Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Oh, my...I think I have a hard to deal with virus...


  • This topic is locked This topic is locked
25 replies to this topic

#1 Phxpcman

Phxpcman

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 11 August 2013 - 11:05 PM

Today, after downloading IE10, I have been infected with something nasty. I did a system restore, but it's still there.

One of the pages I visit regularly is www.usagold.com-live gold prices.

It will not open. I can see it for a moment, and then it disappears, and reroutes to a page that says,

 

"We are unable to return you to usagold.com. 

  Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem."

 

Other than that, I have not noticed any malfunctions on my computer (an hp pavilion dv6-7029 laptop).

 

 

I have run malwarebytes, and it found 53 issues. I am running it again, and it has already found 15...

 

I think I must have a virus.

 

I ran DDS (while malwarebytes was running - I hope that's ok.)

Below is the report:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16618  BrowserJavaVersion: 10.25.2
Run by WordProphet at 20:50:53 on 2013-08-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7656.5560 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.youtube.com/inbox?feature=mhee&folder=messages
uURLSearchHooks: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - <orphaned>
BHO: HP SimplePass Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Search Assistant BHO: {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: HP SimplePass Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [Intel AppUp® center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Intel AppUp® center Systray] "C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe" --domain F0399437-FD0C-4A48-B101-F0314A6172E4 --openmode trayicon
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BB4FF7BA-A825-4124-8508-57AB14331C0F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BB4FF7BA-A825-4124-8508-57AB14331C0F}\2656C6B696E6E2735363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{BB4FF7BA-A825-4124-8508-57AB14331C0F}\75F425440525F405845445F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BB4FF7BA-A825-4124-8508-57AB14331C0F}\D697177756374703031303 : DHCPNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{BB4FF7BA-A825-4124-8508-57AB14331C0F}\E4564777F627B6 : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: HP SimplePass Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: HP SimplePass Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-1-18 31360]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 340216]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-27 235520]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-1-26 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-11-13 55936]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-11 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-22 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-22 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-22 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-22 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-12-22 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-12-22 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-12-22 182752]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-5-18 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-12-22 70112]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-11 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-12-22 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-12-22 515968]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-5-18 259688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-18 646248]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-5-18 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 GamingWonderlandService;GamingWonderlandService;C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe --> C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe [?]
S2 NIS;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\smhwadb.sys [2012-10-2 31744]
S3 ATMFBUS;A600 USB Composite Device Driver;C:\Windows\System32\drivers\ATMFBUS.sys [2012-10-2 52096]
S3 ATMFCVsp;A600 Cricket CM Port;C:\Windows\System32\drivers\ATMFCVsp.sys [2012-10-2 60800]
S3 ATMFFLT;A600 USB Modem Installation CD;C:\Windows\System32\drivers\ATMFFLT.sys [2012-10-2 14336]
S3 ATMFMdm;A600 Cricket EVDO Modem;C:\Windows\System32\drivers\ATMFMdm.sys [2012-10-2 60672]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;C:\Windows\System32\drivers\ATMFNET.sys [2012-10-2 133632]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;C:\Windows\System32\drivers\ATMFNVsp.sys [2012-10-2 60800]
S3 ATMFVsp;A600 Cricket Diagnostics Port;C:\Windows\System32\drivers\ATMFVsp.sys [2012-10-2 60800]
S3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1301000.01C\ccSetx64.sys [2012-5-18 167048]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-12-22 196440]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-12-22 106552]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-16 19456]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-13 20016]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);C:\Windows\System32\drivers\smhwdev.sys [2012-10-2 114432]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);C:\Windows\System32\drivers\smhwser.sys [2012-10-2 122624]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2011-12-9 269640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-16 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-12 01:45:58 -------- d-----w- C:\Users\WordProphet\AppData\Roaming\Malwarebytes
2013-08-12 01:45:49 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-12 01:45:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-12 01:45:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-12 01:45:30 -------- d-----w- C:\Users\WordProphet\AppData\Local\Programs
2013-08-12 00:34:58 -------- d-----w- C:\Users\WordProphet\AppData\Local\Adobe
2013-08-12 00:04:38 -------- d--h--w- C:\Windows\msdownld.tmp
2013-07-17 19:01:28 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-08-12 01:36:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-12 01:36:57 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-17 19:01:20 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-17 19:01:20 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-17 03:25:17 0 ----a-w- C:\Windows\SysWow64\sho76D7.tmp
2013-06-17 03:19:27 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
============= FINISH: 20:51:31.92 ===============
 

