2012 Author Share Posted November 14, 2012 Will do, thank you Link to comment Share on other sites More sharing options...
mizsam Posted November 15, 2012 Author Share Posted November 15, 2012 i finally got combo to run and a log appeared, but i am unable to post it as trying to get online again causes an error box to pop with "illegal opreation attempted on a registry key that has been markedfor deletion. Also when i tied to enable avast again i received the same error message. thank you Link to comment Share on other sites More sharing options...
Jacee Posted November 15, 2012 Share Posted November 15, 2012 What's the error line/number for the registry key to be deleted? This is not looking too good from my vantage point Link to comment Share on other sites More sharing options...
mizsam Posted November 15, 2012 Author Share Posted November 15, 2012 this is what i see (a red X) c:programfilesinternetexplorerieexplore.exe thank you Link to comment Share on other sites More sharing options...
Jacee Posted November 15, 2012 Share Posted November 15, 2012 Are you sure that it says ieexplore.exe... with two 'ee's? c:programfilesinternetexplorerieexplore.exe Link to comment Share on other sites More sharing options...
Jacee Posted November 15, 2012 Share Posted November 15, 2012 Tell me if you are connected to the Internet with a DSL/Broadband modem, that you plug your computer into, using a Cat 5E cord. Link to comment Share on other sites More sharing options...
mizsam Posted November 15, 2012 Author Share Posted November 15, 2012 sorry my mistake, no not 2 ee's, just iexplore.exe and yes i have comcast dsl, but not finding any numbers on the cord that you asked about. Did things just get worse since the combofix scan? thank you. Link to comment Share on other sites More sharing options...
Jacee Posted November 15, 2012 Share Posted November 15, 2012 i finally got combo to run and a log appeared, but i am unable to post it as trying to get online again causes an error box to pop with "illegal opreation attempted on a registry key that has been markedfor deletion. Also when i tied to enable avast again i received the same error message. thank youReboot your computer a couple of times ... this should clear the error. Are you reconnected to the internet? Don't worry about the number on the cable. You can disconnect it for about 30 seconds, then plug it back in. You should be able to get back online. If not ... Then, Disable the proxy settings in Internet Explorer: 1) Under “Tools” in the browser tool bar select “Internet Options”. 2) In the “Internet Options” window that pops up, click the “Connections” tab at the top. 3) Click “LAN Settings” near the bottom of the “Connections” section. 4) If the “Proxy server” checkbox is marked with a check, click it to deselect/uncheck it. 5) Click “Ok” to close the “Local Area Network (LAN) Settings” window. 6) Click “Ok” to close the “Internet Options” window. Reboot Make sure "Proxy server" is still disabled under your LAN Settings. Test whether internet connectivity is restored. Let me know! Link to comment Share on other sites More sharing options...
mizsam Posted November 15, 2012 Author Share Posted November 15, 2012 at friends house, will try the above and get back to you as soon as i can. thank you Link to comment Share on other sites More sharing options...
mizsam Posted November 15, 2012 Author Share Posted November 15, 2012 ComboFix 12-11-14.01 - Lynda 11/14/2012 19:28:07.4.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.864 [GMT -5:00] Running from: c:usersLyndaDesktopComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:prefs.js c:programdataMicrosoftWindowsStart MenuProgramsStartupStrongVaultApp.exe.lnk C:Thumbs.db c:windowsCOUPon~1.ocx . Infected copy of c:windowsSysWow64user32.dll was found and disinfected Restored copy from - c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll . . ((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))) . . 