Jump to content

Need help with laptop


Spyderrc10gt2
 Share

Recommended Posts

My mother in law has been letting her 10 year old nephew play on her laptop and he has gotten it pretty messed up. I can not get the wifi to turn on, I push the function key and the wifi button but it will not turn on. I've ran spybot, zonealarm and windows defender. Spybot found quite a lot of stuff and cleared them all. They all report good now however I believe somethings are still on there. When the laptop boots up, 30+ ms-dos looking windows pop up and close real quick, not open long enough to see what they are. Here are logs. Thank you for your help

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:52:23 PM, on 3/21/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:Program Files (x86)CyberLinkYouCamYCMMirage.exe
C:Program Files (x86)PictureMoverBinPictureMover.exe
C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
C:Program Files (x86)CheckPointZoneAlarmzatray.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:UsersPam and EdDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:progra~1mcafeemskmskapbho.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~2SPYBOT~1SDHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinTrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Freecause Shopping BHO - {91917DC6-93B9-4E62-B2D6-D39C9618C418} - C:Program Files (x86)Shop to Win 4Shop to Win 4.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:Program Files (x86)Deltadelta1.8.10.0bhdelta.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinTrustCheckerIEPlugin.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:Program Files (x86)Deltadelta1.8.10.0deltaTlbr.dll
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
O4 - HKLM..Run: [ZoneAlarm] "C:Program Files (x86)CheckPointZoneAlarmzatray.exe"
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKCU..Run: [DW6] "C:Program Files (x86)The Weather Channel FWDesktopDesktopWeather.exe"
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:Program FilesRealtekAudioHDAAERTSr64.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:Program FilesCheckPointZAForceFieldIswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:Program FilesRealtekRtVOsdRtVOsdService.exe
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:Program Files (x86)CheckPointZoneAlarmvsmon.exe
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: WajamUpdater - Unknown owner - C:Program Files (x86)WajamUpdaterWajamUpdater.exe (file missing)
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 10911 bytes

 

 

 

 

 

 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16446 BrowserJavaVersion: 10.13.2
Run by Pam and Ed at 19:52:57 on 2013-03-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1715 [GMT -5:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k RPCSS
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:Program Files (x86)CheckPointZoneAlarmvsmon.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesCheckPointZAForceFieldIswSvc.exe
C:Program FilesCheckPointZAForceFieldForceField.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32taskhost.exe
C:Program FilesRealtekAudioHDAAERTSr64.exe
C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
C:WindowsSysWOW64schtasks.exe
C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe
C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe
C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe
C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:WindowsSystem32rundll32.exe
C:Windowssystem32taskeng.exe
C:Program Files (x86)CyberLinkYouCamYCMMirage.exe
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe
C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe
C:Program FilesRealtekRtVOsdRtVOsdService.exe
C:Program FilesRealtekRtVOsdRtVOsd.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe
C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
C:WindowsSystem32svchost.exe -k secsvcs
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Windowssystem32SearchIndexer.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesRealtekAudioHDARtkNGUI64.exe
C:WindowsSystem32ICO.EXE
C:WindowsSystem32hkcmd.exe
C:WindowsSystem32igfxpers.exe
C:Program Files (x86)PictureMoverBinPictureMover.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
C:Program Files (x86)CheckPointZoneAlarmzatray.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Windowssystem32svchost.exe -k imgsvc
C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe
C:Program Files (x86)Hewlett-PackardSharedhpCaslNotification.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
?C:Windowssystem32wbemWMIADAP.EXE
C:WindowsSystem32cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinTrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
BHO: Shop to Win 4: {91917DC6-93B9-4E62-B2D6-D39C9618C418} - C:Program Files (x86)Shop to Win 4Shop to Win 4.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:Program Files (x86)Deltadelta1.8.10.0bhdelta.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinTrustCheckerIEPlugin.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:Program Files (x86)Deltadelta1.8.10.0deltaTlbr.dll
uRun: [DW6] "C:Program Files (x86)The Weather Channel FWDesktopDesktopWeather.exe"
mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
mRun: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
mRun: [ZoneAlarm] "C:Program Files (x86)CheckPointZoneAlarmzatray.exe"
mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: Interfaces{3673F473-5E5F-4262-8C51-D6D11785A73A} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces{3673F473-5E5F-4262-8C51-D6D11785A73A}249676020596D60796E6 : DHCPNameServer = 192.168.1.1 97.64.183.164 97.64.209.37
TCP: Interfaces{3673F473-5E5F-4262-8C51-D6D11785A73A}458656051636B656276416E637 : DHCPNameServer = 216.51.173.2 216.51.173.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:Program FilesCheckPointZAForceFieldTrustCheckerbinTrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:Program FilesCheckPointZAForceFieldTrustCheckerbinTrustCheckerIEPlugin.dll
x64-Run: [synTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe
x64-Run: [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hidden
x64-Run: [Mouse Suite 98 Daemon] ICO.EXE
x64-Run: [igfxTray] C:WindowsSystem32igfxtray.exe
x64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exe
x64-Run: [Persistence] C:WindowsSystem32igfxpers.exe
x64-Run: [iSW] "C:Program FilesCheckPointZAForceFieldForceField.exe" /icon="hidden"
x64-Run: [Logitech Download Assistant] C:WindowsSystem32rundll32.exe C:WindowsSystem32LogiLDA.dll,LogiFetch
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.default
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:Program Files (x86)AdobeReader 9.0ReaderAIRnppdf32.dll
FF - plugin: C:Program Files (x86)EpicPlaynpEpicHost.dll
FF - plugin: C:Program Files (x86)Javajre7binplugin2npjp2.dll
FF - plugin: c:Program Files (x86)Microsoft Silverlight4.1.10329.0npctrlui.dll
FF - plugin: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered1NP_wtapp.dll
FF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll
FF - plugin: C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinnpFFApi.dll
FF - plugin: C:WindowsSysWOW64AdobeDirectornp32dsw.dll
FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_6_602_180.dll
FF - plugin: C:WindowsSysWOW64npdeployJava1.dll
FF - plugin: C:WindowsSysWOW64npmproxy.dll
FF - ExtSQL: 2013-02-12 18:08; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:Program FilesCheckPointZAForceFieldWOW64TrustChecker
FF - ExtSQL: 2013-03-14 20:04; ffxtlbr@delta.com; C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultextensionsffxtlbr@delta.com
FF - ExtSQL: 2013-03-14 21:18; {EEE6C361-6118-11DC-9C72-001320C79847}; C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultextensions{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: !HIDDEN! 2011-10-31 22:07; textlinks@epicplay.com; C:UsersPam and EdAppDataRoamingMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@epicplay.com
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f0f3b942000000000000889ffa2da98c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15779
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.020:04:33
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;C:Program FilesRealtekAudioHDAAERTSr64.exe [2010-12-20 98208]
R2 HP Support Assistant Service;HP Support Assistant Service;C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2010-11-9 26680]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:Program FilesCheckPointZAForceFieldISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:Program FilesCheckPointZAForceFieldISWSVC.exe [2012-11-22 828072]
R2 RoxioNow Service;RoxioNow Service;C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-9-11 399344]
R2 RtVOsdService;RtVOsdService Installer;C:Program FilesRealtekRtVOsdRtVOsdService.exe [2010-6-24 315392]
R2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2011-8-28 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2010-12-20 2320920]
R3 clwvd;CyberLink WebCam Virtual Driver;C:WindowsSystem32driversclwvd.sys [2010-9-29 31088]
R3 HECIx64;Intel® Management Engine Interface;C:WindowsSystem32driversHECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:WindowsSystem32driversImpcd.sys [2011-1-1 158976]
R3 IntcDAud;Intel® Display Audio;C:WindowsSystem32driversIntcDAud.sys [2010-3-5 271872]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:WindowsSystem32driversnetr28x.sys [2010-12-20 1041760]
R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2010-12-20 347680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]
S2 WajamUpdater;WajamUpdater;"C:Program Files (x86)WajamUpdaterWajamUpdater.exe" --> C:Program Files (x86)WajamUpdaterWajamUpdater.exe [?]
S3 GamesAppService;GamesAppService;C:Program Files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:WindowsSystem32driversnetw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:WindowsSystem32driversRtsUStor.sys [2010-12-20 245792]
S3 SrvHsfHDA;SrvHsfHDA;C:WindowsSystem32driversVSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:WindowsSystem32driversVSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:WindowsSystem32driversVSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-2-24 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2010-12-18 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:WindowsSystem32driversyk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-03-21 23:35:31 76232 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{B0315C68-0539-40FB-B5BD-2510E771E844}offreg.dll
2013-03-16 21:38:17 -------- d-----w- C:WindowsSysWow64searchplugins
2013-03-16 21:38:17 -------- d-----w- C:WindowsSysWow64Extensions
2013-03-15 02:29:45 -------- d-----w- C:UsersPam and EdAppDataLocal{EFB91A20-7A65-4C8D-9134-1335734BC921}
2013-03-15 02:19:49 -------- d-----w- C:Program FilesDomaIQ Uninstaller
2013-03-15 02:18:41 -------- d-----w- C:UsersPam and EdAppDataLocalPrograms
2013-03-15 02:17:59 -------- d-----w- C:UsersPam and EdAppDataLocalSupreme Savings
2013-03-15 02:17:46 -------- d-----w- C:Program Files (x86)Driver Pro
2013-03-15 01:05:00 -------- d-----w- C:UsersPam and EdAppDataRoaming.minecraft
2013-03-15 01:04:52 -------- d-sh--w- C:WindowsSysWow64AI_RecycleBin
2013-03-15 01:04:50 -------- d-----w- C:ProgramDataStrongvault Online Backup
2013-03-15 01:04:35 -------- d-----w- C:ProgramDataBrowserProtect
2013-03-15 01:04:32 -------- d-----w- C:Program Files (x86)Delta
2013-03-15 01:04:27 -------- d-----w- C:UsersPam and EdAppDataRoamingBabSolution
2013-03-15 01:04:18 -------- d-sh--w- C:AI_RecycleBin
2013-03-15 01:04:03 -------- d-----w- C:ProgramDataTarma Installer
2013-02-25 02:12:40 -------- d-----w- C:UsersPam and EdAppDataLocal{4B2A7BC5-4792-4260-ACE8-36EFD18AAF44}
2013-02-22 22:59:07 -------- d-----w- C:ProgramDataPopCapY
2013-02-22 22:59:07 -------- d-----w- C:ProgramDataPopCap Games
2013-02-22 22:59:07 -------- d-----w- C:Program Files (x86)PopCap Games
.
==================== Find3M ====================
.
2013-03-13 00:55:23 73432 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl
2013-03-13 00:55:23 693976 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe
2013-02-13 01:15:33 95648 ----a-w- C:WindowsSysWow64WindowsAccessBridge-32.dll
2013-02-13 01:15:31 861088 ----a-w- C:WindowsSysWow64npdeployJava1.dll
2013-02-13 01:15:31 782240 ----a-w- C:WindowsSysWow64deployJava1.dll
2013-01-17 07:28:58 273840 ------w- C:WindowsSystem32MpSigStub.exe
.
============= FINISH: 19:53:38.25 ===============

Link to comment
Share on other sites

Hi spyderrc10gt2,

 

:wp:

 

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

[*]I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

[*]The fixes are specific to your problem and should only be used for the issues on this machine.

