Jump to content

my browser is being hijacked


mizsam
 Share

Recommended Posts

  • Replies 83
  • Created
  • Last Reply

Top Posters In This Topic

i believe i uninstalled iobit when you mentioned earlier that i had things that were no needed on my computer, i did check the processes and do not see it there...thank you

 

 

 

 

does this combo program have a blinking curser

Edited by mizsam
Link to comment
Share on other sites

Okay ... yes, Combofix has a blinking line, not the arrow, tho'.

 

I want you to delete Combofix.exe. Re-enable Avast.

 

Now, We're going to 'flush the bad DNS cache' and restore Microsoft's Host file.

Copy and paste these lines in Note pad.

 

@Echo on

pushdwindowssystem32driversetc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

 

Save as flush.bat to your desktop.

 

Next, right click on right click the .bat file (it will look like a 'gear' icon) and choose to run as Administrator. Your computer will reboot itself.[/b].

 

Enable Avast and go back online to re-download a fresh version of Combofix.

 

Download Combofix from any of the links below, and save it to your desktop.<--Important

Link 1

Link 3

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

If your anti-virus or firewall complains, please allow this script to run as it is not malicious.

Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background. [/color]

  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please be patient while the scan runs, at times it may appear to stall.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply

After rebooting ensure your Security applications have been re-enabled.

 

In your next reply post:

ComboFix.txt

***A guide and tutorial on "How to use Combofix" can be found here:

http://www.bleepingc...to-use-combofix

 

IF CF won't run:

Before "saving" it to your desktop, rename Combofix.exe to sVchost.exe

Link to comment
Share on other sites

i finally got combo to run and a log appeared, but i am unable to post it as trying to get online again causes an error box to pop with "illegal opreation attempted on a registry key that has been markedfor deletion. Also when i tied to enable avast again i received the same error message. thank you

Link to comment
Share on other sites

i finally got combo to run and a log appeared, but i am unable to post it as trying to get online again causes an error box to pop with "illegal opreation attempted on a registry key that has been markedfor deletion. Also when i tied to enable avast again i received the same error message. thank you

Reboot your computer a couple of times ... this should clear the error.

 

 

Are you reconnected to the internet? Don't worry about the number on the cable. You can disconnect it for about 30 seconds, then plug it back in.

You should be able to get back online. If not ...

 

Then, Disable the proxy settings in Internet Explorer:

1) Under “Tools” in the browser tool bar select “Internet Options”.

2) In the “Internet Options” window that pops up, click the “Connections” tab at the top.

3) Click “LAN Settings” near the bottom of the “Connections” section.

4) If the “Proxy server” checkbox is marked with a check, click it to deselect/uncheck it.

5) Click “Ok” to close the “Local Area Network (LAN) Settings” window.

6) Click “Ok” to close the “Internet Options” window.

Reboot

Make sure "Proxy server" is still disabled under your LAN Settings.

Test whether internet connectivity is restored.

 

Let me know!

Link to comment
Share on other sites

ComboFix 12-11-14.01 - Lynda 11/14/2012 19:28:07.4.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.864 [GMT -5:00]

Running from: c:usersLyndaDesktopComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:prefs.js

c:programdataMicrosoftWindowsStart MenuProgramsStartupStrongVaultApp.exe.lnk

C:Thumbs.db

c:windowsCOUPon~1.ocx

.

Infected copy of c:windowsSysWow64user32.dll was found and disinfected

Restored copy from - c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))

.

.

2012-11-15 00:35 . 2012-11-15 00:35 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-11-13 11:25 . 2012-10-12 07:19 9291768 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{94F96FDA-BF6B-4B19-8140-79EDE4B6754B}mpengine.dll

2012-11-13 02:19 . 2012-11-13 02:19 -------- d-----w- c:program files (x86)VS Revo Group

2012-11-13 02:13 . 2012-11-13 02:13 388096 ----a-r- c:usersLyndaAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-11-13 02:13 . 2012-11-13 02:13 -------- d-----w- c:program files (x86)Trend Micro

