Jump to content

Change Mode

hijacked browser - dds and hijackthis logs


WsW-WYATT-EARP
 Share

Recommended Posts

Mother-in-laws computer, they had some rebate informer installed and some inbox thing that the homepage was set to. I uninstalled what they "didn't install" and cleaned up what I could with superantispyware and malewarebytes. Browser was changed to coolwebsearch after uninstalling the programs. Seems I have that straightened out just looking to get the final steps to make sure its clean. dds and hjt logs below

 

Thanks !

Ben

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by Bill at 20:33:00 on 2013-03-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3885.1837 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:PROGRA~2AVGAVG2013avgrsa.exe
C:Program Files (x86)AVGAVG2013avgcsrva.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k RPCSS
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32WLANExt.exe
C:Windowssystem32FBAgent.exe
C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Program Files (x86)AVGAVG2013avgidsagent.exe
C:Program Files (x86)AVGAVG2013avgwdsvc.exe
C:WindowsSysWOW64F5InstallerService.exe
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:WindowsSysWOW64svchost.exe -k hpdevmgmt
C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe
C:Program Files (x86)Common FilesMicrosoft SharedVS7DEBUGmdm.exe
C:WindowsSystem32svchost.exe -k HPZ12
C:WindowsSystem32svchost.exe -k HPZ12
C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
C:Windowssystem32svchost.exe -k imgsvc
C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater14.2.0ToolbarUpdater.exe
C:Program FilesIntelWiMAXBinAppSrv.exe
C:Program FilesIntelWiFibinEvtEng.exe
C:Program FilesIntelWiMAXBinDMAgent.exe
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32taskhost.exe
C:Windowssystem32Dwm.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:Program Files (x86)ASUSASUS Live UpdateALU.exe
C:Program Files (x86)ASUSSmartLogonsensorsrv.exe
C:Program Files (x86)ASUSSplendidACMON.exe
C:Program FilesP4GBatteryLife.exe
C:WindowsSysWOW64ACEngSvr.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program Files (x86)AVGAVG2013avgnsa.exe
C:Program Files (x86)AVGAVG2013avgemca.exe
C:Windowssystem32svchost.exe -k HPService
C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe
C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe
C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe
C:Program FilesElantechETDCtrl.exe
C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe
C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe
C:Program FilesIntelWiMAXBinWiMAXCU.exe
C:WindowsSystem32igfxtray.exe
C:WindowsSystem32hkcmd.exe
C:WindowsSystem32igfxpers.exe
C:Program FilesHPHP Officejet Pro 8600BinScanToPCActivationApp.exe
C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe
C:Program FilesSRS LabsSRS Premium Sound Control PanelSRSPremiumPanel_64.exe
C:Windowssystem32RunDll32.exe
C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
C:Program Files (x86)ASUSWireless Console 3wcourier.exe
C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe
C:Program Files (x86)AVG Secure Searchvprot.exe
C:Program Files (x86)ASUSWireless Console 3WimaxConsole.exe
C:Program Files (x86)HPHP Software Updatehpwuschd2.exe
C:Program Files (x86)AVGAVG2013avgui.exe
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32SearchIndexer.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Program FilesElantechETDCtrlHelper.exe
C:WindowsAsScrPro.exe
C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe
C:Program FilesRealtekAudioHDARAVCpl64.exe
C:WindowsSystem32svchost.exe -k LocalServicePeerNet
C:Program Files (x86)ASUSControlDeckControlDeck.exe
C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe
C:Program FilesSUPERAntiSpywareSASCORE64.EXE
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Windowssystem32taskhost.exe
C:Windowssystem32SearchFilterHost.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Windowssystem32SearchProtocolHost.exe
C:WindowsSystem32cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search14.2.0.1AVG Secure Search_toolbar.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search14.2.0.1AVG Secure Search_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dll
uRun: [best Buy pc app] C:UsersBillAppDataRoamingMicrosoftWindowsStart MenuProgramsBest BuyBest Buy pc app.appref-ms
uRun: [HP Officejet Pro 8600 (NET)] "C:Program FilesHPHP Officejet Pro 8600BinScanToPCActivationApp.exe" -deviceID "CN247BS13105KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [RebateInformer] C:PROGRA~2REBATE~1REBATE~1.EXE /STARTUP
uRun: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
mRun: [updateLBPShortCut] "C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"
mRun: [updateP2GoShortCut] "C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"
mRun: [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
mRun: [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
mRun: [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
mRun: [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
mRun: [GrooveMonitor] "C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe"
mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
mRun: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe"
mRun: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
mRun: [AVG_UI] "C:Program Files (x86)AVGAVG2013avgui.exe" /TRAYONLY
mRunOnce: [Malwarebytes Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe /install /silent
StartupFolder: C:UsersBillAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupMONITO~1.LNK - C:WindowsSystem32RunDll32.exe
StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupHPDIGI~1.LNK - C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe
StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupSRSPRE~1.LNK - C:WindowsInstaller{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - C:Program Files (x86)Javajre1.5.0binNPJPI150.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:Program Files (x86)Hewlett-PackardSmartPrintsmartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program Files (x86)Microsoft OfficeOffice12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
Trusted Zone: weightwatchers.com
Trusted Zone: weightwatchers.com
DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab
DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/msrdp.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pentair.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
TCP: NameServer = 192.168.27.4
TCP: Interfaces{21487660-4E0A-41EC-8827-ECFA1FFBA324} : DHCPNameServer = 192.168.27.4
TCP: Interfaces{21487660-4E0A-41EC-8827-ECFA1FFBA324}2457C6C646F676E6564777F627B6 : DHCPNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces{21487660-4E0A-41EC-8827-ECFA1FFBA324}2657C6C646F676E6564777F627B6 : DHCPNameServer = 192.168.27.4 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller14.2.0ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:Program Files (x86)GoogleChromeApplication25.0.1364.152Installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:Program FilesWindows LiveFamily Safetyfssbho.dll
x64-Run: [ETDWare] C:Program Files (x86)ElantechETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe
x64-Run: [intelWireless] "C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [intelWirelessWiMAX] "C:Program FilesIntelWiMAXBinWiMAXCU.exe" /tasktray /nosplash
x64-Run: [setwallpaper] c:programdataSetWallpaper.cmd
x64-Run: [igfxTray] C:WindowsSystem32igfxtray.exe
x64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exe
x64-Run: [Persistence] C:WindowsSystem32igfxpers.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:WindowsSystem32driversavgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:WindowsSystem32driversavgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:WindowsSystem32driversavgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:WindowsSystem32driversavgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:WindowsSystem32driversavgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:WindowsSystem32driversavgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:WindowsSystem32driversavgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:WindowsSystem32driversavgtpx64.sys [2012-8-25 39768]
R1 SASKUTIL;SASKUTIL;C:Program FilesSUPERAntiSpywaresaskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:Program FilesSUPERAntiSpywareSASCore64.exe [2012-7-11 140672]
R2 AFBAgent;AFBAgent;C:WindowsSystem32FBAgent.exe [2010-10-25 379520]
R2 ASMMAP64;ASMMAP64;C:Program Files (x86)ASUSATK PackageATKGFNEXASMMAP64.sys [2009-7-2 15416]
R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2013avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2013avgwdsvc.exe [2012-10-22 196664]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:Program FilesIntelWiMAXBinDMAgent.exe [2010-6-7 408576]
R2 F5 Networks Component Installer;F5 Networks Component Installer;C:WindowsSysWOW64F5InstallerService.exe [2010-8-19 246400]
R2 TurboB;Turbo Boost UI Monitor driver;C:WindowsSystem32driversTurboB.sys [2009-8-6 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2010-10-25 2314240]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater14.2.0ToolbarUpdater.exe [2013-2-18 968880]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:Program FilesIntelWiMAXBinAppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:WindowsSystem32driversbpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:WindowsSystem32driversbpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:WindowsSystem32driversbpusb.sys [2010-5-16 81920]
R3 ETD;ELAN PS/2 Port Input Device;C:WindowsSystem32driversETD.sys [2010-4-13 135560]
R3 HECIx64;Intel® Management Engine Interface;C:WindowsSystem32driversHECIx64.sys [2010-10-25 56344]
R3 Impcd;Impcd;C:WindowsSystem32driversImpcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:WindowsSystem32driversIntcDAud.sys [2010-2-2 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:WindowsSystem32driversL1C62x64.sys [2010-3-4 75816]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:WindowsSystem32driversNETw5s64.sys [2010-3-17 7680512]
R3 urvpndrv;F5 Networks VPN Adapter;C:WindowsSystem32driverscovpnv64.sys [2010-1-25 41232]
R3 wdkmd;Intel WiDi KMD;C:WindowsSystem32driversWDKMD.sys [2010-6-18 39832]
S1 SASDIFSV;SASDIFSV;C:Program FilesSUPERAntiSpywaresasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]
S3 f5ipfw;F5 Networks StoneWall Filter;C:WindowsSystem32driversurfltv64.sys [2012-9-28 18448]
S3 fssfltr;fssfltr;C:WindowsSystem32driversfssfltr.sys [2010-10-25 61792]