[*]Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

[*]It's often worth reading through these instructions and printing them for ease of reference.

[*]If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

[*]Please reply to this thread. Do not start a new topic.

As we work through your logs. Please remember to run any tools by Right-clicking on the icon and selecting Run As Administrator....

 

If you can't get online... you will need to download the program on a "good" computer and then transfer the program onto the "bad" one.

 

Download ComboFix:

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html

[*]Double click on ComboFix.exe & follow the prompts.

 

 

[*]When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.

 

 

Notes:

 

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Link to comment
Share on other sites

Thanks for reply, here is log requested:

 

ComboFix 13-03-21.02 - Pam and Ed 03/22/2013 5:44.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1968 [GMT -5:00]Running from: c:usersPam and EdDesktopComboFix.exeFW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:usersPam and EdAppDataRoamingMicrosoftWindowsRecentANTIGEN.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentANTIGEN.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentANTIGEN.tmpc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentcb.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecentcb.tmpc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentCLSV.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecentCLSV.sysc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentCLSV.tmpc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentdelfile.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentdelfile.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentdelfile.tmpc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentdudl.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecentdudl.tmpc:usersPam and EdAppDataRoamingMicrosoftWindowsRecenteb.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecenteb.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecenteb.sysc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentenergy.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentenergy.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentenergy.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecentenergy.sysc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentexec.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecentexec.sysc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentexec.tmpc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentfan.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentfix.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentFW.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentFW.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentgid.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecentgid.tmpc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentgrid.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecentgrid.tmpc:usersPam and EdAppDataRoamingMicrosoftWindowsRecenthymt.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecenthymt.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecenthymt.sysc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentkernel32.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentkernel32.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentpal.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecentpal.sysc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentPE.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentPE.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentPE.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecentPE.tmpc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentppal.exec:usersPam and EdAppDataRoamingMicrosoftWindowsRecentrunddl.tmpc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentSICKBOY.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentSICKBOY.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentSICKBOY.sysc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentsld.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentsld.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentSM.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentSM.sysc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentsnl2w.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentstd.dllc:usersPam and EdAppDataRoamingMicrosoftWindowsRecentstd.tmpc:usersPam and EdAppDataRoamingMicrosoftWindowsRecenttjd.drvc:usersPam and EdAppDataRoamingMicrosoftWindowsRecenttjd.sysc:windowswininit.ini..((((((((((((((((((((((((( Files Created from 2013-02-22 to 2013-03-22 )))))))))))))))))))))))))))))))..2013-03-22 10:56 . 2013-03-22 10:56 -------- d-----w- c:usersDefaultAppDataLocaltemp2013-03-21 23:35 . 2013-03-21 23:35 76232 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{B0315C68-0539-40FB-B5BD-2510E771E844}offreg.dll2013-03-16 21:38 . 2013-03-16 21:38 -------- d-----w- c:windowsSysWow64searchplugins2013-03-16 21:38 . 2013-03-16 21:38 -------- d-----w- c:windowsSysWow64Extensions2013-03-15 02:19 . 2013-03-15 02:19 -------- d-----w- c:program filesDomaIQ Uninstaller2013-03-15 02:18 . 2013-03-15 02:18 -------- d-----w- c:usersPam and EdAppDataLocalPrograms2013-03-15 02:17 . 2013-03-15 02:17 -------- d-----w- c:usersPam and EdAppDataLocalSupreme Savings2013-03-15 02:17 . 2013-03-21 23:32 -------- d-----w- c:program files (x86)Driver Pro2013-03-15 01:05 . 2013-03-15 01:05 -------- d-----w- c:usersPam and EdAppDataRoaming.minecraft2013-03-15 01:04 . 2013-03-21 21:32 -------- d-sh--w- c:windowsSysWow64AI_RecycleBin2013-03-15 01:04 . 2013-03-21 21:32 -------- d-----w- c:programdataStrongvault Online Backup2013-03-15 01:04 . 2013-03-15 01:04 -------- d-----w- c:programdataBrowserProtect2013-03-15 01:04 . 2013-03-15 01:04 -------- d-----w- c:program files (x86)Delta2013-03-15 01:04 . 2013-03-15 01:04 -------- d-----w- c:usersPam and EdAppDataRoamingBabSolution2013-03-15 01:04 . 2013-03-21 21:32 -------- d-----w- C:AI_RecycleBin2013-03-15 01:04 . 2013-03-21 21:58 -------- d-----w- c:programdataTarma Installer2013-02-22 22:59 . 2013-02-22 22:59 -------- d-----w- c:programdataPopCap Games2013-02-22 22:59 . 2013-02-22 22:59 -------- d-----w- c:programdataPopCapY2013-02-22 22:59 . 2013-02-22 22:59 -------- d-----w- c:program files (x86)PopCap Games...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-13 00:55 . 2012-12-11 00:13 693976 ----a-w- c:windowsSysWow64FlashPlayerApp.exe2013-03-13 00:55 . 2011-05-14 16:01 73432 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl2013-02-13 01:15 . 2013-02-13 01:15 95648 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll2013-02-13 01:15 . 2012-09-09 19:13 861088 ----a-w- c:windowsSysWow64npdeployJava1.dll2013-02-13 01:15 . 2011-08-28 13:43 782240 ----a-w- c:windowsSysWow64deployJava1.dll2013-01-18 18:15 . 2013-02-09 16:48 9161176 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{B0315C68-0539-40FB-B5BD-2510E771E844}mpengine.dll2013-01-17 07:28 . 2013-02-09 16:48 273840 ------w- c:windowssystem32MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINESOFTWAREWow6432Node~Browser Helper Objects{91917DC6-93B9-4E62-B2D6-D39C9618C418}]2010-12-29 18:20 14432 ----a-w- c:program files (x86)Shop to Win 4Shop to Win 4.dll.[HKEY_LOCAL_MACHINESOFTWAREWow6432Node~Browser Helper Objects{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]2013-01-23 12:24 247704 ----a-w- c:program files (x86)Deltadelta1.8.10.0bhdelta.dll.[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar]"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:program files (x86)Deltadelta1.8.10.0deltaTlbr.dll" [2013-01-23 321944].[HKEY_CLASSES_ROOTclsid{82e1477c-b154-48d3-9891-33d83c26bcd3}][HKEY_CLASSES_ROOTdelta.deltadskBnd.1][HKEY_CLASSES_ROOTTypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}][HKEY_CLASSES_ROOTdelta.deltadskBnd].[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-12-03 946352]"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-12-19 41208]"HP Quick Launch"="c:program files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe" [2010-11-09 586296]"ZoneAlarm"="c:program files (x86)CheckPointZoneAlarmzatray.exe" [2013-01-02 73984]"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-07-03 252848].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]R2 WajamUpdater;WajamUpdater;c:program files (x86)WajamUpdaterWajamUpdater.exe [x]R3 GamesAppService;GamesAppService;c:program files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:windowssystem32DRIVERSnetw5v64.sys [2009-06-10 5434368]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [2010-05-07 245792]R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [2009-06-10 292864]R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [2009-06-10 1485312]R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [2009-06-10 740864]R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-12-18 1255736]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32DRIVERSyk62x64.sys [2009-06-10 389120]S2 AERTFilters;Andrea RT Filters Service;c:program filesRealtekAudioHDAAERTSr64.exe [2009-11-18 98208]S2 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [2011-09-09 86072]S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:program filesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-07-21 103992]S2 HPClientSvc;HP Client Services;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-08-06 291896]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:program files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-03-28 94264]S2 HPWMISVC;HPWMISVC;c:program files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2010-11-09 26680]S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:program filesCheckPointZAForceFieldISWKL.sys [2012-11-22 33712]S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:program filesCheckPointZAForceFieldIswSvc.exe [2012-11-22 828072]S2 RoxioNow Service;RoxioNow Service;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-09-11 399344]S2 RtVOsdService;RtVOsdService Installer;c:program filesRealtekRtVOsdRtVOsdService.exe [2010-06-24 315392]S2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [2009-01-26 1153368]S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2009-10-01 2320920]S3 clwvd;CyberLink WebCam Virtual Driver;c:windowssystem32DRIVERSclwvd.sys [2010-09-29 31088]S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [2009-09-17 56344]S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys [2011-01-01 158976]S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2010-03-05 271872]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:windowssystem32DRIVERSnetr28x.sys [2010-11-05 1041760]S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2010-03-23 347680]..Contents of the 'Scheduled Tasks' folder.2013-03-22 c:windowsTasksAdobe Flash Player Updater.job- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-12-11 00:55].2013-03-15 c:windowsTasksHPCeeScheduleForPam and Ed.job- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15].2013-03-08 c:windowsTasksHPCeeScheduleForPAMANDED-HP$.job- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00Zecter]@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"[HKEY_CLASSES_ROOTCLSID{D25B32FE-CB96-491A-98FF-AD59DA382D69}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers01Zecter]@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"[HKEY_CLASSES_ROOTCLSID{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers02Zecter]@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"[HKEY_CLASSES_ROOTCLSID{B3C78E40-6B64-47C3-AE34-60B770881EB8}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers03Zecter]@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"[HKEY_CLASSES_ROOTCLSID{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers04Zecter]@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"[HKEY_CLASSES_ROOTCLSID{855156F0-2A0F-11DE-8C30-0800200C9A66}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"RTHDVCPL"="c:program filesRealtekAudioHDARtkNGUI64.exe" [2010-09-22 6489704]"HPWirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe" [2010-07-21 8192]"Mouse Suite 98 Daemon"="ICO.EXE" [2006-09-30 90624]"IgfxTray"="c:windowssystem32igfxtray.exe" [2012-01-11 167704]"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2012-01-11 392984]"Persistence"="c:windowssystem32igfxpers.exe" [2012-01-11 417560]"Logitech Download Assistant"="c:windowsSystem32LogiLDA.dll" [2012-09-20 1832760].------- Supplementary Scan -------.uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}uLocal Page = c:windowssystem32blank.htmmStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}mLocal Page = c:windowsSysWOW64blank.htmTrusted Zone: internetTrusted Zone: mcafee.comFF - ProfilePath - c:usersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultFF - prefs.js: browser.search.selectedEngine - Delta SearchFF - prefs.js: browser.startup.homepage - www.yahoo.comFF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}&q=FF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2013-02-12 18:08; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:program filesCheckPointZAForceFieldWOW64TrustCheckerFF - ExtSQL: 2013-03-14 20:04; ffxtlbr@delta.com; c:usersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultextensionsffxtlbr@delta.comFF - ExtSQL: 2013-03-14 21:18; {EEE6C361-6118-11DC-9C72-001320C79847}; c:usersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultextensions{EEE6C361-6118-11DC-9C72-001320C79847}.xpiFF - ExtSQL: !HIDDEN! 2011-10-31 22:07; textlinks@epicplay.com; c:usersPam and EdAppDataRoamingMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@epicplay.comFF - user.js: general.useragent.extra.brc -FF - user.js: extensions.delta.tlbrSrchUrl -FF - user.js: extensions.delta.id - f0f3b942000000000000889ffa2da98cFF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15779FF - user.js: extensions.delta.vrsn - 1.8.10.0FF - user.js: extensions.delta.vrsni - 1.8.10.0FF - user.js: extensions.delta.vrsnTs - 1.8.10.020:04FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta.newTab - false.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-DW6 - c:program files (x86)The Weather Channel FWDesktopDesktopWeather.exeHKLM-Run-SynTPEnh - c:program files (x86)SynapticsSynTPSynTPEnh.exeHKLM-Run-ISW - (no file)AddRemove-EpicPlay - c:program files (x86)EpicPlayepicRemoval.exeAddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:program files (x86)InstallShield Installation Information{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}setup.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:Windowssystem32MacromedFlashFlashUtil64_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]@="0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus1]@="131473".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareMcAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,.[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]@Denied: (Full) (Everyone).Completion time: 2013-03-22 06:07:59ComboFix-quarantined-files.txt 2013-03-22 11:07.Pre-Run: 425,035,902,976 bytes freePost-Run: 424,625,336,320 bytes free.- - End Of File - - 95CB6B3D8DBB2142F1B37EA4AE0493C3