2012-11-12 06:23 . 2012-11-12 06:23 -------- d-----w- c:usersLyndaAppDataRoamingBabylon

2012-11-12 06:13 . 2012-11-12 06:13 -------- d-----w- c:programdataStrongvault Online Backup

2012-11-12 01:23 . 2012-11-12 01:23 -------- d-----w- c:program files (x86)Common FilesJava

2012-11-12 01:22 . 2012-11-12 01:22 95208 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll

2012-11-11 11:52 . 2012-11-11 11:52 -------- d-----w- c:programdataSUPERSetup

2012-11-09 20:45 . 2012-11-09 20:45 -------- d-----w- c:usersLyndaAppDataLocalCrashRpt

2012-11-09 20:44 . 2012-11-09 20:44 -------- d-----w- c:program files (x86)Webshots

2012-11-09 04:24 . 2012-11-09 04:24 697272 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-11-09 04:24 . 2012-11-09 04:24 -------- d-----w- c:windowssystem32Macromed

2012-11-08 13:47 . 2012-11-08 13:47 -------- d-----w- c:usersLyndaAppDataRoamingPC Cleaners

2012-11-08 13:47 . 2012-11-08 13:47 -------- d-----w- c:usersLyndaAppDataRoamingPCPro

2012-11-08 13:47 . 2012-11-08 13:47 -------- d-----w- c:programdataPC1Data

2012-11-08 04:57 . 2012-11-09 04:36 -------- d-----w- c:usersLyndaAppDataLocalDeployment

2012-11-08 04:57 . 2012-11-08 04:57 -------- d-----w- c:usersLyndaAppDataLocalApps

2012-11-06 05:28 . 2012-11-08 21:12 -------- d-----w- c:programdataSpybot - Search & Destroy

2012-11-06 05:27 . 2012-11-08 21:12 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2

2012-11-05 15:14 . 2012-11-05 15:14 -------- d-----w- c:usersLyndaAppDataRoamingNCH Software

2012-11-02 04:34 . 2012-11-02 04:34 -------- d-----w- c:usersLyndaAppDataRoamingSUPERAntiSpyware.com

2012-10-23 05:13 . 2012-10-23 05:14 -------- d-----w- c:program files (x86)EZ Cards Creator

2012-10-23 05:06 . 2012-10-23 05:06 -------- d-----w- c:program files (x86)SaveValet

2012-10-23 05:05 . 2012-11-09 06:02 -------- d-----w- c:windowsSChecker

2012-10-23 05:05 . 2012-10-23 05:05 -------- d-----w- c:program files (x86)Swiki

2012-10-22 15:17 . 2012-10-22 15:17 -------- d-----w- c:usersLyndaAppDataLocalApple Computer

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-12 01:22 . 2012-08-30 23:30 821736 ----a-w- c:windowsSysWow64npdeployJava1.dll

2012-11-12 01:22 . 2011-03-14 20:58 746984 ----a-w- c:windowsSysWow64deployJava1.dll

2012-11-09 04:24 . 2011-05-18 18:44 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-10-30 23:51 . 2011-01-16 00:06 59728 ----a-w- c:windowssystem32driversaswTdi.sys

2012-10-30 23:51 . 2011-06-05 07:09 984144 ----a-w- c:windowssystem32driversaswSnx.sys

2012-10-30 23:51 . 2011-01-16 00:06 370288 ----a-w- c:windowssystem32driversaswSP.sys

2012-10-30 23:51 . 2011-01-16 00:06 71600 ----a-w- c:windowssystem32driversaswMonFlt.sys

2012-10-30 23:51 . 2011-01-16 00:06 25232 ----a-w- c:windowssystem32driversaswFsBlk.sys

2012-10-30 23:51 . 2011-01-16 00:06 41224 ----a-w- c:windowsavastSS.scr

2012-10-30 23:50 . 2011-01-16 00:06 227648 ----a-w- c:windowsSysWow64aswBoot.exe

2012-10-30 23:50 . 2011-01-16 00:06 285328 ----a-w- c:windowssystem32aswBoot.exe

2012-10-15 16:59 . 2012-03-19 03:49 54072 ----a-w- c:windowssystem32driversaswRdr2.sys