S3 fsssvc;Windows Live Family Safety;C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2008-12-8 533344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:Program FilesIntelWiFibinPanDhcpDns.exe [2010-3-5 340240]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:WindowsSystem32driversSiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-6-27 59392]
S3 TurboBoost;TurboBoost;C:Program FilesIntelTurboBoostTurboBoost.exe [2009-8-6 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2010-12-24 1255736]
.
=============== Created Last 30 ================
.
2013-03-10 00:11:55 -------- d-----w- C:UsersBillAppDataRoamingMalwarebytes
2013-03-10 00:11:46 -------- d-----w- C:ProgramDataMalwarebytes
2013-03-10 00:11:45 24176 ----a-w- C:WindowsSystem32driversmbam.sys
2013-03-10 00:11:45 -------- d-----w- C:Program Files (x86)Malwarebytes' Anti-Malware
2013-03-10 00:11:26 -------- d-----w- C:UsersBillAppDataLocalPrograms
2013-03-09 22:05:24 -------- d-----w- C:UsersBillAppDataRoamingSUPERAntiSpyware.com
2013-03-09 22:05:17 -------- d-----w- C:ProgramDataSUPERAntiSpyware.com
2013-03-09 22:05:17 -------- d-----w- C:Program FilesSUPERAntiSpyware
2013-02-25 03:41:57 -------- d-----w- C:Program Files (x86)RebateInformer
2013-02-25 03:41:55 -------- d-----w- C:UsersBillAppDataRoaming24x7 Help
2013-02-25 03:40:44 -------- d-----w- C:Program Files (x86)Inbox Toolbar
2013-02-20 02:01:26 49262 ----a-w- C:WindowsSysWow64jpicpl32.cpl
2013-02-17 13:32:22 996352 ----a-w- C:Program FilesCommon FilesMicrosoft SharedVGXVGX.dll
2013-02-17 13:32:22 768000 ----a-w- C:Program Files (x86)Common FilesMicrosoft SharedVGXVGX.dll
2013-02-16 19:55:41 5553512 ----a-w- C:WindowsSystem32ntoskrnl.exe
2013-02-16 19:55:40 3967848 ----a-w- C:WindowsSysWow64ntkrnlpa.exe
2013-02-16 19:55:38 3913064 ----a-w- C:WindowsSysWow64ntoskrnl.exe
2013-02-16 19:55:32 3153408 ----a-w- C:WindowsSystem32win32k.sys
2013-02-16 19:55:31 215040 ----a-w- C:WindowsSystem32winsrv.dll
2013-02-16 19:55:30 7680 ----a-w- C:WindowsSysWow64instnm.exe
2013-02-16 19:55:30 5120 ----a-w- C:WindowsSysWow64wow32.dll
2013-02-16 19:55:30 25600 ----a-w- C:WindowsSysWow64setup16.exe
2013-02-16 19:55:30 14336 ----a-w- C:WindowsSysWow64ntvdm64.dll
2013-02-16 19:55:29 2048 ----a-w- C:WindowsSysWow64user.exe
2013-02-16 19:55:27 288088 ----a-w- C:WindowsSystem32driversFWPKCLNT.SYS
2013-02-16 19:55:27 1913192 ----a-w- C:WindowsSystem32driverstcpip.sys
2013-02-10 00:14:56 -------- d-----w- C:UsersBillTaxes
.
==================== Find3M ====================
.
2013-02-27 04:14:32 71024 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl
2013-02-27 04:14:32 691568 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe
2013-02-19 02:00:59 39768 ----a-w- C:WindowsSystem32driversavgtpx64.sys
2013-01-13 21:17:03 9728 ---ha-w- C:WindowsSysWow64api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:WindowsSysWow64api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:WindowsSysWow64api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:WindowsSysWow64api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:WindowsSysWow64api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:WindowsSysWow64api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:WindowsSysWow64api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:WindowsSysWow64api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:WindowsSysWow64api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:WindowsSystem32api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:WindowsSystem32api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:WindowsSystem32api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:WindowsSystem32api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:WindowsSystem32api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:WindowsSystem32api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:WindowsSystem32api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:WindowsSystem32api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:WindowsSystem32api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:WindowsSysWow64DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:WindowsSysWow64d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:WindowsSysWow64dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:WindowsSysWow64d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:WindowsSysWow64d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:WindowsSysWow64d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:WindowsSystem32DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:WindowsSystem32FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:WindowsSysWow64d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:WindowsSysWow64WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:WindowsSysWow64UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:WindowsSystem32d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:WindowsSystem32dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:WindowsSysWow64d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:WindowsSysWow64d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:WindowsSysWow64WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:WindowsSystem32d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:WindowsSystem32d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:WindowsSystem32d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:WindowsSysWow64d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:WindowsSystem32WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:WindowsSystem32d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:WindowsSystem32UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:WindowsSystem32d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:WindowsSystem32d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:WindowsSystem32WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:WindowsSystem32d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:WindowsSysWow64WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:WindowsSysWow64XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:WindowsSystem32WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:WindowsSystem32XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:WindowsSysWow64XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:WindowsSystem32XpsPrint.dll
2013-01-09 01:19:09 2312704 ----a-w- C:WindowsSystem32jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:WindowsSystem32wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:WindowsSystem32ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:WindowsSystem32vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:WindowsSystem32mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:WindowsSysWow64jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:WindowsSysWow64wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:WindowsSysWow64vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w- C:WindowsSysWow64msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:WindowsSystem32msmpeg2vdec.dll
2013-01-04 04:43:21 44032 ----a-w- C:Windowsapppatchacwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:WindowsSystem32atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:WindowsSystem32atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:WindowsSysWow64atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:WindowsSysWow64atmlib.dll
.
============= FINISH: 20:33:28.50 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: DeviceHarddiskVolume2
Install Date: 12/24/2010 11:36:23 AM
System Uptime: 3/9/2013 4:00:49 PM (4 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | U52F
Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | Socket 989 | 2534/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 577 GiB total, 522.582 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8600
Device ID: ROOTMULTIFUNCTION0001
Manufacturer: HP
Name: Officejet Pro 8600
PNP Device ID: ROOTMULTIFUNCTION0001
Service:
.
==== System Restore Points ===================
.
RP102: 12/23/2012 10:33:47 PM - Windows Update
RP103: 1/12/2013 10:32:02 PM - Windows Update
RP105: 2/17/2013 7:28:40 AM - Windows Modules Installer
RP106: 2/19/2013 8:00:22 PM - Installed J2SE Runtime Environment 5.0
RP108: 2/27/2013 5:32:19 AM - Windows Modules Installer
RP109: 3/8/2013 9:48:30 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
8500A909_eDocs
8500A909_Help
8500A909g
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2 MUI
Alcor Micro USB Card Reader
Amazon Kindle
ASUS AI Recovery
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS_Screensaver
ATK Package
AVG 2013
AVG Security Toolbar
Best Buy pc app
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Choice Guard
Cisco WebEx Meetings
ControlDeck
CyberLink LabelPrint
CyberLink Power2Go
Destinations
DeviceDiscovery
DocMgr
DocProc
ETDWare PS/2-x64 7.0.5.11_WHQL
Express Gate
F5 Networks VPN Client for Windows
Fast Boot
Fax
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP FWUpdateEDO2
HP Imaging Device Functions 13.0
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
I.R.I.S. OCR
Intel PROSet Wireless
Intel WiMAX Tutorial
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technology Monitor
Intel® Wireless Display
Intel® PROSet/Wireless WiMAX Software
J2SE Runtime Environment 5.0
Junk Mail filter update
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MPM
MSVCRT
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Network64
OCR Software by I.R.I.S. 13.0
Officejet Pro 8500 A909 Series
ProductContext
Realtek High Definition Audio Driver
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SRS Premium Sound Control Panel
Status
SUPERAntiSpyware
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB 2.0 VGA UVC WebCam
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
WebReg
WeightWatchers Connections 2010 Portal
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
3/9/2013 4:01:37 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
3/9/2013 3:58:37 PM, Error: Server [2505] - The server could not bind to the transport DeviceNetBT_Tcpip_{21487660-4E0A-41EC-8827-ECFA1FFBA324} because another computer on the network has the same name. The server could not start.
3/9/2013 3:58:32 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.27.101 with the system having network hardware address 00-24-8D-81-8A-06. Network operations on this system may be disrupted as a result.
3/8/2013 10:21:33 PM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
.
==== End Of File ===========================