Link to comment
Share on other sites

Looking better but there is still garbage on there. Let's try another tool before we go in manually.

 

AdwCleaner

[*]Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.

[*]Double click on AdwCleaner.exe to run the tool.

[*]Click on Delete.

[*]Confirm each time with Ok.

[*]Your computer will be rebooted automatically. A text file will open after the restart.

[*]Please post the content of that logfile with your next answer.

[*]You can find the logfile at C:AdwCleaner[s1].txt as well.

Link to comment
Share on other sites

# AdwCleaner v2.115 - Logfile created 03/22/2013 at 16:27:20# Updated 17/03/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Pam and Ed - PAMANDED-HP# Boot Mode : Normal# Running from : C:UsersPam and EdDesktopadwcleaner.exe# Option [Delete]***** [services] *****Stopped & Deleted : WajamUpdater***** [Files / Folders] *****Deleted on reboot : C:ProgramDataBrowserProtectFile Deleted : C:ENDFile Deleted : C:ProgramDataMicrosoftWindowsStart MenuProgramseBay.lnkFile Deleted : C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultextensions{EEE6C361-6118-11DC-9C72-001320C79847}.xpiFile Deleted : C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultsearchpluginsAskcom.xmlFile Deleted : C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultsearchpluginsdelta.xmlFile Deleted : C:UsersPublicDesktopeBay.lnkFolder Deleted : C:Program Files (x86)DeltaFolder Deleted : C:Program FilesDomaIQ UninstallerFolder Deleted : C:ProgramDataAskFolder Deleted : C:ProgramDataTarma InstallerFolder Deleted : C:UsersPam and EdAppDataLocalLowDeltaFolder Deleted : C:UsersPam and EdAppDataLocalLowSweetIMFolder Deleted : C:UsersPam and EdAppDataRoamingBabSolutionFolder Deleted : C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultextensionsffxtlbr@delta.comFolder Deleted : C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultSweetPacksToolbarData***** [Registry] *****Key Deleted : HKCUSoftwareAppDataLowSoftwareCrossriderKey Deleted : HKCUSoftwareDataMngr_ToolbarKey Deleted : HKCUSoftwareDeltaKey Deleted : HKCUSoftwaredelta LTDKey Deleted : HKCUSoftwareInstallCoreKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCUSoftwareOptimizer ProKey Deleted : HKCUSoftwared688dae635e843Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLMSOFTWAREClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLMSOFTWAREClassesAppID{39CB8175-E224-4446-8746-00566302DF8D}Key Deleted : HKLMSOFTWAREClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLMSOFTWAREClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Deleted : HKLMSOFTWAREClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Key Deleted : HKLMSOFTWAREClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLMSOFTWAREClassesAppID{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}Key Deleted : HKLMSOFTWAREClassesAppIDescort.DLLKey Deleted : HKLMSOFTWAREClassesAppIDescortApp.DLLKey Deleted : HKLMSOFTWAREClassesAppIDescortEng.DLLKey Deleted : HKLMSOFTWAREClassesAppIDescorTlbr.DLLKey Deleted : HKLMSOFTWAREClassesAppIDesrv.EXEKey Deleted : HKLMSOFTWAREClassesAppIDPSText.DLLKey Deleted : HKLMSOFTWAREClassesdelta.deltaappCoreKey Deleted : HKLMSOFTWAREClassesdelta.deltaappCore.1Key Deleted : HKLMSOFTWAREClassesescort.escortIEPaneKey Deleted : HKLMSOFTWAREClassesescort.escortIEPane.1Key Deleted : HKLMSOFTWAREClassesesrv.deltaESrvcKey Deleted : HKLMSOFTWAREClassesesrv.deltaESrvc.1Key Deleted : HKLMSOFTWAREClassesFCSB000062377.JSOptionsImplKey Deleted : HKLMSOFTWAREClassesFCSB000062377.JSOptionsImpl.1Key Deleted : HKLMSOFTWAREClassesProd.capKey Deleted : HKLMSOFTWAREClassesTypeLib{39CB8175-E224-4446-8746-00566302DF8D}Key Deleted : HKLMSOFTWAREClassesTypeLib{4599D05A-D545-4069-BB42-5895B4EAE05B}Key Deleted : HKLMSOFTWAREClassesTypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLMSoftwareDataMngrKey Deleted : HKLMSoftwareDeltaKey Deleted : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASAPI32Key Deleted : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASMANCSKey Deleted : HKLMSOFTWAREMicrosoftTracingwajam_install_RASAPI32Key Deleted : HKLMSOFTWAREMicrosoftTracingwajam_install_RASMANCSKey Deleted : HKLMSOFTWAREMicrosoftTracingWajamUpdater_RASAPI32Key Deleted : HKLMSOFTWAREMicrosoftTracingWajamUpdater_RASMANCSKey Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{261DD098-8A3E-43D4-87AA-63324FA897D8}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{82E1477C-B154-48D3-9891-33D83C26BCD3}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{86838207-681D-469D-9511-D0DCC6F19F9B}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{C1AF5FA5-852C-4C90-812E-A7F75E011D87}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{45A8F904-D9CA-439B-9CBB-11097B45D9E1}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{5272CCD4-4199-4B04-BF68-B28A0DCF0151}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{F165085B-6B85-4AD5-AD00-95552A823F6D}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{FFB96CC1-7EB3-449D-B827-DB661701C6BB}Key Deleted : HKLMSOFTWAREWow6432Noded688dae635e843Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{EEE6C367-6118-11DC-9C72-001320C79847}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C1AF5FA5-852C-4C90-812E-A7F75E011D87}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallDeltaKey Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallDelta Chrome ToolbarKey Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstallDomaIQ UninstallerKey Deleted : HKLMSOFTWAREClassesInterface{45A8F904-D9CA-439B-9CBB-11097B45D9E1}Key Deleted : HKLMSOFTWAREClassesInterface{5272CCD4-4199-4B04-BF68-B28A0DCF0151}Key Deleted : HKLMSOFTWAREClassesInterface{F165085B-6B85-4AD5-AD00-95552A823F6D}Key Deleted : HKLMSOFTWAREClassesInterface{FFB96CC1-7EB3-449D-B827-DB661701C6BB}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]***** [internet Browsers] *****- Internet Explorer v9.0.8112.16446[OK] Registry is clean.- Mozilla Firefox v19.0.2 (en-US)File : C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultprefs.jsC:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultuser.js ... Deleted !Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119351&tt=130313_80cr&ba[...]Deleted : user_pref("avg.install.userSPSettings", "Delta Search");Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119351&tt=130313_80cr&babsrc=NT_[...]Deleted : user_pref("browser.search.defaultengine", "Ask.com");Deleted : user_pref("browser.search.order.1", "Delta Search");Deleted : user_pref("browser.search.selectedEngine", "Delta Search");Deleted : user_pref("extensions.delta.admin", false);Deleted : user_pref("extensions.delta.aflt", "babsst");Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");Deleted : user_pref("extensions.delta.autoRvrt", "false");Deleted : user_pref("extensions.delta.bbDpng", "15");Deleted : user_pref("extensions.delta.cntry", "US");Deleted : user_pref("extensions.delta.dfltLng", "en");Deleted : user_pref("extensions.delta.excTlbr", false);Deleted : user_pref("extensions.delta.hdrMd5", "315AC9ECF02AD9A67BA3199038F2E22F");Deleted : user_pref("extensions.delta.id", "f0f3b942000000000000889ffa2da98c");Deleted : user_pref("extensions.delta.instlDay", "15779");Deleted : user_pref("extensions.delta.instlRef", "sst");Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.10.020:04:33");Deleted : user_pref("extensions.delta.newTab", false);Deleted : user_pref("extensions.delta.prdct", "delta");Deleted : user_pref("extensions.delta.prtnrId", "delta");Deleted : user_pref("extensions.delta.rvrt", "false");Deleted : user_pref("extensions.delta.sg", "tzb");Deleted : user_pref("extensions.delta.smplGrp", "none");Deleted : user_pref("extensions.delta.tlbrId", "base");Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.020:04:33");Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");Deleted : user_pref("playsushi.position.button", true);Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1363360743895");Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");Deleted : user_pref("sweetim.toolbar.mode.debug", "false");Deleted : user_pref("sweetim.toolbar.newtab.created", "true");Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=[...]Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "hxxp://www.delta-search.com/?affID=119351&[...]Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Delta Search");Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.delta-search.com/?affID=1[...]Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook.com.*");Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook.com.*");Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version="1.0"?><TOOLBAR><EXTERNAL_SEARCH engin[...]Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");Deleted : user_pref("sweetim.toolbar.simapp_id", "{7F72E420-8D16-11E2-B3FC-78ACC047C7E1}");Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?bar[...]Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");Deleted : user_pref("sweetim.toolbar.version", "1.12.0.0");*************************AdwCleaner[s1].txt - [16880 octets] - [22/03/2013 16:27:20]########## EOF - C:AdwCleaner[s1].txt - [16941 octets] ##########