2012-10-11 05:13 . 2011-01-20 14:39 65309168 ----a-w- c:windowssystem32MRT.exe

2012-09-14 19:19 . 2012-10-10 10:52 2048 ----a-w- c:windowssystem32tzres.dll

2012-09-14 18:28 . 2012-10-10 10:52 2048 ----a-w- c:windowsSysWow64tzres.dll

2012-09-07 19:04 . 2012-09-07 19:04 359424 ----a-w- c:programdataMicrosoftWindowsStart MenuProgramsStartupStrongVaultApp.exe

2012-08-31 18:19 . 2012-10-10 10:52 1659760 ----a-w- c:windowssystem32driversntfs.sys

2012-08-30 18:03 . 2012-10-10 10:52 5559664 ----a-w- c:windowssystem32ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 10:52 3914096 ----a-w- c:windowsSysWow64ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 10:52 3968880 ----a-w- c:windowsSysWow64ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-10 10:52 220160 ----a-w- c:windowssystem32wintrust.dll

2012-08-24 18:05 . 2012-09-22 03:59 1188864 ----a-w- c:windowssystem32wininet.dll

2012-08-24 18:05 . 2012-09-22 03:59 1494528 ----a-w- c:windowssystem32urlmon.dll

2012-08-24 18:05 . 2012-09-22 03:59 134144 ----a-w- c:windowssystem32url.dll

2012-08-24 18:03 . 2012-09-22 03:59 9056256 ----a-w- c:windowssystem32mshtml.dll

2012-08-24 18:03 . 2012-09-22 03:59 97792 ----a-w- c:windowssystem32mshtmled.dll

2012-08-24 18:03 . 2012-09-22 03:59 735744 ----a-w- c:windowssystem32msfeeds.dll

2012-08-24 18:03 . 2012-09-22 03:59 64512 ----a-w- c:windowssystem32jsproxy.dll

2012-08-24 18:02 . 2012-09-22 03:59 247808 ----a-w- c:windowssystem32ieui.dll

2012-08-24 18:02 . 2012-09-22 03:59 12295680 ----a-w- c:windowssystem32ieframe.dll

2012-08-24 18:02 . 2012-09-22 03:59 2453504 ----a-w- c:windowssystem32iertutil.dll

2012-08-24 16:57 . 2012-10-10 10:52 172544 ----a-w- c:windowsSysWow64wintrust.dll

2012-08-24 16:57 . 2012-09-22 03:59 981504 ----a-w- c:windowsSysWow64wininet.dll

2012-08-24 15:59 . 2012-09-22 03:59 1638912 ----a-w- c:windowssystem32mshtml.tlb

2012-08-24 15:20 . 2012-09-22 03:59 1638912 ----a-w- c:windowsSysWow64mshtml.tlb

2012-08-22 18:12 . 2012-09-12 11:43 1913200 ----a-w- c:windowssystem32driverstcpip.sys

2012-08-22 18:12 . 2012-09-12 11:43 950128 ----a-w- c:windowssystem32driversndis.sys

2012-08-22 18:12 . 2012-09-12 11:43 376688 ----a-w- c:windowssystem32driversnetio.sys

2012-08-22 18:12 . 2012-09-12 11:43 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 19:19 245760 ----a-w- c:windowssystem32OxpsConverter.exe

2012-08-20 18:48 . 2012-10-10 10:52 243200 ----a-w- c:windowssystem32wow64.dll

2012-08-20 18:48 . 2012-10-10 10:52 362496 ----a-w- c:windowssystem32wow64win.dll

2012-08-20 18:48 . 2012-10-10 10:52 13312 ----a-w- c:windowssystem32wow64cpu.dll

2012-08-20 18:48 . 2012-10-10 10:52 215040 ----a-w- c:windowssystem32winsrv.dll

2012-08-20 18:48 . 2012-10-10 10:52 16384 ----a-w- c:windowssystem32ntvdm64.dll

2012-08-20 18:48 . 2012-10-10 10:52 424448 ----a-w- c:windowssystem32KernelBase.dll