2012-11-15 00:35 . 2012-11-15 00:35 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-11-13 11:25 . 2012-10-12 07:19 9291768 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{94F96FDA-BF6B-4B19-8140-79EDE4B6754B}mpengine.dll 2012-11-13 02:19 . 2012-11-13 02:19 -------- d-----w- c:program files (x86)VS Revo Group 2012-11-13 02:13 . 2012-11-13 02:13 388096 ----a-r- c:usersLyndaAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-11-13 02:13 . 2012-11-13 02:13 -------- d-----w- c:program files (x86)Trend Micro 2012-11-12 06:23 . 2012-11-12 06:23 -------- d-----w- c:usersLyndaAppDataRoamingBabylon 2012-11-12 06:13 . 2012-11-12 06:13 -------- d-----w- c:programdataStrongvault Online Backup 2012-11-12 01:23 . 2012-11-12 01:23 -------- d-----w- c:program files (x86)Common FilesJava 2012-11-12 01:22 . 2012-11-12 01:22 95208 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll 2012-11-11 11:52 . 2012-11-11 11:52 -------- d-----w- c:programdataSUPERSetup 2012-11-09 20:45 . 2012-11-09 20:45 -------- d-----w- c:usersLyndaAppDataLocalCrashRpt 2012-11-09 20:44 . 2012-11-09 20:44 -------- d-----w- c:program files (x86)Webshots 2012-11-09 04:24 . 2012-11-09 04:24 697272 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-11-09 04:24 . 2012-11-09 04:24 -------- d-----w- c:windowssystem32Macromed 2012-11-08 13:47 . 2012-11-08 13:47 -------- d-----w- c:usersLyndaAppDataRoamingPC Cleaners 2012-11-08 13:47 . 2012-11-08 13:47 -------- d-----w- c:usersLyndaAppDataRoamingPCPro 2012-11-08 13:47 . 2012-11-08 13:47 -------- d-----w- c:programdataPC1Data 2012-11-08 04:57 . 2012-11-09 04:36 -------- d-----w- c:usersLyndaAppDataLocalDeployment 2012-11-08 04:57 . 2012-11-08 04:57 -------- d-----w- c:usersLyndaAppDataLocalApps 2012-11-06 05:28 . 2012-11-08 21:12 -------- d-----w- c:programdataSpybot - Search & Destroy 2012-11-06 05:27 . 2012-11-08 21:12 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2 2012-11-05 15:14 . 2012-11-05 15:14 -------- d-----w- c:usersLyndaAppDataRoamingNCH Software 2012-11-02 04:34 . 2012-11-02 04:34 -------- d-----w- c:usersLyndaAppDataRoamingSUPERAntiSpyware.com 2012-10-23 05:13 . 2012-10-23 05:14 -------- d-----w- c:program files (x86)EZ Cards Creator 2012-10-23 05:06 . 2012-10-23 05:06 -------- d-----w- c:program files (x86)SaveValet 2012-10-23 05:05 . 2012-11-09 06:02 -------- d-----w- c:windowsSChecker 2012-10-23 05:05 . 2012-10-23 05:05 -------- d-----w- c:program files (x86)Swiki 2012-10-22 15:17 . 2012-10-22 15:17 -------- d-----w- c:usersLyndaAppDataLocalApple Computer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-12 01:22 . 2012-08-30 23:30 821736 ----a-w- c:windowsSysWow64npdeployJava1.dll 2012-11-12 01:22 . 2011-03-14 20:58 746984 ----a-w- c:windowsSysWow64deployJava1.dll 2012-11-09 04:24 . 2011-05-18 18:44 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-10-30 23:51 . 2011-01-16 00:06 59728 ----a-w- c:windowssystem32driversaswTdi.sys 2012-10-30 23:51 . 2011-06-05 07:09 984144 ----a-w- c:windowssystem32driversaswSnx.sys 2012-10-30 23:51 . 2011-01-16 00:06 370288 ----a-w- c:windowssystem32driversaswSP.sys 2012-10-30 23:51 . 2011-01-16 00:06 71600 ----a-w- c:windowssystem32driversaswMonFlt.sys 2012-10-30 23:51 . 2011-01-16 00:06 25232 ----a-w- c:windowssystem32driversaswFsBlk.sys 2012-10-30 23:51 . 2011-01-16 00:06 41224 ----a-w- c:windowsavastSS.scr 2012-10-30 23:50 . 2011-01-16 00:06 227648 ----a-w- c:windowsSysWow64aswBoot.exe 2012-10-30 23:50 . 2011-01-16 00:06 285328 ----a-w- c:windowssystem32aswBoot.exe 2012-10-15 16:59 . 2012-03-19 03:49 54072 ----a-w- c:windowssystem32driversaswRdr2.sys 2012-10-11 05:13 . 2011-01-20 14:39 65309168 ----a-w- c:windowssystem32MRT.exe 2012-09-14 19:19 . 2012-10-10 10:52 2048 ----a-w- c:windowssystem32tzres.dll 2012-09-14 18:28 . 2012-10-10 10:52 2048 ----a-w- c:windowsSysWow64tzres.dll 2012-09-07 19:04 . 2012-09-07 19:04 359424 ----a-w- c:programdataMicrosoftWindowsStart MenuProgramsStartupStrongVaultApp.exe 2012-08-31 18:19 . 