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:36:16 PM, on 3/9/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:Program Files (x86)ASUSASUS Live UpdateALU.exe
C:Program Files (x86)ASUSSmartLogonsensorsrv.exe
C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe
C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
C:Program Files (x86)ASUSWireless Console 3wcourier.exe
C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe
C:Program Files (x86)AVG Secure Searchvprot.exe
C:Program Files (x86)HPHP Software Updatehpwuschd2.exe
C:Program Files (x86)AVGAVG2013avgui.exe
C:WindowsAsScrPro.exe
C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe
C:Program Files (x86)ASUSControlDeckControlDeck.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:UsersBillDesktophijackthisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = Preserve
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://www.google.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search14.2.0.1AVG Secure Search_toolbar.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search14.2.0.1AVG Secure Search_toolbar.dll
O4 - HKLM..Run: [updateLBPShortCut] "C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"
O4 - HKLM..Run: [updateP2GoShortCut] "C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"
O4 - HKLM..Run: [ATKOSD2] C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
O4 - HKLM..Run: [ATKMEDIA] C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
O4 - HKLM..Run: [HControlUser] C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
O4 - HKLM..Run: [Wireless Console 3] C:Program Files (x86)ASUSWireless Console 3wcourier.exe
O4 - HKLM..Run: [GrooveMonitor] "C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe"
O4 - HKLM..Run: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [AVG_UI] "C:Program Files (x86)AVGAVG2013avgui.exe" /TRAYONLY
O4 - HKLM..RunOnce: [Malwarebytes Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe /install /silent
O4 - HKCU..Run: [best Buy pc app] C:UsersBillAppDataRoamingMicrosoftWindowsStart MenuProgramsBest BuyBest Buy pc app.appref-ms
O4 - HKCU..Run: [HP Officejet Pro 8600 (NET)] "C:Program FilesHPHP Officejet Pro 8600BinScanToPCActivationApp.exe" -deviceID "CN247BS13105KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - HKCU..Run: [RebateInformer] C:PROGRA~2REBATE~1REBATE~1.EXE /STARTUP
O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:ProgramDataBest Buy pc appClickOnceSetup.exe (User 'Default user')
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program Files (x86)Javajre1.5.0binnpjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program Files (x86)Javajre1.5.0binnpjpi150.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:Program Files (x86)Hewlett-PackardSmartPrintsmartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:Program Files (x86)Hewlett-PackardSmartPrintsmartprintsetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~1Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~1Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~1Office12REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.weightwatchers.com
O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} (F5 Networks Certificate Checker) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} (OPSWAT FireWalls Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} (OPSWAT ProcessesScanner Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redistributable) - version 4) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/msrdp.cab
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
O16 - DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} (F5 Networks Group Policy Control) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pentair.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} (F5 Networks OPSWAT Helper Control) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll (file missing)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller14.2.0ViProtocol.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:Windowssystem32FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2013avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2013avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:Program FilesIntelWiMAXBinDMAgent.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:Program FilesIntelWiFibinEvtEng.exe
O23 - Service: F5 Networks Component Installer - F5 Networks - C:WindowsSysWOW64F5InstallerService.exe
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:Program FilesIntelWiFibinPanDhcpDns.exe
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel® Corporation - C:Program FilesIntelTurboBoostTurboBoost.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater14.2.0ToolbarUpdater.exe
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:Program FilesIntelWiMAXBinAppSrv.exe
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 16046 bytes