2012-08-20 18:48 . 2012-10-10 10:52 1162240 ----a-w- c:windowssystem32kernel32.dll

2012-08-20 18:46 . 2012-10-10 10:52 338432 ----a-w- c:windowssystem32conhost.exe

2012-08-20 18:38 . 2012-10-10 10:52 4608 ---ha-w- c:windowssystem32api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 4608 ---ha-w- c:windowssystem32api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 6144 ---ha-w- c:windowssystem32api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 4096 ---ha-w- c:windowssystem32api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 4096 ---ha-w- c:windowssystem32api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 4096 ---ha-w- c:windowssystem32api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 4096 ---ha-w- c:windowssystem32api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 5120 ---ha-w- c:windowssystem32api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3584 ---ha-w- c:windowssystem32api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 10:52 3072 ---ha-w- c:windowssystem32api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-10 10:52 14336 ----a-w- c:windowsSysWow64ntvdm64.dll

2012-08-20 17:38 . 2012-10-10 10:52 44032 ----a-w- c:windowsapppatchacwow64.dll

2012-08-20 17:38 . 2012-10-10 10:52 25600 ----a-w- c:windowsSysWow64setup16.exe

2012-08-20 17:37 . 2012-10-10 10:52 5120 ----a-w- c:windowsSysWow64wow32.dll

2012-08-20 17:37 . 2012-10-10 10:52 274944 ----a-w- c:windowsSysWow64KernelBase.dll

2012-08-20 17:32 . 2012-10-10 10:52 4608 ---ha-w- c:windowsSysWow64api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 4096 ---ha-w- c:windowsSysWow64api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 4096 ---ha-w- c:windowsSysWow64api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 4096 ---ha-w- c:windowsSysWow64api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 4096 ---ha-w- c:windowsSysWow64api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 5120 ---ha-w- c:windowsSysWow64api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3584 ---ha-w- c:windowsSysWow64api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-handle-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 10:52 3072 ---ha-w- c:windowsSysWow64api-ms-win-core-errorhandling-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{A2B6C1C5-ACDE-415E-A965-9FCB42E95952}]

2012-10-18 16:08 383488 ----a-w- c:program files (x86)Swiki_IEScriptHost.dll

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Advanced SystemCare 4"="c:program files (x86)IObitAdvanced SystemCare 4ASCTray.exe" [2011-05-28 412560]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2010-05-12 102400]

"HP Software Update"="c:program files (x86)HPHP Software UpdateHPWuSchd2.exe" [2008-12-08 54576]

"PDF Complete"="c:program files (x86)PDF Completepdfsty.exe" [2010-09-28 664600]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-27 919008]

"avast"="c:program filesAlwil SoftwareAvast5avastUI.exe" [2012-10-30 4297136]

"Ad-Aware Browsing Protection"="c:programdataAd-Aware Browsing Protectionadawarebp.exe" [2012-08-08 540056]

"ArcSoft Connection Service"="c:program files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe" [2010-10-28 207424]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2007-12-11 286720]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-07-03 252848]

"SMessaging"="c:usersLyndaAppDataLocalStrongvault Online BackupSMessaging.exe" [2012-04-04 31664]

.

c:usersLyndaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

OpenOffice.org 3.3.lnk - c:program files (x86)OpenOffice.org 3programquickstart.exe [2010-12-13 1198592]

ProgSense.lnk - c:program files (x86)ProgSenseprogsense.exe [2012-11-12 937152]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Snapfish PictureMover.lnk - c:program files (x86)PictureMoverBinPictureMover.exe [2010-9-28 1040952]

StrongVaultApp.exe [2012-9-7 359424]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalIMFservice]

@="Service"

.