Link to comment
Share on other sites

Was finally able to get the wifi to turn back on, took quite a few times hitting the function and wifi key but it finally came back on. Here is updated DDS

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16446 BrowserJavaVersion: 10.13.2Run by Pam and Ed at 17:59:24 on 2013-03-22Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2314 [GMT -5:00].AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}.============== Running Processes ===============.C:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32svchost.exe -k RPCSSC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k netsvcsC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k NetworkServiceC:Program Files (x86)CheckPointZoneAlarmvsmon.exeC:Windowssystem32Dwm.exeC:WindowsExplorer.EXEC:Program FilesCheckPointZAForceFieldIswSvc.exeC:WindowsSystem32spoolsv.exeC:Windowssystem32svchost.exe -k LocalServiceNoNetworkC:Windowssystem32taskhost.exeC:Program FilesRealtekAudioHDAAERTSr64.exeC:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exeC:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exeC:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exeC:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exeC:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exeC:Windowssystem32svchost.exe -k imgsvcC:WindowsSystem32svchost.exe -k secsvcsC:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXEC:Program Files (x86)Spybot - Search & DestroySDWinSec.exeC:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exeC:Windowssystem32svchost.exe -k NetworkServiceNetworkRestrictedC:Windowssystem32taskeng.exeC:Program Files (x86)CyberLinkYouCamYCMMirage.exeC:Program FilesSynapticsSynTPSynTPEnh.exeC:Program FilesRealtekAudioHDARtkNGUI64.exeC:WindowsSystem32ICO.EXEC:WindowsSystem32hkcmd.exeC:WindowsSystem32igfxpers.exeC:Program FilesSynapticsSynTPSynTPHelper.exeC:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exeC:Program Files (x86)CheckPointZoneAlarmzatray.exeC:Program Files (x86)Common FilesJavaJava Updatejusched.exeC:Windowssystem32wbemwmiprvse.exeC:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exeC:Windowssystem32SearchIndexer.exeC:Program FilesCheckPointZAForceFieldForceField.exeC:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonationC:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exeC:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exeC:Program FilesRealtekRtVOsdRtVOsdService.exeC:Program FilesRealtekRtVOsdRtVOsd.exeC:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exeC:Windowssystem32wbemwmiprvse.exeC:Program FilesWindows Media Playerwmpnetwk.exeC:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exeC:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exeC:Program Files (x86)Hewlett-PackardSharedhpCaslNotification.exeC:Windowssystem32taskeng.exeC:Windowssystem32SearchProtocolHost.exeC:Windowssystem32SearchFilterHost.exeC:WindowsSystem32cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dllBHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dllBHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinTrustCheckerIEPlugin.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllBHO: Shop to Win 4: {91917DC6-93B9-4E62-B2D6-D39C9618C418} - C:Program Files (x86)Shop to Win 4Shop to Win 4.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dllTB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinTrustCheckerIEPlugin.dllmRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"mRun: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exemRun: [ZoneAlarm] "C:Program Files (x86)CheckPointZoneAlarmzatray.exe"mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cabTCP: Interfaces{3673F473-5E5F-4262-8C51-D6D11785A73A} : DHCPNameServer = 192.168.0.1 205.171.2.25TCP: Interfaces{3673F473-5E5F-4262-8C51-D6D11785A73A}249676020596D60796E6 : DHCPNameServer = 192.168.1.1 97.64.183.164 97.64.209.37TCP: Interfaces{3673F473-5E5F-4262-8C51-D6D11785A73A}458656051636B656276416E637 : DHCPNameServer = 216.51.173.2 216.51.173.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:Program FilesCheckPointZAForceFieldTrustCheckerbinTrustCheckerIEPlugin.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dllx64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:Program FilesCheckPointZAForceFieldTrustCheckerbinTrustCheckerIEPlugin.dllx64-Run: [synTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exex64-Run: [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -sx64-Run: [HPWirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe 120 C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe /hiddenx64-Run: [Mouse Suite 98 Daemon] ICO.EXEx64-Run: [igfxTray] C:WindowsSystem32igfxtray.exex64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exex64-Run: [Persistence] C:WindowsSystem32igfxpers.exex64-Run: [iSW] C:Program FilesCheckPointZAForceFieldForceField.exe /icon="hidden"x64-Run: [Logitech Download Assistant] C:WindowsSystem32rundll32.exe C:WindowsSystem32LogiLDA.dll,LogiFetch.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabx64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabx64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultFF - prefs.js: browser.startup.homepage - www.yahoo.comFF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}&q=FF - prefs.js: network.proxy.type - 0FF - plugin: C:Program Files (x86)AdobeReader 9.0ReaderAIRnppdf32.dllFF - plugin: C:Program Files (x86)EpicPlaynpEpicHost.dllFF - plugin: C:Program Files (x86)Javajre7binplugin2npjp2.dllFF - plugin: c:Program Files (x86)Microsoft Silverlight4.1.10329.0npctrlui.dllFF - plugin: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered1NP_wtapp.dllFF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dllFF - plugin: C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinnpFFApi.dllFF - plugin: C:WindowsSysWOW64AdobeDirectornp32dsw.dllFF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_6_602_180.dllFF - plugin: C:WindowsSysWOW64npdeployJava1.dllFF - plugin: C:WindowsSysWOW64npmproxy.dllFF - ExtSQL: 2013-02-12 18:08; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerFF - ExtSQL: 2013-03-14 20:04; ffxtlbr@delta.com; C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultextensionsffxtlbr@delta.comFF - ExtSQL: 2013-03-14 21:18; {EEE6C361-6118-11DC-9C72-001320C79847}; C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultextensions{EEE6C361-6118-11DC-9C72-001320C79847}.xpiFF - ExtSQL: !HIDDEN! 2011-10-31 22:07; textlinks@epicplay.com; C:UsersPam and EdAppDataRoamingMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@epicplay.com.============= SERVICES / DRIVERS ===============.R2 AERTFilters;Andrea RT Filters Service;C:Program FilesRealtekAudioHDAAERTSr64.exe [2010-12-20 98208]R2 HP Support Assistant Service;HP Support Assistant Service;C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe [2011-9-9 86072]R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-7-21 103992]R2 HPClientSvc;HP Client Services;C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-8-5 291896]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-3-28 94264]R2 HPWMISVC;HPWMISVC;C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2010-11-9 26680]R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:Program FilesCheckPointZAForceFieldISWKL.sys [2012-11-22 33712]R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:Program FilesCheckPointZAForceFieldISWSVC.exe [2012-11-22 828072]R2 RoxioNow Service;RoxioNow Service;C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-9-11 399344]R2 RtVOsdService;RtVOsdService Installer;C:Program FilesRealtekRtVOsdRtVOsdService.exe [2010-6-24 315392]R2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2011-8-28 1153368]R2 UNS;Intel® Management & Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2010-12-20 2320920]R3 clwvd;CyberLink WebCam Virtual Driver;C:WindowsSystem32driversclwvd.sys [2010-9-29 31088]R3 HECIx64;Intel® Management Engine Interface;C:WindowsSystem32driversHECIx64.sys [2009-9-17 56344]R3 Impcd;Impcd;C:WindowsSystem32driversImpcd.sys [2011-1-1 158976]R3 IntcDAud;Intel® Display Audio;C:WindowsSystem32driversIntcDAud.sys [2010-3-5 271872]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:WindowsSystem32driversnetr28x.sys [2010-12-20 1041760]R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2010-12-20 347680]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]S3 GamesAppService;GamesAppService;C:Program Files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:WindowsSystem32driversnetw5v64.sys [2009-6-10 5434368]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:WindowsSystem32driversRtsUStor.sys [2010-12-20 245792]S3 SrvHsfHDA;SrvHsfHDA;C:WindowsSystem32driversVSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:WindowsSystem32driversVSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:WindowsSystem32driversVSTCNXT6.SYS [2009-7-13 740864]S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-2-24 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2010-12-18 1255736]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:WindowsSystem32driversyk62x64.sys [2009-6-10 389120].=============== Created Last 30 ================.2013-03-22 21:39:36 76232 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{B0315C68-0539-40FB-B5BD-2510E771E844}offreg.dll2013-03-22 21:30:07 -------- d-sh--w- C:$RECYCLE.BIN2013-03-22 21:27:26 97 ----a-w- C:WindowsDeleteOnReboot.bat2013-03-22 10:43:13 98816 ----a-w- C:Windowssed.exe2013-03-22 10:43:13 256000 ----a-w- C:WindowsPEV.exe2013-03-22 10:43:13 208896 ----a-w- C:WindowsMBR.exe2013-03-16 21:38:17 -------- d-----w- C:WindowsSysWow64searchplugins2013-03-16 21:38:17 -------- d-----w- C:WindowsSysWow64Extensions2013-03-15 02:29:45 -------- d-----w- C:UsersPam and EdAppDataLocal{EFB91A20-7A65-4C8D-9134-1335734BC921}2013-03-15 02:18:41 -------- d-----w- C:UsersPam and EdAppDataLocalPrograms2013-03-15 02:17:59 -------- d-----w- C:UsersPam and EdAppDataLocalSupreme Savings2013-03-15 02:17:46 -------- d-----w- C:Program Files (x86)Driver Pro2013-03-15 01:05:00 -------- d-----w- C:UsersPam and EdAppDataRoaming.minecraft2013-03-15 01:04:52 -------- d-sh--w- C:WindowsSysWow64AI_RecycleBin2013-03-15 01:04:50 -------- d-----w- C:ProgramDataStrongvault Online Backup2013-03-15 01:04:35 -------- d-----w- C:ProgramDataBrowserProtect2013-03-15 01:04:18 -------- d-----w- C:AI_RecycleBin2013-02-25 02:12:40 -------- d-----w- C:UsersPam and EdAppDataLocal{4B2A7BC5-4792-4260-ACE8-36EFD18AAF44}2013-02-22 22:59:07 -------- d-----w- C:ProgramDataPopCapY2013-02-22 22:59:07 -------- d-----w- C:ProgramDataPopCap Games2013-02-22 22:59:07 -------- d-----w- C:Program Files (x86)PopCap Games.==================== Find3M ====================.2013-03-13 00:55:23 73432 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl2013-03-13 00:55:23 693976 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe2013-02-13 01:15:33 95648 ----a-w- C:WindowsSysWow64WindowsAccessBridge-32.dll2013-02-13 01:15:31 861088 ----a-w- C:WindowsSysWow64npdeployJava1.dll2013-02-13 01:15:31 782240 ----a-w- C:WindowsSysWow64deployJava1.dll2013-01-17 07:28:58 273840 ------w- C:WindowsSystem32MpSigStub.exe.============= FINISH: 17:59:52.33 ===============