 

 

 

Attached Files

  • Attached File  dds.txt   22.93KB   0 downloads


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,063 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 12 August 2013 - 05:52 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#3 Phxpcman

Phxpcman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 12 August 2013 - 12:58 PM

Hello, Marius, and thank you for your assistance.

I have read your instructions, and have come to a problem.

 

When I go to C:program files/Malwarebytes...there is no "logs" file...

I opened up my C drive, selected program filesx86, and then selected Malwarebytes anti malware.

But there is no "logs" file.

 

Clinton



#4 Phxpcman

Phxpcman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 12 August 2013 - 01:02 PM

As for your other option, I'm afraid I don't know how to get to C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

How do I get to "documents and settings?



#5 Phxpcman

Phxpcman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 12 August 2013 - 01:39 PM

Well, I went to my malwarebytes program, opened it up, and found this file from last night. Hopefully it is the right one...

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
WordProphet :: WORDPROPHET [administrator]

Protection: Enabled

8/11/2013 8:35:33 PM
mbam-log-2013-08-11 (20-35-33).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 377572
Time elapsed: 41 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 (PUP.Optional.RegCleanPro.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\RegClean Pro (PUP.Optional.RegCleanPro.A) -> No action taken.

Files Detected: 37
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> No action taken.
C:\Users\wally\AppData\Local\Temp\DM\Installer_for_WRAR_3rnw_ar420_exe_067312\Babylon115039.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\wally\AppData\Local\Temp\DM\Installer_for_WRAR_3rnw_ar420_exe_067312\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> No action taken.
C:\Users\wally\AppData\Local\Temp\DM\Installer_for_WRAR_3rnw_ar420_exe_067312\WStest.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\wally\AppData\Local\Temp\is754907076\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\TraditionalCn_rcp_zh-tw.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\Chinese_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\CleanSchedule.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\Danish_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\Dutch_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\eng_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\Finnish_rcp_fi.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\French_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\German_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\greek_rcp_el.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\install_left_image.bmp (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\isxdl.dll (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\Italian_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\Japanese_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\korean_rcp_ko.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\Norwegian_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\polish_rcp_pl.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\portugese_rcp_pt.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\Portuguese_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\RCPUninstall.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\RegCleanPro.dll (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\russian_rcp_ru.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\Spanish_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\Swedish_rcp.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\systweakasp.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\turkish_rcp_tr.ini (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\unins000.dat (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\unins000.exe (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\unins000.msg (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Program Files (x86)\RegClean Pro\xmllite.dll (PUP.Optional.RegCleanPro.A) -> No action taken.
C:\Windows\Tasks\RegClean Pro_DEFAULT.job (PUP.Optional.RegCleanPro.A) -> No action taken.

(end)



#6 Phxpcman

Phxpcman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 12 August 2013 - 01:40 PM

Yes...I am using regcleanpro paid version...



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,063 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 13 August 2013 - 04:01 AM

Don´t use any registry cleaners or so called optimizers - they won´t increase your systems health or speed and may seriously damage windows.

In addition, RegCleanPro is listed as a potentially unwanted program as brings other unwanted software with it.

 

I strongly recommend you to uninstall this tool - your choice.

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#8 Phxpcman

Phxpcman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 13 August 2013 - 08:33 PM

Thank you for your advice.

I ran the scan you suggested. It found no issues...

 

It would seem that, not having a virus, I am having a simple browser hijack problem.

 

The only issue I am having is with the webpage http://www.usagold.com/live/price-break.html.