2012-10-10 10:52 1659760 ----a-w- c:windowssystem32driversntfs.sys 2012-08-30 18:03 . 2012-10-10 10:52 5559664 ----a-w- c:windowssystem32ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 10:52 3914096 ----a-w- c:windowsSysWow64ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 10:52 3968880 ----a-w- c:windowsSysWow64ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 10:52 220160 ----a-w- c:windowssystem32wintrust.dll 2012-08-24 18:05 . 2012-09-22 03:59 1188864 ----a-w- c:windowssystem32wininet.dll 2012-08-24 18:05 . 2012-09-22 03:59 1494528 ----a-w- c:windowssystem32urlmon.dll 2012-08-24 18:05 . 2012-09-22 03:59 134144 ----a-w- c:windowssystem32url.dll 2012-08-24 18:03 . 2012-09-22 03:59 9056256 ----a-w- c:windowssystem32mshtml.dll 2012-08-24 18:03 . 2012-09-22 03:59 97792 ----a-w- c:windowssystem32mshtmled.dll 2012-08-24 18:03 . 2012-09-22 03:59 735744 ----a-w- c:windowssystem32msfeeds.dll 2012-08-24 18:03 . 2012-09-22 03:59 64512 ----a-w- c:windowssystem32jsproxy.dll 2012-08-24 18:02 . 2012-09-22 03:59 247808 ----a-w- c:windowssystem32ieui.dll 2012-08-24 18:02 . 2012-09-22 03:59 12295680 ----a-w- c:windowssystem32ieframe.dll 2012-08-24 18:02 . 2012-09-22 03:59 2453504 ----a-w- c:windowssystem32iertutil.dll 2012-08-24 16:57 . 2012-10-10 10:52 172544 ----a-w- c:windowsSysWow64wintrust.dll 2012-08-24 16:57 . 2012-09-22 03:59 981504 ----a-w- c:windowsSysWow64wininet.dll 2012-08-24 15:59 . 2012-09-22 03:59 1638912 ----a-w- c:windowssystem32mshtml.tlb 2012-08-24 15:20 . 2012-09-22 03:59 1638912 ----a-w- c:windowsSysWow64mshtml.tlb 2012-08-22 18:12 . 2012-09-12 11:43 1913200 ----a-w- c:windowssystem32driverstcpip.sys 2012-08-22 18:12 . 2012-09-12 11:43 950128 ----a-w- c:windowssystem32driversndis.sys 2012-08-22 18:12 . 2012-09-12 11:43 376688 ----a-w- c:windowssystem32driversnetio.sys 2012-08-22 18:12 . 2012-09-12 11:43 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 19:19 245760 ----a-w- c:windowssystem32OxpsConverter.exe 2012-08-20 18:48 . 2012-10-10 10:52 243200 ----a-w- c:windowssystem32wow64.dll 2012-08-20 18:48 . 2012-10-10 10:52 362496 ----a-w- c:windowssystem32wow64win.dll 2012-08-20 18:48 . 2012-10-10 10:52 13312 ----a-w- c:windowssystem32wow64cpu.dll 2012-08-20 18:48 . 2012-10-10 10:52 215040 ----a-w- c:windowssystem32winsrv.dll 2012-08-20 18:48 . 2012-10-10 10:52 16384 ----a-w- c:windowssystem32ntvdm64.dll 2012-08-20 18:48 . 2012-10-10 10:52 424448 ----a-w- c:windowssystem32KernelBase.dll 2012-08-20 18:48 . 2012-10-10 10:52 1162240 ----a-w- c:windowssystem32kernel32.dll 2012-08-20 18:46 . 2012-10-10 10:52 338432 ----a-w- c:windowssystem32conhost.exe 2012-08-20 18:38 . 2012-10-10 10:52 4608 ---ha-w- c:windowssystem32api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 4608 ---ha-w- c:windowssystem32api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 6144 ---ha-w- c:windowssystem32api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 4096 ---ha-w- c:windowssystem32api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 4096 ---ha-w- c:windowssystem32api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 4096 ---ha-w- c:windowssystem32api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 4096 ---ha-w- c:windowssystem32api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 5120 ---ha-w- c:windowssystem32api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-10 10:52 14336 ----a-w- c:windowsSysWow64ntvdm64.dll 2012-08-20 17:38 . 2012-10-10 10:52 44032 ----a-w- c:windowsapppatchacwow64.dll 2012-08-20 17:38 . 2012-10-10 10:52 25600 ----a-w- c:windowsSysWow64setup16.exe 2012-08-20 17:37 . 2012-10-10 10:52 5120 ----a-w- c:windowsSysWow64wow32.dll 2012-08-20 17:37 . 2012-10-10 10:52 274944 ----a-w- c:windowsSysWow64KernelBase.dll 2012-08-20 17:32 . 