Link to comment
Share on other sites

just a few things still showing:

 

COMBOFIX-Script

[*]Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

DDS::BHO: Shop to Win 4: {91917DC6-93B9-4E62-B2D6-D39C9618C418} - C:Program Files (x86)Shop to Win 4Shop to Win 4.dllx64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabx64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>FF - ExtSQL: 2013-03-14 21:18; {EEE6C361-6118-11DC-9C72-001320C79847}; C:UsersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultextensions{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[*]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

 

Posted Image

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

[*]CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Link to comment
Share on other sites

ComboFix 13-03-21.02 - Pam and Ed 03/23/2013 10:21:42.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2220 [GMT -5:00]Running from: c:usersPam and EdDesktopComboFix.exeCommand switches used :: c:usersPam and EdDesktopCFScript.txtFW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:program files (x86)Shop to Win 4Shop to Win 4.dll..((((((((((((((((((((((((( Files Created from 2013-02-23 to 2013-03-23 )))))))))))))))))))))))))))))))..2013-03-23 15:39 . 2013-03-23 15:39 -------- d-----w- c:usersDefaultAppDataLocaltemp2013-03-23 15:21 . 2013-03-23 15:21 76232 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{49F5FFCA-5BED-4F1F-8C71-D2F520AEBA0D}offreg.dll2013-03-22 23:13 . 2013-03-19 10:50 9311288 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{49F5FFCA-5BED-4F1F-8C71-D2F520AEBA0D}mpengine.dll2013-03-22 23:11 . 2013-03-22 23:11 95648 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll2013-03-22 23:07 . 2013-03-22 23:07 -------- d-----w- c:programdataLicenses2013-03-22 21:27 . 2013-03-22 21:27 97 ----a-w- c:windowsDeleteOnReboot.bat2013-03-16 21:38 . 2013-03-16 21:38 -------- d-----w- c:windowsSysWow64searchplugins2013-03-16 21:38 . 2013-03-16 21:38 -------- d-----w- c:windowsSysWow64Extensions2013-03-15 02:18 . 2013-03-15 02:18 -------- d-----w- c:usersPam and EdAppDataLocalPrograms2013-03-15 02:17 . 2013-03-15 02:17 -------- d-----w- c:usersPam and EdAppDataLocalSupreme Savings2013-03-15 02:17 . 2013-03-21 23:32 -------- d-----w- c:program files (x86)Driver Pro2013-03-15 01:05 . 2013-03-15 01:05 -------- d-----w- c:usersPam and EdAppDataRoaming.minecraft2013-03-15 01:04 . 2013-03-21 21:32 -------- d-sh--w- c:windowsSysWow64AI_RecycleBin2013-03-15 01:04 . 2013-03-21 21:32 -------- d-----w- c:programdataStrongvault Online Backup2013-03-15 01:04 . 2013-03-15 01:04 -------- d-----w- c:programdataBrowserProtect2013-03-15 01:04 . 2013-03-21 21:32 -------- d-----w- C:AI_RecycleBin2013-02-22 22:59 . 2013-02-22 22:59 -------- d-----w- c:programdataPopCap Games2013-02-22 22:59 . 2013-02-22 22:59 -------- d-----w- c:programdataPopCapY2013-02-22 22:59 . 2013-02-22 22:59 -------- d-----w- c:program files (x86)PopCap Games...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-22 23:11 . 2012-09-09 19:13 861088 ----a-w- c:windowsSysWow64npdeployJava1.dll2013-03-22 23:11 . 2011-08-28 13:43 782240 ----a-w- c:windowsSysWow64deployJava1.dll2013-03-13 00:55 . 2012-12-11 00:13 693976 ----a-w- c:windowsSysWow64FlashPlayerApp.exe2013-03-13 00:55 . 2011-05-14 16:01 73432 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl2013-01-17 06:28 . 2013-02-09 16:48 273840 ------w- c:windowssystem32MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-12-03 946352]"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-12-19 41208]"HP Quick Launch"="c:program files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe" [2010-11-09 586296]"ZoneAlarm"="c:program files (x86)CheckPointZoneAlarmzatray.exe" [2013-01-02 73984]"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-07-03 252848].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]R3 GamesAppService;GamesAppService;c:program files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:windowssystem32DRIVERSnetw5v64.sys [2009-06-10 5434368]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [2010-05-07 245792]R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [2009-06-10 292864]R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [2009-06-10 1485312]R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [2009-06-10 740864]R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-12-18 1255736]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32DRIVERSyk62x64.sys [2009-06-10 389120]S2 AERTFilters;Andrea RT Filters Service;c:program filesRealtekAudioHDAAERTSr64.exe [2009-11-18 98208]S2 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [2011-09-09 86072]S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:program filesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-07-21 103992]S2 HPClientSvc;HP Client Services;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-08-06 291896]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:program files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-03-28 94264]S2 HPWMISVC;HPWMISVC;c:program files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2010-11-09 26680]S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:program filesCheckPointZAForceFieldISWKL.sys [2012-11-22 33712]S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:program filesCheckPointZAForceFieldIswSvc.exe [2012-11-22 828072]S2 RoxioNow Service;RoxioNow Service;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-09-11 399344]S2 RtVOsdService;RtVOsdService Installer;c:program filesRealtekRtVOsdRtVOsdService.exe [2010-06-24 315392]S2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [2009-01-26 1153368]S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2009-10-01 2320920]S3 clwvd;CyberLink WebCam Virtual Driver;c:windowssystem32DRIVERSclwvd.sys [2010-09-29 31088]S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [2009-09-17 56344]S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys [2011-01-01 158976]S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2010-03-05 271872]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:windowssystem32DRIVERSnetr28x.sys [2010-11-05 1041760]S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2010-03-23 347680]..Contents of the 'Scheduled Tasks' folder.2013-03-22 c:windowsTasksAdobe Flash Player Updater.job- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-12-11 00:55].2013-03-15 c:windowsTasksHPCeeScheduleForPam and Ed.job- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15].2013-03-08 c:windowsTasksHPCeeScheduleForPAMANDED-HP$.job- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00Zecter]@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"[HKEY_CLASSES_ROOTCLSID{D25B32FE-CB96-491A-98FF-AD59DA382D69}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers01Zecter]@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"[HKEY_CLASSES_ROOTCLSID{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers02Zecter]@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"[HKEY_CLASSES_ROOTCLSID{B3C78E40-6B64-47C3-AE34-60B770881EB8}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers03Zecter]@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"[HKEY_CLASSES_ROOTCLSID{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers04Zecter]@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"[HKEY_CLASSES_ROOTCLSID{855156F0-2A0F-11DE-8C30-0800200C9A66}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"SynTPEnh"="c:program files (x86)SynapticsSynTPSynTPEnh.exe" [bU]"RTHDVCPL"="c:program filesRealtekAudioHDARtkNGUI64.exe" [2010-09-22 6489704]"HPWirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe" [2010-07-21 8192]"Mouse Suite 98 Daemon"="ICO.EXE" [2006-09-30 90624]"IgfxTray"="c:windowssystem32igfxtray.exe" [2012-01-11 167704]"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2012-01-11 392984]"Persistence"="c:windowssystem32igfxpers.exe" [2012-01-11 417560]"ISW"="" [bU]"Logitech Download Assistant"="c:windowsSystem32LogiLDA.dll" [2012-09-20 1832760].------- Supplementary Scan -------.uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}uLocal Page = c:windowssystem32blank.htmmStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}mLocal Page = c:windowsSysWOW64blank.htmTrusted Zone: internetTrusted Zone: mcafee.comTCP: DhcpNameServer = 192.168.1.1 97.64.183.164 97.64.209.37FF - ProfilePath - c:usersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultFF - prefs.js: browser.startup.homepage - www.yahoo.comFF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}&q=FF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2013-02-12 18:08; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:program filesCheckPointZAForceFieldWOW64TrustCheckerFF - ExtSQL: !HIDDEN! 2011-10-31 22:07; textlinks@epicplay.com; c:usersPam and EdAppDataRoamingMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@epicplay.com.- - - - ORPHANS REMOVED - - - -.BHO-{91917DC6-93B9-4E62-B2D6-D39C9618C418} - c:program files (x86)Shop to Win 4Shop to Win 4.dllAddRemove-EpicPlay - c:program files (x86)EpicPlayepicRemoval.exeAddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:program files (x86)InstallShield Installation Information{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}setup.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:Windowssystem32MacromedFlashFlashUtil64_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]@="0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus1]@="131473".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareMcAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,.[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]@Denied: (Full) (Everyone).Completion time: 2013-03-23 10:50:47ComboFix-quarantined-files.txt 2013-03-23 15:50ComboFix2.txt 2013-03-22 11:08.Pre-Run: 424,069,275,648 bytes freePost-Run: 423,691,857,920 bytes free.- - End Of File - - 54592E02B6EFA8A744624B86FF797B8A

Link to comment
Share on other sites

That is looking pretty good.

 

Let's get an online scan. This takes awhile.

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.htmll]here[/url].

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go http://www.eset.com/onlinescan/]here[/url] then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:Program FilesESETEsetOnlineScannerlog.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Link to comment
Share on other sites

ESETSmartInstaller@High as downloader log:all ok# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=8b15314a8d776b429c0d233989bdeb37# engine=13471# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2013-03-23 09:20:52# local_time=2013-03-23 04:20:52 (-0600, Central Daylight Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=5893 16776573 100 94 0 115617102 0 0# compatibility_mode=9217 16776893 100 13 3276750 6835326 0 0# scanned=232622# found=4# cleaned=0# scan_time=5931sh=8F4E3E4F0075C645D24C9A80B384D941EFF18F05 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:ProgramDataSpybot - Search & DestroyRecoverySweetIM36.zip"sh=0A20378B48A15CCDE57860681C00613D1D2D3057 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:ProgramDataSpybot - Search & DestroyRecoverySweetIM39.zip"sh=8F4E3E4F0075C645D24C9A80B384D941EFF18F05 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:UsersAll UsersSpybot - Search & DestroyRecoverySweetIM36.zip"sh=0A20378B48A15CCDE57860681C00613D1D2D3057 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:UsersAll UsersSpybot - Search & DestroyRecoverySweetIM39.zip"

Link to comment
Share on other sites

If you haven't ran the "FixIt" that caintry provided the link for... please do so.

 

If you have done so and it didn't work... then please get me the following log.

 

Please download Farbar Service Scanner and run it by double clicking

[*]Make sure the following options are checked:

[*]Internet Services

[*]Windows Firewall

[*]System Restore

[*]Security Center

[*]Windows Update

[*]Windows Defender

[*]Press "Scan".