 

That page works fine on my other PC, but  on my laptop it redirects to this address:

 

res://ieframe.dll/acr_error.htm#usagold.com,http://www.usagold.com/gold-price-live.html

(I copied that from the address bar)

 

...and a page appears that tells me,

 

"We were unable to return you to usagold.com.

Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem."

 

What do you think the problem is?

Thank you for your help.


Edited by Phxpcman, 13 August 2013 - 08:43 PM.


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,063 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 14 August 2013 - 12:54 AM

Let´s ensure there is no malware on the system. If we cannot find anything, we have a look for other possibilities...

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#10 Phxpcman

Phxpcman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 14 August 2013 - 11:47 AM

I have run that program as you suggested, sir.

Here is the log file:

 

ComboFix 13-08-14.02 - WordProphet 08/14/2013   9:23.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7656.5446 [GMT -7:00]
Running from: c:\users\WordProphet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NOPL1SSD\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\sysconfig\charts.swf
c:\program files (x86)\sysconfig\license.txt
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\ButtonUtil.dll
c:\program files (x86)\Vid-Saver\Vid-Saver-bg.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.dll
c:\program files (x86)\Vid-Saver\Vid-Saver.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\programdata\AgentSS
c:\programdata\AgentSS\sslist.dat
c:\programdata\AgentSS\wincfg1.ssf
c:\programdata\AgentSS\wincfg10.ssf
c:\programdata\AgentSS\wincfg100.ssf
c:\programdata\AgentSS\wincfg101.ssf
c:\programdata\AgentSS\wincfg102.ssf
c:\programdata\AgentSS\wincfg103.ssf
c:\programdata\AgentSS\wincfg104.ssf
c:\programdata\AgentSS\wincfg105.ssf
c:\programdata\AgentSS\wincfg106.ssf
c:\programdata\AgentSS\wincfg107.ssf
c:\programdata\AgentSS\wincfg108.ssf
c:\programdata\AgentSS\wincfg109.ssf
c:\programdata\AgentSS\wincfg11.ssf
c:\programdata\AgentSS\wincfg110.ssf
c:\programdata\AgentSS\wincfg111.ssf
c:\programdata\AgentSS\wincfg112.ssf
c:\programdata\AgentSS\wincfg113.ssf
c:\programdata\AgentSS\wincfg114.ssf
c:\programdata\AgentSS\wincfg115.ssf
c:\programdata\AgentSS\wincfg116.ssf
c:\programdata\AgentSS\wincfg117.ssf
c:\programdata\AgentSS\wincfg118.ssf
c:\programdata\AgentSS\wincfg119.ssf
c:\programdata\AgentSS\wincfg12.ssf
c:\programdata\AgentSS\wincfg120.ssf
c:\programdata\AgentSS\wincfg121.ssf
c:\programdata\AgentSS\wincfg122.ssf
c:\programdata\AgentSS\wincfg123.ssf
c:\programdata\AgentSS\wincfg124.ssf
c:\programdata\AgentSS\wincfg125.ssf
c:\programdata\AgentSS\wincfg126.ssf
c:\programdata\AgentSS\wincfg127.ssf