Link to comment
Share on other sites

You've got a really old version of Java on there. Let's get rid of it.

 

Please download JavaRa to your desktop.

[*]Click the Download button next to Version 2.1 to download JavaRA-2.1.zip and save it to the desktop.

[*]Close the Browser and all open windows.

[*]Right click the JavaRA-2.1.zip file and click Extract All and unzip it to its own folder on the desktop.

[*]Open the Java-2.1 folder

[*]Open the JavaRA folder

[*]Double click on the JavaRa.exe file to run the program. You will see a console like the one below:

 

Posted Image

[*]Click the Update JavaRa Definitions and update the definitions.

[*]Click download

[*]After download is complete - click back.

[*]Click Remove Java Runtime

 

Step 1 will run Java's built in installers (See the image below):

[*]JavaRa will automatically detect the available JRE uninstallers. The Run Uninstaller button will begin the removal process; which should be performed on all listed versions of the Java Runtime Environment. In some situations; Windows security features may interfere with this process, causing the Run Uninstaller button do to nothing. You will need to use the Add Or Remove Programs function in Windows if this occurs.

Posted Image

 

Then Step 2 will run. (See image below)

 

Step 2 will run the JRE Removal Routine

 

Posted Image

 

I suggest that you stop here. Most people don't actually need Java installed and it is a high source of vulnerability. If you are absolutely sure that you need it... then continue.

 

Step 3 is Download New Version. Please don't click on Download. Instead, click on Java Manual Download at the top. This will take you to Java.com where you can download the current version. (Current is Java 7 Update 17).

 

You can go ahead and Next your way through JavaRa and close it.

 

Install the new Java program you downloaded.

 

After you've uninstalled Java (and installed the new one if you are sure you need it) then let's cleanup some of those orphans.

 

Download ComboFix:

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.

 

 

Notes:

 

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Link to comment
Share on other sites

Hi TomK -

 

Appreciate the help!

 

I uninstalled java as your instructions - had to use add/remove programs. I did reinstall java as I am not sure if they need it or not and don't want to get a phone call because something they do isn't working and says need latest version of java ....

 

Combofix did finish but it took a long time. The last few steps took a while and preparing log file took forever. It did finish and log is below.

 