2012-10-10 10:52 4608 ---ha-w- c:windowsSysWow64api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 4096 ---ha-w- c:windowsSysWow64api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 4096 ---ha-w- c:windowsSysWow64api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 4096 ---ha-w- c:windowsSysWow64api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 4096 ---ha-w- c:windowsSysWow64api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 5120 ---ha-w- c:windowsSysWow64api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-errorhandling-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{A2B6C1C5-ACDE-415E-A965-9FCB42E95952}] 2012-10-18 16:08 383488 ----a-w- c:program files (x86)Swiki_IEScriptHost.dll . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Advanced SystemCare 4"="c:program files (x86)IObitAdvanced SystemCare 4ASCTray.exe" [2011-05-28 412560] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2010-05-12 102400] "HP Software Update"="c:program files (x86)HPHP Software UpdateHPWuSchd2.exe" [2008-12-08 54576] "PDF Complete"="c:program files (x86)PDF Completepdfsty.exe" [2010-09-28 664600] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-27 919008] "avast"="c:program filesAlwil SoftwareAvast5avastUI.exe" [2012-10-30 4297136] "Ad-Aware Browsing Protection"="c:programdataAd-Aware Browsing Protectionadawarebp.exe" [2012-08-08 540056] "ArcSoft Connection Service"="c:program files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe" [2010-10-28 207424] "QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2007-12-11 286720] "SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-07-03 252848] "SMessaging"="c:usersLyndaAppDataLocalStrongvault Online BackupSMessaging.exe" [2012-04-04 31664] . c:usersLyndaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup OpenOffice.org 3.3.lnk - c:program files (x86)OpenOffice.org 3programquickstart.exe [2010-12-13 1198592] ProgSense.lnk - c:program files (x86)ProgSenseprogsense.exe [2012-11-12 937152] . c:programdataMicrosoftWindowsStart MenuProgramsStartup Snapfish PictureMover.lnk - c:program files (x86)PictureMoverBinPictureMover.exe [2010-9-28 1040952] StrongVaultApp.exe [2012-9-7 359424] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalIMFservice] @="Service" . R1 SBRE;SBRE;c:windowssystem32driversSBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [2011-09-09 86072] R2 IMFservice;IMF Service;c:program files (x86)IObitIObit Malware FighterIMFsrv.exe [x] R3 FileMonitor;FileMonitor;c:program files (x86)IObitIObit Malware FighterDriverswin7_amd64FileMonitor.sys [x] R3 GamesAppService;GamesAppService; [x] R3 RegFilter;RegFilter;c:program files (x86)IObitIObit Malware Fighterdriverswin7_amd64regfilter.sys [x] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392] R3 UrlFilter;UrlFilter;c:program files (x86)IObitIObit Malware Fighterdriverswin7_amd64UrlFilter.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-01-16 1255736] S0 amd_sata;amd_sata;c:windowssystem32DRIVERSamd_sata.sys [2010-08-13 75904] S0 amd_xata;amd_xata;c:windowssystem32DRIVERSamd_xata.sys [2010-08-13 38016] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:program files (x86)IObitAdvanced SystemCare 4ASCService.exe [2011-05-28 353168] S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2010-05-11 203264] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2012-10-30 71600] S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2012-01-04 822624] S2 HPClientSvc;HP Client Services;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:program files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-03-28 94264] S2 pdfcDispatcher;PDF Document Manager;c:program files (x86)PDF Completepdfsvc.exe [2010-09-28 1119768] S2 PfFilter;PfFilter;c:program files (x86)IObitProtected Folderpffilter.sys [2011-03-16 36792] S2 RoxioNow Service;RoxioNow Service;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-09-11 399344] S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-01 508776] S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2010-09-03 349800] S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:windowssystem32DRIVERSusbfilter.sys [2009-12-22 38456] . . Contents of the 'Scheduled Tasks' folder . 