[*]It will create a log (FSS.txt) in the same directory the tool is run.

[*]Please copy and paste the log to your reply.

Link to comment
Share on other sites

Yes, I tried both the 'Fix it tool' and the 'system readiness tool' and the problem still persists.

 

 

Farbar Service Scanner Version: 03-03-2013Ran by Pam and Ed (administrator) on 24-03-2013 at 12:45:50Running from "C:UsersPam and EdDesktop"Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]"EnableFirewall"=DWORD:0System Restore:============System Restore Disabled Policy:========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============Other Services:==============File Check:========C:WindowsSystem32nsisvc.dll => MD5 is legitC:WindowsSystem32driversnsiproxy.sys => MD5 is legitC:WindowsSystem32dhcpcore.dll => MD5 is legitC:WindowsSystem32driversafd.sys => MD5 is legitC:WindowsSystem32driverstdx.sys => MD5 is legitC:WindowsSystem32Driverstcpip.sys => MD5 is legitC:WindowsSystem32dnsrslvr.dll => MD5 is legitC:WindowsSystem32mpssvc.dll => MD5 is legitC:WindowsSystem32bfe.dll => MD5 is legitC:WindowsSystem32driversmpsdrv.sys => MD5 is legitC:WindowsSystem32SDRSVC.dll => MD5 is legitC:WindowsSystem32vssvc.exe => MD5 is legitC:WindowsSystem32wscsvc.dll => MD5 is legitC:WindowsSystem32wbemWMIsvc.dll => MD5 is legitC:WindowsSystem32wuaueng.dll => MD5 is legitC:WindowsSystem32qmgr.dll => MD5 is legitC:WindowsSystem32es.dll => MD5 is legitC:WindowsSystem32cryptsvc.dll => MD5 is legitC:Program FilesWindows DefenderMpSvc.dll => MD5 is legitC:WindowsSystem32svchost.exe => MD5 is legitC:WindowsSystem32rpcss.dll => MD5 is legit**** End of log ****

Link to comment
Share on other sites

Have you tried shutting off the Zone Alarm firewall before trying to update?

 

Let's get a look at your event viewer.

 

download VEW by Vino Rosso http://images.malwar...om/vino/VEW.exe

and save it to your desktop

 

Double click it to start it

 

Click the check boxes next to Application and System located under Select log to query on the upper left

 

Under Select type to list on the right click the boxes next to Error and Warning

 

Under Number or date of events select Number of events and type 210 in the box next to 1 to 20 and click Run

 

Once it finishes it will display a log file in notepad

 

Please copy and paste its entire contents into your next reply

Link to comment
Share on other sites

Don't mean to interfere, but here's something else to try...from our own Jacee regrding upodating XP, Vista, Win7

 

 

 

This tip works ... first,

download TFC by Old Timer http://www.geekstogo...er-file187.html and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.
**If not prompted, manually reboot the machine anyway to ensure a complete clean.

After rebooting/restarting your computer, click on "Windows Updates". Choose maybe 8 or 10 at a time to update. DO NOT try to update all of them at one time!

Repeat the process of Windows updating again, choosing a few at a time.

Be aware of .NET updates! Susan Bradley gives her 'update' patch info and chart info in her column on "Windows Secrets". Unfortunately this is only in the 'paid for' version, but I feel the articles are worth the absolute minimum $'s you can contribute.

 

Works for me.

You take it from here Tomk, I'm out. :lol:

 

 

 

 

:geezer:

Link to comment
Share on other sites

Ran it and getting an error: "Cannot find the C:VEW.txt fileDo you want to create a new file?" I select yes and it opens up a blank notepad and there is no c:VEW folder. Selecting no does the same thing

Hmmm... Your running Windows 7. Try right clicking on the icon to run and select "run as administrator..."
Link to comment
Share on other sites