ComboFix 13-03-10.01 - Bill 03/09/2013 22:31:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3885.1754 [GMT -6:00]
Running from: c:usersBillDesktopComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:esupporteDriverSoftwareASUSMultiFrameXP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021Desktop_.ini
c:windowsmsvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-10 to 2013-03-10 )))))))))))))))))))))))))))))))
.
.
2013-03-10 04:49 . 2013-03-10 04:49 -------- d-----w- c:usersDefaultAppDataLocaltemp
2013-03-10 04:49 . 2013-03-10 04:49 -------- d-----w- c:usersDebAppDataLocaltemp
2013-03-10 04:26 . 2013-03-10 04:26 963488 ----a-w- c:windowssystem32deployJava1.dll
2013-03-10 04:26 . 2013-03-10 04:26 310688 ----a-w- c:windowssystem32javaws.exe
2013-03-10 04:26 . 2013-03-10 04:26 1085344 ----a-w- c:windowssystem32npDeployJava1.dll
2013-03-10 04:26 . 2013-03-10 04:26 108448 ----a-w- c:windowssystem32WindowsAccessBridge-64.dll
2013-03-10 04:26 . 2013-03-10 04:26 188832 ----a-w- c:windowssystem32javaw.exe
2013-03-10 04:26 . 2013-03-10 04:26 188320 ----a-w- c:windowssystem32java.exe
2013-03-10 04:26 . 2013-03-10 04:26 -------- d-----w- c:program filesJava
2013-03-10 00:11 . 2013-03-10 00:11 -------- d-----w- c:usersBillAppDataRoamingMalwarebytes
2013-03-10 00:11 . 2013-03-10 00:11 -------- d-----w- c:programdataMalwarebytes
2013-03-10 00:11 . 2013-03-10 00:11 -------- d-----w- c:program files (x86)Malwarebytes' Anti-Malware
2013-03-10 00:11 . 2012-12-14 22:49 24176 ----a-w- c:windowssystem32driversmbam.sys
2013-03-10 00:11 . 2013-03-10 00:11 -------- d-----w- c:usersBillAppDataLocalPrograms
2013-03-09 22:05 . 2013-03-09 22:05 -------- d-----w- c:usersBillAppDataRoamingSUPERAntiSpyware.com
2013-03-09 22:05 . 2013-03-09 22:05 -------- d-----w- c:program filesSUPERAntiSpyware
2013-03-09 22:05 . 2013-03-09 22:05 -------- d-----w- c:programdataSUPERAntiSpyware.com
2013-03-05 03:56 . 2013-03-05 03:56 -------- d-----w- c:usersDebAppDataRoamingHpUpdate
2013-03-01 03:34 . 2013-03-01 03:34 -------- d-----w- c:usersDebAppDataLocalMozilla
2013-02-26 03:14 . 2013-02-26 03:14 -------- d-----w- c:usersDebAppDataLocalAVG Secure Search
2013-02-26 03:14 . 2013-02-26 03:14 -------- d-----w- c:usersDebAppDataRoamingAVG2013
2013-02-26 03:13 . 2013-02-26 13:49 -------- d-----w- c:usersDebAppDataLocalAvg2013
2013-02-25 03:41 . 2013-03-02 18:43 -------- d-----w- c:program files (x86)RebateInformer
2013-02-25 03:41 . 2013-02-25 03:41 -------- d-----w- c:usersBillAppDataRoaming24x7 Help
2013-02-25 03:40 . 2013-03-02 18:44 -------- d-----w- c:program files (x86)Inbox Toolbar
2013-02-17 13:32 . 2013-01-09 01:10 996352 ----a-w- c:program filesCommon FilesMicrosoft SharedVGXVGX.dll
2013-02-17 13:32 . 2013-01-08 22:01 768000 ----a-w- c:program files (x86)Common FilesMicrosoft SharedVGXVGX.dll
2013-02-17 13:28 . 2013-01-09 01:48 17812992 ----a-w- c:windowssystem32mshtml.dll
2013-02-17 13:28 . 2013-01-09 01:22 10925568 ----a-w- c:windowssystem32ieframe.dll
2013-02-16 19:55 . 2013-01-05 05:53 5553512 ----a-w- c:windowssystem32ntoskrnl.exe
2013-02-16 19:55 . 2013-01-05 05:00 3967848 ----a-w- c:windowsSysWow64ntkrnlpa.exe
2013-02-16 19:55 . 2013-01-05 05:00 3913064 ----a-w- c:windowsSysWow64ntoskrnl.exe
2013-02-16 19:55 . 2013-01-04 03:26 3153408 ----a-w- c:windowssystem32win32k.sys
2013-02-16 19:55 . 2013-01-04 05:46 215040 ----a-w- c:windowssystem32winsrv.dll
2013-02-16 19:55 . 2013-01-04 04:51 5120 ----a-w- c:windowsSysWow64wow32.dll
2013-02-16 19:55 . 2013-01-04 02:47 25600 ----a-w- c:windowsSysWow64setup16.exe
2013-02-16 19:55 . 2013-01-04 02:47 7680 ----a-w- c:windowsSysWow64instnm.exe
2013-02-16 19:55 . 2013-01-04 02:47 14336 ----a-w- c:windowsSysWow64ntvdm64.dll
2013-02-16 19:55 . 2013-01-04 02:47 2048 ----a-w- c:windowsSysWow64user.exe
2013-02-16 19:55 . 2013-01-03 06:00 1913192 ----a-w- c:windowssystem32driverstcpip.sys
2013-02-16 19:55 . 2013-01-03 06:00 288088 ----a-w- c:windowssystem32driversFWPKCLNT.SYS
2013-02-10 00:14 . 2013-02-10 00:17 -------- d-----w- c:usersBillTaxes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 04:14 . 2012-08-26 04:51 71024 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl
2013-02-27 04:14 . 2012-08-26 04:51 691568 ----a-w- c:windowsSysWow64FlashPlayerApp.exe
2013-02-19 02:00 . 2012-08-26 04:01 39768 ----a-w- c:windowssystem32driversavgtpx64.sys
2013-02-17 13:36 . 2010-12-24 23:16 70004024 ----a-w- c:windowssystem32MRT.exe
2013-01-04 04:43 . 2013-02-16 19:55 44032 ----a-w- c:windowsapppatchacwow64.dll
2012-12-16 17:11 . 2012-12-24 04:34 46080 ----a-w- c:windowssystem32atmlib.dll
2012-12-16 14:45 . 2012-12-24 04:34 367616 ----a-w- c:windowssystem32atmfd.dll
2012-12-16 14:13 . 2012-12-24 04:34 295424 ----a-w- c:windowsSysWow64atmfd.dll
2012-12-16 14:13 . 2012-12-24 04:34 34304 ----a-w- c:windowsSysWow64atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432Node~Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-19 02:00 1929392 ----a-w- c:program files (x86)AVG Secure Search14.2.0.1AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:program files (x86)AVG Secure Search14.2.0.1AVG Secure Search_toolbar.dll" [2013-02-19 1929392]
.
[HKEY_CLASSES_ROOTclsid{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"HP Officejet Pro 8600 (NET)"="c:program filesHPHP Officejet Pro 8600BinScanToPCActivationApp.exe" [2011-09-09 2676584]
"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
"UpdateLBPShortCut"="c:program files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:program files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:program files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:program files (x86)ASUSATK PackageATK MediaDMedia.exe" [2010-05-03 170624]
"HControlUser"="c:program files (x86)ASUSATK PackageATK HotkeyHControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:program files (x86)ASUSWireless Console 3wcourier.exe" [2010-07-02 1597440]
"GrooveMonitor"="c:program files (x86)Microsoft OfficeOffice12GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872]
"vProt"="c:program files (x86)AVG Secure Searchvprot.exe" [2013-02-19 1151152]
"HP Software Update"="c:program files (x86)HPHP Software UpdateHPWuSchd2.exe" [2011-03-24 49208]
"AVG_UI"="c:program files (x86)AVGAVG2013avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce]