2012-11-15 c:windowsTasksAdobe Flash Player Updater.job - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-11-09 04:24] . 2012-11-15 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-11-09 04:36] . 2012-11-14 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-11-09 04:36] . 2012-10-17 c:windowsTasksHPCeeScheduleForLYNDA-HP$.job - c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15] . 2012-11-11 c:windowsTasksHPCeeScheduleForLynda.job - c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15] . 2012-11-14 c:windowsTasksParetoLogic Registration.job - c:windowssystem32rundll32.exe [2009-07-13 01:14] . 2012-11-14 c:windowsTasksParetoLogic Update Version2.job - c:program files (x86)Common FilesParetoLogicUUS2Pareto_Update.exe [2008-02-22 16:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:program filesAlwil SoftwareAvast5ashShA64.dll . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "hpsysdrv"="c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe" [2008-11-20 62768] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?ilc=31 . - - - - ORPHANS REMOVED - - - - . BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:usersLyndaAppDataRoamingDefaultTabDefaultTabDefaultTabBHO.dll BHO-{CB0D163C-E9F4-4236-9496-0597E24B23A5} - c:program files (x86)GamesBar2.0.1.73oberontb.dll Wow6432Node-HKCU-Run-SearchEngineProtection - c:program files (x86)GamesbarSearchEngineProtection.exe . . . [HKEY_LOCAL_MACHINEsystemControlSet001servicespdfcDispatcher] "ImagePath"="c:program files (x86)PDF Completepdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:program filesAlwil SoftwareAvast5AvastSvc.exe c:program files (x86)Common FilesArcSoftConnection ServiceBinACService.exe c:program files (x86)Common FilesAdobeARM1.0armsvc.exe c:program files (x86)IObitAdvanced SystemCare 4PMonitor.exe c:program files (x86)Common FilesLightScribeLSSrvc.exe . ************************************************************************** . Completion time: 2012-11-14 19:43:30 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-15 00:43 . Pre-Run: 445,042,520,064 bytes free Post-Run: 444,817,059,840 bytes free . - - End Of File - - 158E72AB7572C9A909A515E374892854 Link to comment Share on other sites More sharing options...
Jacee Posted November 16, 2012 Share Posted November 16, 2012 Fantastic! You finally got Combofix to run and post the log. I'm proud of you I want you to download the remover for IOBits ... and remove that program! http://www.t-tools.nl/bitremoveren.php After doing that, run another scan (as Administrator) with HijackThis! Delete the old .txt logfile first. Click 'Do a System Scan and Save logfile'. The HJT log will open in notepad. Copy and paste the HJT log from notepad We have a couple more things, yet to do, before I can declare your computer free of infection. Hang in there with me! Link to comment Share on other sites More sharing options...
mizsam Posted November 16, 2012 Author Share Posted November 16, 2012 I removed iobit but i can't find the old .txt file (hijack one) where would i find that? what would the first line read? thank you i am getting excited!! Link to comment Share on other sites More sharing options...
Jacee Posted November 16, 2012 Share Posted November 16, 2012 Just run HJT again, do as I instructed above your last post, then copy and paste the log for me please. Link to comment Share on other sites More sharing options...
mizsam Posted November 16, 2012 Author Share Posted November 16, 2012 i tried to run hjt again and no option to run as admin but log appears not in notepad, cannot highlight or save to send you. Link to comment Share on other sites More sharing options...
mizsam Posted November 16, 2012 Author Share Posted November 16, 2012 i got a message from hiack "system denied write access to the hosts file......) i can't save log anyplace Link to comment Share on other sites More sharing options...