c:\programdata\AgentSS\wincfg128.ssf
c:\programdata\AgentSS\wincfg129.ssf
c:\programdata\AgentSS\wincfg13.ssf
c:\programdata\AgentSS\wincfg130.ssf
c:\programdata\AgentSS\wincfg131.ssf
c:\programdata\AgentSS\wincfg132.ssf
c:\programdata\AgentSS\wincfg133.ssf
c:\programdata\AgentSS\wincfg134.ssf
c:\programdata\AgentSS\wincfg135.ssf
c:\programdata\AgentSS\wincfg136.ssf
c:\programdata\AgentSS\wincfg137.ssf
c:\programdata\AgentSS\wincfg138.ssf
c:\programdata\AgentSS\wincfg139.ssf
c:\programdata\AgentSS\wincfg14.ssf
c:\programdata\AgentSS\wincfg140.ssf
c:\programdata\AgentSS\wincfg141.ssf
c:\programdata\AgentSS\wincfg142.ssf
c:\programdata\AgentSS\wincfg143.ssf
c:\programdata\AgentSS\wincfg144.ssf
c:\programdata\AgentSS\wincfg145.ssf
c:\programdata\AgentSS\wincfg146.ssf
c:\programdata\AgentSS\wincfg147.ssf
c:\programdata\AgentSS\wincfg148.ssf
c:\programdata\AgentSS\wincfg15.ssf
c:\programdata\AgentSS\wincfg16.ssf
c:\programdata\AgentSS\wincfg167.ssf
c:\programdata\AgentSS\wincfg168.ssf
c:\programdata\AgentSS\wincfg169.ssf
c:\programdata\AgentSS\wincfg17.ssf
c:\programdata\AgentSS\wincfg170.ssf
c:\programdata\AgentSS\wincfg171.ssf
c:\programdata\AgentSS\wincfg172.ssf
c:\programdata\AgentSS\wincfg173.ssf
c:\programdata\AgentSS\wincfg174.ssf
c:\programdata\AgentSS\wincfg175.ssf
c:\programdata\AgentSS\wincfg176.ssf
c:\programdata\AgentSS\wincfg177.ssf
c:\programdata\AgentSS\wincfg178.ssf
c:\programdata\AgentSS\wincfg179.ssf
c:\programdata\AgentSS\wincfg18.ssf
c:\programdata\AgentSS\wincfg180.ssf
c:\programdata\AgentSS\wincfg181.ssf
c:\programdata\AgentSS\wincfg182.ssf
c:\programdata\AgentSS\wincfg183.ssf
c:\programdata\AgentSS\wincfg184.ssf
c:\programdata\AgentSS\wincfg185.ssf
c:\programdata\AgentSS\wincfg186.ssf
c:\programdata\AgentSS\wincfg187.ssf
c:\programdata\AgentSS\wincfg188.ssf
c:\programdata\AgentSS\wincfg189.ssf
c:\programdata\AgentSS\wincfg19.ssf
c:\programdata\AgentSS\wincfg190.ssf
c:\programdata\AgentSS\wincfg191.ssf
c:\programdata\AgentSS\wincfg192.ssf
c:\programdata\AgentSS\wincfg193.ssf
c:\programdata\AgentSS\wincfg194.ssf
c:\programdata\AgentSS\wincfg195.ssf
c:\programdata\AgentSS\wincfg196.ssf
c:\programdata\AgentSS\wincfg197.ssf
c:\programdata\AgentSS\wincfg198.ssf
c:\programdata\AgentSS\wincfg199.ssf
c:\programdata\AgentSS\wincfg2.ssf
c:\programdata\AgentSS\wincfg20.ssf
c:\programdata\AgentSS\wincfg200.ssf
c:\programdata\AgentSS\wincfg201.ssf
c:\programdata\AgentSS\wincfg202.ssf
c:\programdata\AgentSS\wincfg203.ssf
c:\programdata\AgentSS\wincfg204.ssf
c:\programdata\AgentSS\wincfg205.ssf
c:\programdata\AgentSS\wincfg206.ssf
c:\programdata\AgentSS\wincfg207.ssf
c:\programdata\AgentSS\wincfg208.ssf
c:\programdata\AgentSS\wincfg209.ssf
c:\programdata\AgentSS\wincfg21.ssf
c:\programdata\AgentSS\wincfg210.ssf
c:\programdata\AgentSS\wincfg211.ssf
c:\programdata\AgentSS\wincfg212.ssf