"Malwarebytes Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2012-12-14 512360]
.
c:usersBillAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:windowssystem32RunDll32.exe [2009-7-13 45568]
.
c:programdataMicrosoftWindowsStart MenuProgramsStartup
HP Digital Imaging Monitor.lnk - c:program files (x86)HPDigital Imagingbinhpqtra08.exe [2009-9-23 270336]
SRS Premium Sound.lnk - c:windowsInstaller{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-10-25 156952]
.
c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Best Buy pc app.lnk - c:programdataBest Buy pc appClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]
@=""
.
R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV64.SYS [2011-07-22 14928]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]
R3 f5ipfw;F5 Networks StoneWall Filter;c:windowssystem32driversurfltv64.sys [2010-01-25 18448]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:program filesIntelWiFibinPanDhcpDns.exe [2010-03-05 340240]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:windowssystem32DRIVERSSiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:program filesIntelTurboBoostTurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-12-24 1255736]
S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:windowssystem32DRIVERSavgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:windowssystem32driversavgtpx64.sys [2013-02-19 39768]
S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE [2012-07-11 140672]
S2 AFBAgent;AFBAgent;c:windowssystem32FBAgent.exe [2009-12-07 379520]
S2 ASMMAP64;ASMMAP64;c:program files (x86)ASUSATK PackageATKGFNEXASMMAP64.sys [2009-07-03 15416]
S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2013avgidsagent.exe [2012-11-16 5814904]
S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2013avgwdsvc.exe [2012-10-22 196664]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:program filesIntelWiMAXBinDMAgent.exe [2010-06-07 408576]
S2 F5 Networks Component Installer;F5 Networks Component Installer;c:windowsSysWOW64F5InstallerService.exe [2010-08-19 246400]
S2 TurboB;Turbo Boost UI Monitor driver;c:windowssystem32DRIVERSTurboB.sys [2009-08-06 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2009-10-01 2314240]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:program files (x86)Common FilesAVG Secure SearchvToolbarUpdater14.2.0ToolbarUpdater.exe [2013-02-19 968880]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:program filesIntelWiMAXBinAppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:windowssystem32DRIVERSbpenum.sys [2010-05-17 71168]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:windowssystem32DRIVERSbpmp.sys [2010-05-17 175104]
S3 bpusb;bpusb;c:windowssystem32Driversbpusb.sys [2010-05-17 81920]
S3 ETD;ELAN PS/2 Port Input Device;c:windowssystem32DRIVERSETD.sys [2010-04-13 135560]
S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2010-02-02 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:windowssystem32DRIVERSL1C62x64.sys [2010-03-04 75816]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:windowssystem32DRIVERSNETw5s64.sys [2010-03-18 7680512]
S3 urvpndrv;F5 Networks VPN Adapter;c:windowssystem32DRIVERScovpnv64.sys [2010-01-25 41232]
S3 wdkmd;Intel WiDi KMD;c:windowssystem32DRIVERSWDKMD.sys [2010-06-18 39832]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASKUTIL
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-05 10:04 1630672 ----a-w- c:program files (x86)GoogleChromeApplication25.0.1364.152Installerchrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-10 c:windowsTasksAdobe Flash Player Updater.job
- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 04:14]
.
2013-03-10 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-11-23 15:53]
.
2013-03-10 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-11-23 15:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"AmIcoSinglun64"="c:program files (x86)AmIcoSingLunAmIcoSinglun64.exe" [2009-09-01 323584]
"IntelWireless"="c:program filesCommon FilesIntelWirelessCommoniFrmewrk.exe" [2010-03-05 1928976]
"IntelWirelessWiMAX"="c:program filesIntelWiMAXBinWiMAXCU.exe" [2010-06-08 1441792]
"IgfxTray"="c:windowssystem32igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:windowssystem32igfxpers.exe" [2010-08-26 415256]
.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:windowssystem32blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:windowsSysWOW64blank.htm
Trusted Zone: weightwatchers.com
TCP: DhcpNameServer = 192.168.27.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program files (x86)Common FilesAVG Secure SearchViProtocolInstaller14.2.0ViProtocol.dll
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
FF - ProfilePath - c:usersBillAppDataRoamingMozillaFirefoxProfiles0lh34q06.default
FF - prefs.js: browser.startup.homepage - hxxp://connections.weightwatchers.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:program files (x86)WeightWatchers Browserextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: F5 Networks Host Plugin: {DBBB3167-6E81-400f-BBFD-BD8921726F52} - %profile%extensions{DBBB3167-6E81-400f-BBFD-BD8921726F52}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:program files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3
FF - Ext: AVG Security Toolbar: avg@toolbar - c:programdataAVG Secure SearchFireFoxExt14.2.0.1
FF - Ext: SmartPrintButton: quickprint@hp.com - c:program files (x86)Hewlett-PackardSmartPrintQPExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:program files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-RebateInformer - c:progra~2REBATE~1REBATE~1.EXE
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D5F7C10D-2F86-4E99-90DA-25F8B0400992} - (no file)
HKLM-Run-ETDWare - c:program files (x86)ElantechETDCtrl.exe
HKLM-Run-Setwallpaper - c:programdataSetWallpaper.cmd
AddRemove-ASUS_Screensaver - c:windowssystem32ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:Windowssystem32MacromedFlashFlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-09 23:33:02
ComboFix-quarantined-files.txt 2013-03-10 05:32
.
Pre-Run: 560,582,049,792 bytes free
Post-Run: 562,701,946,880 bytes free
.
- - End Of File - - 8FC0EF2BC2CF641DEF435D95A2F5D7A9