oops my bad, here it is

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in EnglishReport run at 24/03/2013 4:45:58 PMNote: All dates below are in the format dd/mm/yyyy~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'Application' Log - Critical Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'Application' Log - Error Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'Application' Date/Time: 24/03/2013 5:32:50 AMType: Error Category: 0Event: 63 Source: SideBySideActivation context generation failed for "c:program files (x86)spybot - search & destroyDelZip179.dll".Error in manifest or policy file "c:program files (x86)spybot - search & destroyDelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.Log: 'Application' Date/Time: 23/03/2013 10:10:04 PMType: Error Category: 0Event: 80 Source: SideBySideActivation context generation failed for "C:Program Files (x86)ESETESET Online ScannerESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Log: 'Application' Date/Time: 23/03/2013 7:38:23 PMType: Error Category: 0Event: 80 Source: SideBySideActivation context generation failed for "C:UsersPam and EdDesktopesetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Log: 'Application' Date/Time: 23/03/2013 7:38:15 PMType: Error Category: 0Event: 80 Source: SideBySideActivation context generation failed for "C:UsersPam and EdDesktopesetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Log: 'Application' Date/Time: 23/03/2013 7:38:15 PMType: Error Category: 0Event: 80 Source: SideBySideActivation context generation failed for "C:UsersPam and EdDesktopesetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Log: 'Application' Date/Time: 23/03/2013 7:38:05 PMType: Error Category: 0Event: 80 Source: SideBySideActivation context generation failed for "C:UsersPam and EdDesktopesetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Log: 'Application' Date/Time: 23/03/2013 7:38:03 PMType: Error Category: 0Event: 80 Source: SideBySideActivation context generation failed for "C:UsersPam and EdDesktopesetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Log: 'Application' Date/Time: 23/03/2013 4:10:40 PMType: Error Category: 0Event: 63 Source: SideBySideActivation context generation failed for "c:program files (x86)spybot - search & destroyDelZip179.dll".Error in manifest or policy file "c:program files (x86)spybot - search & destroyDelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.Log: 'Application' Date/Time: 22/03/2013 2:01:47 AMType: Error Category: 0Event: 63 Source: SideBySideActivation context generation failed for "c:program files (x86)spybot - search & destroyDelZip179.dll".Error in manifest or policy file "c:program files (x86)spybot - search & destroyDelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.Log: 'Application' Date/Time: 20/03/2013 5:38:47 PMType: Error Category: 100Event: 1000 Source: Application ErrorFaulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe06d7363 Fault offset: 0x0000b9bc Faulting process id: 0x1250 Faulting application start time: 0x01ce258059d235a7 Faulting application path: C:Program Files (x86)Internet Exploreriexplore.exe Faulting module path: C:Windowssyswow64KERNELBASE.dll Report Id: 04769d96-9185-11e2-8717-78acc047c7e1Log: 'Application' Date/Time: 19/03/2013 8:42:21 PMType: Error Category: 100Event: 1000 Source: Application ErrorFaulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe06d7363 Fault offset: 0x0000b9bc Faulting process id: 0x1054 Faulting application start time: 0x01ce24d2b944cd71 Faulting application path: C:Program Files (x86)Internet Exploreriexplore.exe Faulting module path: C:Windowssyswow64KERNELBASE.dll Report Id: 7eb91cf0-90d5-11e2-bb35-78acc047c7e1Log: 'Application' Date/Time: 19/03/2013 12:29:39 AMType: Error Category: 100Event: 1000 Source: Application ErrorFaulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: mgToolbarIE.dll_unloaded, version: 0.0.0.0, time stamp: 0x50c09e86 Exception code: 0xc0000005 Fault offset: 0x100c7760 Faulting process id: 0x4fd8 Faulting application start time: 0x01ce242f91d82b10 Faulting application path: C:Program Files (x86)Internet Exploreriexplore.exe Faulting module path: mgToolbarIE.dll Report Id: 151d6b65-902c-11e2-8146-78acc047c7e1Log: 'Application' Date/Time: 18/03/2013 10:40:17 PMType: Error Category: 100Event: 1000 Source: Application ErrorFaulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: Supreme Savings.dll_unloaded, version: 0.0.0.0, time stamp: 0x5118fb2a Exception code: 0xc0000005 Fault offset: 0x04ea8b45 Faulting process id: 0x8dc Faulting application start time: 0x01ce24298b535562 Faulting application path: C:Program Files (x86)Internet Exploreriexplore.exe Faulting module path: Supreme Savings.dll Report Id: ce47ce1d-901c-11e2-8146-78acc047c7e1Log: 'Application' Date/Time: 18/03/2013 4:23:27 PMType: Error Category: 100Event: 1000 Source: Application ErrorFaulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: mgToolbarIE.dll_unloaded, version: 0.0.0.0, time stamp: 0x50c09e86 Exception code: 0xc0000005 Fault offset: 0x100c7760 Faulting process id: 0x1318 Faulting application start time: 0x01ce23e4ac5364e5 Faulting application path: C:Program Files (x86)Internet Exploreriexplore.exe Faulting module path: mgToolbarIE.dll Report Id: 29b10097-8fe8-11e2-aaf1-78acc047c7e1Log: 'Application' Date/Time: 16/03/2013 8:42:06 PMType: Error Category: 100Event: 1000 Source: Application ErrorFaulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: Supreme Savings.dll_unloaded, version: 0.0.0.0, time stamp: 0x5118fb2a Exception code: 0xc0000005 Fault offset: 0x0c1e8b45 Faulting process id: 0x91c4 Faulting application start time: 0x01ce2273efe55a0d Faulting application path: C:Program Files (x86)Internet Exploreriexplore.exe Faulting module path: Supreme Savings.dll Report Id: f6f34ccb-8e79-11e2-867a-78acc047c7e1Log: 'Application' Date/Time: 16/03/2013 6:27:21 PMType: Error Category: 101Event: 1002 Source: Application HangThe program iexplore.exe version 9.0.8112.16446 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1340 Start Time: 01ce226b44f99ae3 Termination Time: 94 Application Path: C:Program Files (x86)Internet Exploreriexplore.exe Report Id: Log: 'Application' Date/Time: 15/03/2013 3:14:57 PMType: Error Category: 100Event: 1000 Source: Application ErrorFaulting application name: iexplore.exe, version: 9.0.8112.16446, time stamp: 0x4fb57c8f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe06d7363 Fault offset: 0x0000b9bc Faulting process id: 0x12c0 Faulting application start time: 0x01ce217b5c6591c4 Faulting application path: C:Program Files (x86)Internet Exploreriexplore.exe Faulting module path: C:Windowssyswow64KERNELBASE.dll Report Id: 1836d437-8d83-11e2-9d99-78acc047c7e1Log: 'Application' Date/Time: 12/03/2013 11:08:02 PMType: Error Category: 0Event: 63 Source: SideBySideActivation context generation failed for "c:program files (x86)spybot - search & destroyDelZip179.dll".Error in manifest or policy file "c:program files (x86)spybot - search & destroyDelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.Log: 'Application' Date/Time: 11/03/2013 11:01:34 AMType: Error Category: 101Event: 1002 Source: Application HangThe program iexplore.exe version 9.0.8112.16446 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1264 Start Time: 01ce1e46e7126399 Termination Time: 32 Application Path: C:Program Files (x86)Internet Exploreriexplore.exe Report Id: Log: 'Application' Date/Time: 08/03/2013 2:12:52 AMType: Error Category: 101Event: 1002 Source: Application HangThe program iexplore.exe version 9.0.8112.16446 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 190f8 Start Time: 01ce1b68c1ff6319 Termination Time: 93 Application Path: C:Program Files (x86)Internet Exploreriexplore.exe Report Id: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'Application' Log - Warning Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'Application' Date/Time: 24/03/2013 7:21:55 PMType: Warning Category: 0Event: 1 Source: LMSLMS Service cannot connect to Intel® MEI driverLog: 'Application' Date/Time: 24/03/2013 7:20:22 PMType: Warning Category: 0Event: 1530 Source: Microsoft-Windows-User Profiles ServiceWindows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from RegistryUserS-1-5-21-2996467312-3914857777-2486330330-1000:Process 1740 (DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldISWSVC.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000Process 1740 (DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldISWSVC.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000SoftwareCheckPointISWStatsLog: 'Application' Date/Time: 24/03/2013 6:00:11 AMType: Warning Category: 0Event: 0 Source: HP Client ServicesThe event description cannot be found.Log: 'Application' Date/Time: 24/03/2013 6:00:11 AMType: Warning Category: 0Event: 0 Source: HP Client ServicesThe event description cannot be found.Log: 'Application' Date/Time: 24/03/2013 2:15:29 AMType: Warning Category: 0Event: 1 Source: LMSLMS Service cannot connect to Intel® MEI driverLog: 'Application' Date/Time: 24/03/2013 2:14:03 AMType: Warning Category: 0Event: 1530 Source: Microsoft-Windows-User Profiles ServiceWindows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from RegistryUserS-1-5-21-2996467312-3914857777-2486330330-1000:Process 1736 (DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldISWSVC.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000Process 1736 (DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldISWSVC.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000SoftwareCheckPointISWStatsLog: 'Application' Date/Time: 24/03/2013 1:58:46 AMType: Warning Category: 0Event: 1 Source: LMSLMS Service cannot connect to Intel® MEI driverLog: 'Application' Date/Time: 23/03/2013 10:11:21 PMType: Warning Category: 0Event: 1530 Source: Microsoft-Windows-User Profiles ServiceWindows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from RegistryUserS-1-5-21-2996467312-3914857777-2486330330-1000_Classes:Process 1552 (DeviceHarddiskVolume2WindowsSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000_CLASSESProcess 4256 (DeviceHarddiskVolume2WindowsSystem32rundll32.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000_CLASSESLog: 'Application' Date/Time: 23/03/2013 10:11:21 PMType: Warning Category: 0Event: 1530 Source: Microsoft-Windows-User Profiles ServiceWindows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from RegistryUserS-1-5-21-2996467312-3914857777-2486330330-1000:Process 1732 (DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldISWSVC.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000Process 1552 (DeviceHarddiskVolume2WindowsSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000Process 1732 (DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldISWSVC.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000SoftwareCheckPointISWStatsLog: 'Application' Date/Time: 23/03/2013 3:22:07 PMType: Warning Category: 0Event: 0 Source: HP Client ServicesThe event description cannot be found.Log: 'Application' Date/Time: 23/03/2013 3:06:57 PMType: Warning Category: 0Event: 1039 Source: MsiInstallerProduct: Adobe Reader 9.5.4 MUI. The application tried to modify a protected Windows registry key SoftwareClassesInterface{34A715A0-6587-11D0-924A-0020AFC7AC4D}ProxyStubClsid32.Log: 'Application' Date/Time: 23/03/2013 3:06:57 PMType: Warning Category: 0Event: 1039 Source: MsiInstallerProduct: Adobe Reader 9.5.4 MUI. The application tried to modify a protected Windows registry key SoftwareClassesInterface{34A715A0-6587-11D0-924A-0020AFC7AC4D}TypeLib.Log: 'Application' Date/Time: 23/03/2013 3:06:57 PMType: Warning Category: 0Event: 1039 Source: MsiInstallerProduct: Adobe Reader 9.5.4 MUI. The application tried to modify a protected Windows registry key SoftwareClassesInterface{34A715A0-6587-11D0-924A-0020AFC7AC4D}TypeLib.Log: 'Application' Date/Time: 23/03/2013 3:03:01 PMType: Warning Category: 0Event: 1 Source: LMSLMS Service cannot connect to Intel® MEI driverLog: 'Application' Date/Time: 23/03/2013 12:10:16 AMType: Warning Category: 0Event: 1530 Source: Microsoft-Windows-User Profiles ServiceWindows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from RegistryUserS-1-5-21-2996467312-3914857777-2486330330-1000_Classes:Process 3024 (DeviceHarddiskVolume2WindowsSystem32rundll32.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000_CLASSESLog: 'Application' Date/Time: 23/03/2013 12:10:16 AMType: Warning Category: 0Event: 1530 Source: Microsoft-Windows-User Profiles ServiceWindows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from RegistryUserS-1-5-21-2996467312-3914857777-2486330330-1000:Process 3024 (DeviceHarddiskVolume2WindowsSystem32rundll32.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000Process 1876 (DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldISWSVC.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000Process 1876 (DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldISWSVC.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000SoftwareCheckPointISWStatsLog: 'Application' Date/Time: 22/03/2013 10:59:24 PMType: Warning Category: 0Event: 0 Source: HP Client ServicesThe event description cannot be found.Log: 'Application' Date/Time: 22/03/2013 9:29:32 PMType: Warning Category: 0Event: 1 Source: LMSLMS Service cannot connect to Intel® MEI driverLog: 'Application' Date/Time: 22/03/2013 9:28:03 PMType: Warning Category: 0Event: 1530 Source: Microsoft-Windows-User Profiles ServiceWindows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from RegistryUserS-1-5-21-2996467312-3914857777-2486330330-1000:Process 1840 (DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldISWSVC.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000Process 1840 (DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldISWSVC.exe) has opened key REGISTRYUSERS-1-5-21-2996467312-3914857777-2486330330-1000SoftwareCheckPointISWStatsLog: 'Application' Date/Time: 22/03/2013 10:44:38 AMType: Warning Category: 0Event: 0 Source: HP Client ServicesThe event description cannot be found.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'System' Log - Critical Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'System' Date/Time: 20/03/2013 9:00:43 PMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 19/03/2013 9:34:00 PMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 18/03/2013 10:38:06 PMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 23/02/2013 5:53:24 AMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 22/02/2013 10:40:15 PMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 22/02/2013 10:10:21 PMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 22/02/2013 6:11:57 PMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 13/01/2013 1:56:51 AMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 10/01/2013 12:21:02 AMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 22/12/2012 12:27:07 AMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 17/12/2012 4:55:08 PMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 01/12/2012 6:17:03 PMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Log: 'System' Date/Time: 12/11/2012 1:47:04 AMType: Critical Category: 63Event: 41 Source: Microsoft-Windows-Kernel-PowerThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'System' Log - Error Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'System' Date/Time: 24/03/2013 7:10:45 PMType: Error Category: 0Event: 7034 Source: Service Control ManagerThe HP Quick Synchronization Service service terminated unexpectedly. It has done this 1 time(s).Log: 'System' Date/Time: 24/03/2013 11:30:59 AMType: Error Category: 0Event: 8003 Source: bowserThe master browser has received a server announcement from the computer MELANIEBROWN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3673F473-5E5F-4262-8C51-D6D11785A73A}. The master browser is stopping or an election is being forced.Log: 'System' Date/Time: 23/03/2013 3:40:02 PMType: Error Category: 0Event: 7030 Source: Service Control ManagerThe PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Log: 'System' Date/Time: 23/03/2013 3:37:22 PMType: Error Category: 0Event: 1060 Source: Application Popup??C:ComboFixcatchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Log: 'System' Date/Time: 23/03/2013 3:37:22 PMType: Error Category: 0Event: 1060 Source: Application Popup??C:ComboFixcatchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Log: 'System' Date/Time: 23/03/2013 3:34:23 PMType: Error Category: 0Event: 7030 Source: Service Control ManagerThe PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Log: 'System' Date/Time: 22/03/2013 10:57:04 AMType: Error Category: 0Event: 7030 Source: Service Control ManagerThe PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Log: 'System' Date/Time: 22/03/2013 10:51:44 AMType: Error Category: 0Event: 1060 Source: Application Popup??C:ComboFixcatchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Log: 'System' Date/Time: 22/03/2013 10:48:24 AMType: Error Category: 0Event: 7030 Source: Service Control ManagerThe PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Log: 'System' Date/Time: 21/03/2013 10:13:51 PMType: Error Category: 0Event: 7000 Source: Service Control ManagerThe WajamUpdater service failed to start due to the following error: The system cannot find the file specified.Log: 'System' Date/Time: 21/03/2013 10:11:13 PMType: Error Category: 0Event: 7001 Source: Service Control ManagerThe Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.Log: 'System' Date/Time: 21/03/2013 10:00:23 PMType: Error Category: 0Event: 7001 Source: Service Control ManagerThe Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.Log: 'System' Date/Time: 21/03/2013 10:00:23 PMType: Error Category: 0Event: 7001 Source: Service Control ManagerThe Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.Log: 'System' Date/Time: 21/03/2013 10:00:23 PMType: Error Category: 0Event: 7001 Source: Service Control ManagerThe Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.Log: 'System' Date/Time: 21/03/2013 10:00:23 PMType: Error Category: 0Event: 7001 Source: Service Control ManagerThe Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.Log: 'System' Date/Time: 21/03/2013 10:00:23 PMType: Error Category: 0Event: 7001 Source: Service Control ManagerThe Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.Log: 'System' Date/Time: 21/03/2013 10:00:23 PMType: Error Category: 0Event: 7001 Source: Service Control ManagerThe Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.Log: 'System' Date/Time: 21/03/2013 10:00:22 PMType: Error Category: 0Event: 7001 Source: Service Control ManagerThe Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.Log: 'System' Date/Time: 21/03/2013 10:00:22 PMType: Error Category: 0Event: 7001 Source: Service Control ManagerThe Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.Log: 'System' Date/Time: 21/03/2013 10:00:23 PMType: Error Category: 0Event: 10005 Source: Microsoft-Windows-DistributedCOMDCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'System' Log - Warning Type~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Log: 'System' Date/Time: 24/03/2013 7:20:27 PMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 24/03/2013 7:09:58 PMType: Warning Category: 0Event: 1014 Source: Microsoft-Windows-DNS-ClientName resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.Log: 'System' Date/Time: 24/03/2013 2:14:11 AMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 23/03/2013 10:11:24 PMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 23/03/2013 12:10:19 AMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 22/03/2013 9:28:04 PMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 22/03/2013 2:48:08 AMType: Warning Category: 2Event: 16 Source: Microsoft-Windows-WindowsUpdateClientUnable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.Log: 'System' Date/Time: 21/03/2013 9:55:01 PMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 21/03/2013 3:41:51 PMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 21/03/2013 3:30:06 PMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 21/03/2013 1:28:42 PMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 21/03/2013 12:33:41 AMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 21/03/2013 12:23:18 AMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 20/03/2013 9:08:49 PMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 20/03/2013 8:30:49 PMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 20/03/2013 3:34:32 PMType: Warning Category: 0Event: 1014 Source: Microsoft-Windows-DNS-ClientName resolution for the name serv4.sweetpacks.com timed out after none of the configured DNS servers responded.Log: 'System' Date/Time: 20/03/2013 3:38:59 AMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 20/03/2013 2:48:06 AMType: Warning Category: 2Event: 16 Source: Microsoft-Windows-WindowsUpdateClientUnable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.Log: 'System' Date/Time: 20/03/2013 12:53:31 AMType: Warning Category: 0Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfigWLAN AutoConfig service has successfully stopped.Log: 'System' Date/Time: 19/03/2013 11:05:00 PMType: Warning Category: 7Event: 37 Source: Microsoft-Windows-Kernel-Processor-PowerThe speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Link to comment
Share on other sites