mizsam Posted November 16, 2012 Author Share Posted November 16, 2012 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:03:51 PM, on 11/15/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe C:Program Files (x86)IObitAdvanced SystemCare 4ASCTray.exe C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupStrongVaultApp.exe C:Program Files (x86)ProgSenseprogsense.exe C:Program Files (x86)OpenOffice.org 3programsoffice.exe C:Program Files (x86)OpenOffice.org 3programsoffice.bin C:Program Files (x86)HpHP Software Updatehpwuschd2.exe C:Program FilesAlwil SoftwareAvast5AvastUI.exe C:ProgramDataAd-Aware Browsing Protectionadawarebp.exe C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe C:Program Files (x86)Common FilesJavaJava Updatejusched.exe C:Program Files (x86)Common FilesArcSoftConnection ServiceBinArcCon.ac C:UsersLyndaAppDataLocalStrongvault Online BackupSMessaging.exe C:Program Files (x86)Trend MicroHiJackThisHiJackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/?ilc=21 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/CQDSK/1 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/CQDSK/1 R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:Program Files (x86)IEProiepro.dll O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:Program Files (x86)Claro LTDclaro1.8.3.10bhclaro.dll O2 - BHO: CrossriderApp0003491 - {11111111-1111-1111-1111-110011341191} - C:Program Files (x86)Vid-SaverVid-Saver.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:UsersLyndaAppDataRoamingDefaultTabDefaultTabDefaultTabBHO.dll (file missing) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAlwil SoftwareAvast5aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Swiki_IE - {A2B6C1C5-ACDE-415E-A965-9FCB42E95952} - C:Program Files (x86)Swiki_IEScriptHost.dll O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:Program Files (x86)GamesBar2.0.1.73oberontb.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAlwil SoftwareAvast5aswWebRepIE.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:Program Files (x86)IEProIEProRecorder.dll O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:Program Files (x86)Claro LTDclaro1.8.3.10claroTlbr.dll O4 - HKLM..Run: [startCCC] "c:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun O4 - HKLM..Run: [HP Software Update] c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe O4 - HKLM..Run: [PDF Complete] C:Program Files (x86)PDF Completepdfsty.exe O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" O4 - HKLM..Run: [avast] "C:Program FilesAlwil SoftwareAvast5avastUI.exe" /nogui O4 - HKLM..Run: [Ad-Aware Browsing Protection] "C:ProgramDataAd-Aware Browsing Protectionadawarebp.exe" O4 - HKLM..Run: [ArcSoft Connection Service] C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe O4 - HKLM..Run: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe" O4 - HKLM..Run: [sMessaging] C:UsersLyndaAppDataLocalStrongvault Online BackupSMessaging.exe O4 - HKCU..Run: [Advanced SystemCare 4] C:Program Files (x86)IObitAdvanced SystemCare 4ASCTray.exe O4 - HKCU..Run: [Optimizer Pro] C:Program Files (x86)Optimizer ProOptProLauncher.exe O4 - Startup: OpenOffice.org 3.3.lnk = C:Program Files (x86)OpenOffice.org 3programquickstart.exe O4 - Startup: ProgSense.lnk = C:Program Files (x86)ProgSenseprogsense.exe O4 - Global Startup: Snapfish PictureMover.lnk = C:Program Files (x86)PictureMoverBinPictureMover.exe O4 - Global Startup: StrongVaultApp.exe O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:Program Files (x86)IEProiepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:Program Files (x86)IEProiepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:Program Files (x86)IEProiepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:Program Files (x86)IEProiepro.dll O9 - Extra button: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:progra~3browse~123796~1.11{16cdf~1browse~1.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:Program Files (x86)IObitAdvanced SystemCare 4ASCService.exe O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe O23 - Service: Browser Manager - Unknown owner - C:ProgramDataBrowser Manager2.3.796.11{16cdff19-861d-48e3-a751-d99a27784753}browsemngr.exe O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing) O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing) O23 - Service: GamesAppService - Unknown owner - (no file) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: IMF Service (IMFservice) - Unknown owner - C:Program Files (x86)IObitIObit Malware FighterIMFsrv.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:Program Files (x86)Common FilesLightScribeLSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:Program Files (x86)PDF Completepdfsvc.exe O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: RoxioNow Service - Roxio - C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing) O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing) O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing) O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing) O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing) O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing) O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing) O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing) -- End of file - 12029 bytes Link to comment Share on other sites More sharing options...
mizsam Posted November 16, 2012 Author Share Posted November 16, 2012 thank you for all of your help. i'm going to call it a night and will check back tomorrow. lynda Link to comment Share on other sites More sharing options...
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
Recommended Posts