R1 SBRE;SBRE;c:windowssystem32driversSBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [2011-09-09 86072]

R2 IMFservice;IMF Service;c:program files (x86)IObitIObit Malware FighterIMFsrv.exe [x]

R3 FileMonitor;FileMonitor;c:program files (x86)IObitIObit Malware FighterDriverswin7_amd64FileMonitor.sys [x]

R3 GamesAppService;GamesAppService; [x]

R3 RegFilter;RegFilter;c:program files (x86)IObitIObit Malware Fighterdriverswin7_amd64regfilter.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 UrlFilter;UrlFilter;c:program files (x86)IObitIObit Malware Fighterdriverswin7_amd64UrlFilter.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-01-16 1255736]

S0 amd_sata;amd_sata;c:windowssystem32DRIVERSamd_sata.sys [2010-08-13 75904]

S0 amd_xata;amd_xata;c:windowssystem32DRIVERSamd_xata.sys [2010-08-13 38016]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:program files (x86)IObitAdvanced SystemCare 4ASCService.exe [2011-05-28 353168]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2010-05-11 203264]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2012-10-30 71600]

S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2012-01-04 822624]

S2 HPClientSvc;HP Client Services;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:program files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-03-28 94264]

S2 pdfcDispatcher;PDF Document Manager;c:program files (x86)PDF Completepdfsvc.exe [2010-09-28 1119768]

S2 PfFilter;PfFilter;c:program files (x86)IObitProtected Folderpffilter.sys [2011-03-16 36792]

S2 RoxioNow Service;RoxioNow Service;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-09-11 399344]

S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-01 508776]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2010-09-03 349800]

S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:windowssystem32DRIVERSusbfilter.sys [2009-12-22 38456]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-15 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-11-09 04:24]

.

2012-11-15 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-11-09 04:36]

.

2012-11-14 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-11-09 04:36]

.

2012-10-17 c:windowsTasksHPCeeScheduleForLYNDA-HP$.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15]

.

2012-11-11 c:windowsTasksHPCeeScheduleForLynda.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15]

.

2012-11-14 c:windowsTasksParetoLogic Registration.job

- c:windowssystem32rundll32.exe [2009-07-13 01:14]

.

2012-11-14 c:windowsTasksParetoLogic Update Version2.job

- c:program files (x86)Common FilesParetoLogicUUS2Pareto_Update.exe [2008-02-22 16:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 133400 ----a-w- c:program filesAlwil SoftwareAvast5ashShA64.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"hpsysdrv"="c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe" [2008-11-20 62768]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?ilc=31

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:usersLyndaAppDataRoamingDefaultTabDefaultTabDefaultTabBHO.dll

BHO-{CB0D163C-E9F4-4236-9496-0597E24B23A5} - c:program files (x86)GamesBar2.0.1.73oberontb.dll

Wow6432Node-HKCU-Run-SearchEngineProtection - c:program files (x86)GamesbarSearchEngineProtection.exe

.

.

.

[HKEY_LOCAL_MACHINEsystemControlSet001servicespdfcDispatcher]

"ImagePath"="c:program files (x86)PDF Completepdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program filesAlwil SoftwareAvast5AvastSvc.exe

c:program files (x86)Common FilesArcSoftConnection ServiceBinACService.exe

c:program files (x86)Common FilesAdobeARM1.0armsvc.exe

c:program files (x86)IObitAdvanced SystemCare 4PMonitor.exe

c:program files (x86)Common FilesLightScribeLSSrvc.exe

.

**************************************************************************

.

Completion time: 2012-11-14 19:43:30 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-15 00:43

.

Pre-Run: 445,042,520,064 bytes free

Post-Run: 444,817,059,840 bytes free

.

- - End Of File - - 158E72AB7572C9A909A515E374892854

Link to comment
Share on other sites

Fantastic! You finally got Combofix to run and post the log. I'm proud of you :mrgreen:

 

I want you to download the remover for IOBits ... and remove that program!

http://www.t-tools.nl/bitremoveren.php

 

After doing that, run another scan (as Administrator) with HijackThis! Delete the old .txt logfile first.

 

Click 'Do a System Scan and Save logfile'.

The HJT log will open in notepad.

Copy and paste the HJT log from notepad

 

We have a couple more things, yet to do, before I can declare your computer free of infection. Hang in there with me!