Link to comment
Share on other sites

That is looking good.

 

Let's get an online scan:

 

Go here to run an online scanner from ESET.

[*]Turn off the real time scanner of any existing antivirus program while performing the online scan

[*]Tick the box next to YES, I accept the Terms of Use.

[*]Click Start

[*]When asked, allow the activeX control to install

[*]Click Start

[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

[*]Click Scan

[*]Wait for the scan to finish

[*]When the scan completes, press the LIST OF THREATS FOUND button

[*]Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop

[*]Include the contents of this report in your next reply.

[*]Press the BACK button.

[*]Press Finish

Link to comment
Share on other sites

things seem to be running good. I was mainly concerned that everything was removed and any oddities were found and removed also.

 

The browser is good and everything seems to be responding fine.

 

Only thing I noticed is the mouse cursor keeps going on and off like the computer is doing something. I checked the task manager and nothing odd seems to be accessing the cpu or anything with a crazy amount of memory resources being used... not sure if this is a major issue but something I noticed.

Link to comment
Share on other sites

OK... let's run one more tool.

 

AdwCleaner

[*]Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.

[*]Double click on AdwCleaner.exe to run the tool.

[*]Click on Delete.

[*]Confirm each time with Ok.

[*]Your computer will be rebooted automatically. A text file will open after the restart.

[*]Please post the content of that logfile with your next answer.

[*]You can find the logfile at C:AdwCleaner[s1].txt as well.