Honestly... I'm not sure what all of those are. But it appears that Spybot is causing some trouble. I'd like you to uninstall it for now.

 

After you have it uninstalled, I'd like you to run ComboFix once again. If it asks to update when you run it... please let it.

Link to comment
Share on other sites

i did exit zonealarm but dont think i waited long enough before i ran combofix

 

ComboFix 13-03-24.03 - Pam and Ed 03/24/2013 20:38:31.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2450 [GMT -5:00]Running from: c:usersPam and EdDesktopComboFix.exeFW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}..((((((((((((((((((((((((( Files Created from 2013-02-25 to 2013-03-25 )))))))))))))))))))))))))))))))..2013-03-25 01:46 . 2013-03-25 01:46 -------- d-----w- c:usersDefaultAppDataLocaltemp2013-03-24 02:09 . 2013-03-24 02:13 -------- d-----w- c:windowssoftwaredistribution.bak52013-03-24 02:07 . 2012-07-26 04:55 785512 ----a-w- c:windowssystem32driversWdf01000.sys2013-03-24 02:07 . 2012-07-26 04:55 54376 ----a-w- c:windowssystem32driversWdfLdr.sys2013-03-24 02:07 . 2012-07-26 04:47 2560 ----a-w- c:windowssystem32driversen-USwdf01000.sys.mui2013-03-24 02:07 . 2012-07-26 02:36 9728 ----a-w- c:windowssystem32Wdfres.dll2013-03-22 23:13 . 2013-03-19 10:50 9311288 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{49F5FFCA-5BED-4F1F-8C71-D2F520AEBA0D}mpengine.dll2013-03-22 23:11 . 2013-03-22 23:11 95648 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll2013-03-22 23:07 . 2013-03-22 23:07 -------- d-----w- c:programdataLicenses2013-03-22 21:27 . 2013-03-22 21:27 97 ----a-w- c:windowsDeleteOnReboot.bat2013-03-16 21:38 . 2013-03-16 21:38 -------- d-----w- c:windowsSysWow64searchplugins2013-03-16 21:38 . 2013-03-16 21:38 -------- d-----w- c:windowsSysWow64Extensions2013-03-15 02:18 . 2013-03-15 02:18 -------- d-----w- c:usersPam and EdAppDataLocalPrograms2013-03-15 02:17 . 2013-03-15 02:17 -------- d-----w- c:usersPam and EdAppDataLocalSupreme Savings2013-03-15 02:17 . 2013-03-21 23:32 -------- d-----w- c:program files (x86)Driver Pro2013-03-15 01:05 . 2013-03-15 01:05 -------- d-----w- c:usersPam and EdAppDataRoaming.minecraft2013-03-15 01:04 . 2013-03-21 21:32 -------- d-sh--w- c:windowsSysWow64AI_RecycleBin2013-03-15 01:04 . 2013-03-21 21:32 -------- d-----w- c:programdataStrongvault Online Backup2013-03-15 01:04 . 2013-03-15 01:04 -------- d-----w- c:programdataBrowserProtect2013-03-15 01:04 . 2013-03-21 21:32 -------- d-----w- C:AI_RecycleBin...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-22 23:11 . 2012-09-09 19:13 861088 ----a-w- c:windowsSysWow64npdeployJava1.dll2013-03-22 23:11 . 2011-08-28 13:43 782240 ----a-w- c:windowsSysWow64deployJava1.dll2013-03-13 00:55 . 2012-12-11 00:13 693976 ----a-w- c:windowsSysWow64FlashPlayerApp.exe2013-03-13 00:55 . 2011-05-14 16:01 73432 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl2013-01-21 16:12 . 2013-01-21 16:12 2177664 ----a-w- c:windowssystem32coin93.dll2013-01-17 06:28 . 2013-02-09 16:48 273840 ------w- c:windowssystem32MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINESOFTWAREWow6432Node~Browser Helper Objects{91917DC6-93B9-4E62-B2D6-D39C9618C418}]c:program files (x86)Shop to Win 4Shop to Win 4.dll [bU].[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-12-03 946352]"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-12-19 41208]"HP Quick Launch"="c:program files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe" [2010-11-09 586296]"ZoneAlarm"="c:program files (x86)CheckPointZoneAlarmzatray.exe" [2013-01-02 73984]"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-07-03 252848].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]R3 dc3d;MS Hardware Device Detection Driver (USB);c:windowssystem32DRIVERSdc3d.sys [2012-11-26 75904]R3 GamesAppService;GamesAppService;c:program files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:windowssystem32DRIVERSnetw5v64.sys [2009-06-10 5434368]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [2010-05-07 245792]R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [2009-06-10 292864]R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [2009-06-10 1485312]R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [2009-06-10 740864]R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-12-18 1255736]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32DRIVERSyk62x64.sys [2009-06-10 389120]S2 AERTFilters;Andrea RT Filters Service;c:program filesRealtekAudioHDAAERTSr64.exe [2009-11-18 98208]S2 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [2011-09-09 86072]S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:program filesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-07-21 103992]S2 HPClientSvc;HP Client Services;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-08-06 291896]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:program files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-03-28 94264]S2 HPWMISVC;HPWMISVC;c:program files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2010-11-09 26680]S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:program filesCheckPointZAForceFieldISWKL.sys [2012-11-22 33712]S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:program filesCheckPointZAForceFieldIswSvc.exe [2012-11-22 828072]S2 RoxioNow Service;RoxioNow Service;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-09-11 399344]S2 RtVOsdService;RtVOsdService Installer;c:program filesRealtekRtVOsdRtVOsdService.exe [2010-06-24 315392]S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2009-10-01 2320920]S3 clwvd;CyberLink WebCam Virtual Driver;c:windowssystem32DRIVERSclwvd.sys [2010-09-29 31088]S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [2009-09-17 56344]S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys [2011-01-01 158976]S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2010-03-05 271872]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:windowssystem32DRIVERSnetr28x.sys [2010-11-05 1041760]S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2010-03-23 347680]..Contents of the 'Scheduled Tasks' folder.2013-03-25 c:windowsTasksAdobe Flash Player Updater.job- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-12-11 00:55].2013-03-15 c:windowsTasksHPCeeScheduleForPam and Ed.job- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15].2013-03-08 c:windowsTasksHPCeeScheduleForPAMANDED-HP$.job- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00Zecter]@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"[HKEY_CLASSES_ROOTCLSID{D25B32FE-CB96-491A-98FF-AD59DA382D69}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers01Zecter]@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"[HKEY_CLASSES_ROOTCLSID{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers02Zecter]@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"[HKEY_CLASSES_ROOTCLSID{B3C78E40-6B64-47C3-AE34-60B770881EB8}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers03Zecter]@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"[HKEY_CLASSES_ROOTCLSID{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers04Zecter]@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"[HKEY_CLASSES_ROOTCLSID{855156F0-2A0F-11DE-8C30-0800200C9A66}]2010-09-23 04:53 2210304 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll.[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"SynTPEnh"="c:program files (x86)SynapticsSynTPSynTPEnh.exe" [bU]"RTHDVCPL"="c:program filesRealtekAudioHDARtkNGUI64.exe" [2010-09-22 6489704]"HPWirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe" [2010-07-21 8192]"Mouse Suite 98 Daemon"="ICO.EXE" [2006-09-30 90624]"IgfxTray"="c:windowssystem32igfxtray.exe" [2012-01-11 167704]"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2012-01-11 392984]"Persistence"="c:windowssystem32igfxpers.exe" [2012-01-11 417560]"ISW"="" [bU]"Logitech Download Assistant"="c:windowsSystem32LogiLDA.dll" [2012-09-20 1832760].------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/uLocal Page = c:windowssystem32blank.htmmStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}mLocal Page = c:windowsSysWOW64blank.htmTrusted Zone: internetTrusted Zone: mcafee.comTCP: DhcpNameServer = 192.168.1.1 97.64.183.164 97.64.209.37FF - ProfilePath - c:usersPam and EdAppDataRoamingMozillaFirefoxProfiles1afuxpkr.defaultFF - prefs.js: browser.startup.homepage - www.yahoo.comFF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&barid={7F72E420-8D16-11E2-B3FC-78ACC047C7E1}&q=FF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2013-02-12 18:08; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:program filesCheckPointZAForceFieldWOW64TrustCheckerFF - ExtSQL: !HIDDEN! 2011-10-31 22:07; textlinks@epicplay.com; c:usersPam and EdAppDataRoamingMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}textlinks@epicplay.com.- - - - ORPHANS REMOVED - - - -.AddRemove-EpicPlay - c:program files (x86)EpicPlayepicRemoval.exeAddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:program files (x86)InstallShield Installation Information{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}setup.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:Windowssystem32MacromedFlashFlashUtil64_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]@="0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus1]@="131473".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareMcAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,.[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]@Denied: (Full) (Everyone).Completion time: 2013-03-24 20:57:39ComboFix-quarantined-files.txt 2013-03-25 01:57ComboFix2.txt 2013-03-22 11:08.Pre-Run: 427,372,810,240 bytes freePost-Run: 426,829,688,832 bytes free.- - End Of File - - 6523DF4D8A04C1F109FFDC0B9E17B7F3

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...