Link to comment
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:03:51 PM, on 11/15/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

 

Running processes:

C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe

C:Program Files (x86)IObitAdvanced SystemCare 4ASCTray.exe

C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupStrongVaultApp.exe

C:Program Files (x86)ProgSenseprogsense.exe

C:Program Files (x86)OpenOffice.org 3programsoffice.exe

C:Program Files (x86)OpenOffice.org 3programsoffice.bin

C:Program Files (x86)HpHP Software Updatehpwuschd2.exe

C:Program FilesAlwil SoftwareAvast5AvastUI.exe

C:ProgramDataAd-Aware Browsing Protectionadawarebp.exe

C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)Common FilesArcSoftConnection ServiceBinArcCon.ac

C:UsersLyndaAppDataLocalStrongvault Online BackupSMessaging.exe

C:Program Files (x86)Trend MicroHiJackThisHiJackThis.exe

 

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/?ilc=21

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/CQDSK/1

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/CQDSK/1

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:Program Files (x86)IEProiepro.dll

O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:Program Files (x86)Claro LTDclaro1.8.3.10bhclaro.dll

O2 - BHO: CrossriderApp0003491 - {11111111-1111-1111-1111-110011341191} - C:Program Files (x86)Vid-SaverVid-Saver.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll

O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:UsersLyndaAppDataRoamingDefaultTabDefaultTabDefaultTabBHO.dll (file missing)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAlwil SoftwareAvast5aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Swiki_IE - {A2B6C1C5-ACDE-415E-A965-9FCB42E95952} - C:Program Files (x86)Swiki_IEScriptHost.dll

O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:Program Files (x86)GamesBar2.0.1.73oberontb.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAlwil SoftwareAvast5aswWebRepIE.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:Program Files (x86)IEProIEProRecorder.dll

O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:Program Files (x86)Claro LTDclaro1.8.3.10claroTlbr.dll

O4 - HKLM..Run: [startCCC] "c:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

O4 - HKLM..Run: [HP Software Update] c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe

O4 - HKLM..Run: [PDF Complete] C:Program Files (x86)PDF Completepdfsty.exe

O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

O4 - HKLM..Run: [avast] "C:Program FilesAlwil SoftwareAvast5avastUI.exe" /nogui

O4 - HKLM..Run: [Ad-Aware Browsing Protection] "C:ProgramDataAd-Aware Browsing Protectionadawarebp.exe"

O4 - HKLM..Run: [ArcSoft Connection Service] C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

O4 - HKLM..Run: [sMessaging] C:UsersLyndaAppDataLocalStrongvault Online BackupSMessaging.exe

O4 - HKCU..Run: [Advanced SystemCare 4] C:Program Files (x86)IObitAdvanced SystemCare 4ASCTray.exe

O4 - HKCU..Run: [Optimizer Pro] C:Program Files (x86)Optimizer ProOptProLauncher.exe

O4 - Startup: OpenOffice.org 3.3.lnk = C:Program Files (x86)OpenOffice.org 3programquickstart.exe

O4 - Startup: ProgSense.lnk = C:Program Files (x86)ProgSenseprogsense.exe

O4 - Global Startup: Snapfish PictureMover.lnk = C:Program Files (x86)PictureMoverBinPictureMover.exe

O4 - Global Startup: StrongVaultApp.exe

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:Program Files (x86)IEProiepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:Program Files (x86)IEProiepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:Program Files (x86)IEProiepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:Program Files (x86)IEProiepro.dll

O9 - Extra button: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:progra~3browse~123796~1.11{16cdf~1browse~1.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:Program Files (x86)IObitAdvanced SystemCare 4ASCService.exe

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe

O23 - Service: Browser Manager - Unknown owner - C:ProgramDataBrowser Manager2.3.796.11{16cdff19-861d-48e3-a751-d99a27784753}browsemngr.exe

O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)

O23 - Service: GamesAppService - Unknown owner - (no file)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: IMF Service (IMFservice) - Unknown owner - C:Program Files (x86)IObitIObit Malware FighterIMFsrv.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:Program Files (x86)Common FilesLightScribeLSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:Program Files (x86)PDF Completepdfsvc.exe

O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: RoxioNow Service - Roxio - C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe

O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)

O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

 

--

End of file - 12029 bytes

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...