Link to comment
Share on other sites

# AdwCleaner v2.114 - Logfile created 03/10/2013 at 13:34:28# Updated 05/03/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Bill - BILL-PC# Boot Mode : Normal# Running from : C:UsersBillDesktopadwcleaner.exe# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:Program Files (x86)Common FilesAVG Secure SearchFolder Deleted : C:Program Files (x86)AVG Secure SearchFolder Deleted : C:Program Files (x86)ConduitFolder Deleted : C:Program Files (x86)Inbox ToolbarFolder Deleted : C:Program Files (x86)RebateInformerFolder Deleted : C:ProgramDataAVG Secure SearchFolder Deleted : C:UsersBillAppDataLocalAVG Secure SearchFolder Deleted : C:UsersBillAppDataLocalConduitFolder Deleted : C:UsersBillAppDataLocalLowAVG Secure SearchFolder Deleted : C:UsersBillAppDataLocalLowAVG Security ToolbarFolder Deleted : C:UsersBillAppDataLocalLowConduitFolder Deleted : C:UsersBillAppDataLocalLowInbox ToolbarFolder Deleted : C:UsersBillAppDataLocalLowPriceGongFolder Deleted : C:UsersBillAppDataLocalLowRebateInformerFolder Deleted : C:UsersBillAppDataRoaming24x7 HelpFolder Deleted : C:UsersDebAppDataLocalAVG Secure SearchFolder Deleted : C:UsersDebAppDataLocalLowAVG Secure SearchFolder Deleted : C:UsersDebAppDataLocalLowAVG Security ToolbarFolder Deleted : C:UsersDebAppDataLocalLowConduitFolder Deleted : C:UsersDebAppDataLocalLowPriceGong

***** [Registry] *****

Key Deleted : HKCUSoftware24x7HELPKey Deleted : HKCUSoftwareAppDataLowSoftwareConduitKey Deleted : HKCUSoftwareAppDataLowSoftwareConduitSearchScopesKey Deleted : HKCUSoftwareAppDataLowSoftwarePriceGongKey Deleted : HKCUSoftwareAVG Secure SearchKey Deleted : HKCUSoftwareCToolbarKey Deleted : HKCUSoftwareIGearSettingsKey Deleted : HKCUSoftwareInbox ToolbarKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{CCB69577-088B-4004-9ED8-FF5BCC83A039}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{8736C681-37A0-40C6-A0F0-4C083409151C}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{8736C681-37A0-40C6-A0F0-4C083409151C}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{C04B7D22-5AEC-4561-8F49-27F6269208F6}Key Deleted : HKLMSoftwareAVG Secure SearchKey Deleted : HKLMSoftwareAVG Security ToolbarKey Deleted : HKLMSOFTWAREClassesAppID{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLMSOFTWAREClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLMSOFTWAREClassesAppIDScriptHelper.EXEKey Deleted : HKLMSOFTWAREClassesAppIDViProtocol.DLLKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.BrowserWndAPIKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.BrowserWndAPI.1Key Deleted : HKLMSOFTWAREClassesAVG Secure Search.PugiObjKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.PugiObj.1Key Deleted : HKLMSOFTWAREClassesPROTOCOLSHandlerviprotocolKey Deleted : HKLMSOFTWAREClassesScriptHelper.ScriptHelperApiKey Deleted : HKLMSOFTWAREClassesScriptHelper.ScriptHelperApi.1Key Deleted : HKLMSOFTWAREClassesToolbar.CT3008660Key Deleted : HKLMSOFTWAREClassesTypeLib{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLMSOFTWAREClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLMSOFTWAREClassesTypeLib{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLMSOFTWAREClassesViProtocol.ViProtocolOLEKey Deleted : HKLMSOFTWAREClassesViProtocol.ViProtocolOLE.1Key Deleted : HKLMSoftwareConduitKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{CCB69577-088B-4004-9ED8-FF5BCC83A039}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREMozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallAVG Secure SearchKey Deleted : HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLMSOFTWAREClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLMSOFTWAREClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]Value Deleted : HKCUSoftwareMozillaFirefoxExtensions [{ED76C299-85BC-4891-9237-74A140C28832}]Value Deleted : HKLMSOFTWAREMozillaFirefoxExtensions [Avg@toolbar]Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

- Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

- Mozilla Firefox v3.6.8 (en-US)

File : C:UsersBillAppDataRoamingMozillaFirefoxProfiles0lh34q06.defaultprefs.js

Deleted : user_pref("avg.install.installDirPath", "C:ProgramDataAVG Secure SearchFireFoxExt14.2.0.1");

File : C:UsersDebAppDataRoamingMozillaFirefoxProfiles95hczchz.defaultprefs.js

Deleted : user_pref("avg.install.installDirPath", "C:ProgramDataAVG Secure SearchFireFoxExt14.2.0.1");

- Google Chrome v25.0.1364.152

File : C:UsersBillAppDataLocalGoogleChromeUser DataDefaultPreferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [8115 octets] - [10/03/2013 13:34:28]

########## EOF - C:AdwCleaner[s1].txt - [8175 octets] ##########

Link to comment
Share on other sites

the results of the adwcleaner are in my post above. I sat here and watched the task manager for a while and the starting and stopping was HP connection manager. I did a google search on the issue and found out how to stop it. It is no longer starting and stopping anymore.

 

So I think we are good?

Link to comment
Share on other sites

Great!

 

Time for some housekeeping

  • [*]Click
START then RUN [*] [*]Now type ComboFix /Uninstall in the runbox and click OK. [*]Note the space between the X and the U, it needs to be there. [*]Posted Image

The above procedure will:

  • [*]Implement some cleanup procedures. [*]Reset System Restore.

 

 

Now to remove most of the tools that we have used in fixing your machine:

  • [*]Make sure you have an Internet Connection. [*]Download
OTC to your desktop and run it [*]A list of tool components used in the cleanup of malware will be downloaded. [*]If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so. [*]Click Yes to begin the cleanup process and remove these components, including this application. [*]You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

 

 

You can go ahead and delete any programs or logs that are left.

Please re-enable any security that was disabled.

 


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Link to comment
Share on other sites

 Share

×
×
  • Create New...