c:\programdata\AgentSS\wincfg213.ssf
c:\programdata\AgentSS\wincfg214.ssf
c:\programdata\AgentSS\wincfg215.ssf
c:\programdata\AgentSS\wincfg216.ssf
c:\programdata\AgentSS\wincfg217.ssf
c:\programdata\AgentSS\wincfg218.ssf
c:\programdata\AgentSS\wincfg219.ssf
c:\programdata\AgentSS\wincfg22.ssf
c:\programdata\AgentSS\wincfg220.ssf
c:\programdata\AgentSS\wincfg221.ssf
c:\programdata\AgentSS\wincfg222.ssf
c:\programdata\AgentSS\wincfg223.ssf
c:\programdata\AgentSS\wincfg224.ssf
c:\programdata\AgentSS\wincfg225.ssf
c:\programdata\AgentSS\wincfg226.ssf
c:\programdata\AgentSS\wincfg227.ssf
c:\programdata\AgentSS\wincfg228.ssf
c:\programdata\AgentSS\wincfg229.ssf
c:\programdata\AgentSS\wincfg23.ssf
c:\programdata\AgentSS\wincfg230.ssf
c:\programdata\AgentSS\wincfg231.ssf
c:\programdata\AgentSS\wincfg232.ssf
c:\programdata\AgentSS\wincfg233.ssf
c:\programdata\AgentSS\wincfg234.ssf
c:\programdata\AgentSS\wincfg235.ssf
c:\programdata\AgentSS\wincfg236.ssf
c:\programdata\AgentSS\wincfg237.ssf
c:\programdata\AgentSS\wincfg238.ssf
c:\programdata\AgentSS\wincfg239.ssf
c:\programdata\AgentSS\wincfg24.ssf
c:\programdata\AgentSS\wincfg240.ssf
c:\programdata\AgentSS\wincfg241.ssf
c:\programdata\AgentSS\wincfg242.ssf
c:\programdata\AgentSS\wincfg243.ssf
c:\programdata\AgentSS\wincfg244.ssf
c:\programdata\AgentSS\wincfg245.ssf
c:\programdata\AgentSS\wincfg246.ssf
c:\programdata\AgentSS\wincfg247.ssf
c:\programdata\AgentSS\wincfg248.ssf
c:\programdata\AgentSS\wincfg249.ssf
c:\programdata\AgentSS\wincfg25.ssf
c:\programdata\AgentSS\wincfg250.ssf
c:\programdata\AgentSS\wincfg251.ssf
c:\programdata\AgentSS\wincfg252.ssf
c:\programdata\AgentSS\wincfg253.ssf
c:\programdata\AgentSS\wincfg254.ssf
c:\programdata\AgentSS\wincfg255.ssf
c:\programdata\AgentSS\wincfg256.ssf
c:\programdata\AgentSS\wincfg257.ssf
c:\programdata\AgentSS\wincfg258.ssf
c:\programdata\AgentSS\wincfg259.ssf
c:\programdata\AgentSS\wincfg26.ssf
c:\programdata\AgentSS\wincfg260.ssf
c:\programdata\AgentSS\wincfg261.ssf
c:\programdata\AgentSS\wincfg262.ssf
c:\programdata\AgentSS\wincfg263.ssf
c:\programdata\AgentSS\wincfg264.ssf
c:\programdata\AgentSS\wincfg265.ssf
c:\programdata\AgentSS\wincfg266.ssf
c:\programdata\AgentSS\wincfg267.ssf
c:\programdata\AgentSS\wincfg268.ssf
c:\programdata\AgentSS\wincfg269.ssf
c:\programdata\AgentSS\wincfg27.ssf
c:\programdata\AgentSS\wincfg270.ssf
c:\programdata\AgentSS\wincfg271.ssf
c:\programdata\AgentSS\wincfg272.ssf
c:\programdata\AgentSS\wincfg273.ssf
c:\programdata\AgentSS\wincfg274.ssf
c:\programdata\AgentSS\wincfg275.ssf
c:\programdata\AgentSS\wincfg276.ssf
c:\programdata\AgentSS\wincfg277.ssf
c:\programdata\AgentSS\wincfg278.ssf
c:\programdata\AgentSS\wincfg279.ssf
c:\programdata\AgentSS\wincfg28.ssf
c:\programdata\AgentSS\wincfg280.ssf
c:\programdata\AgentSS\wincfg281.ssf
c:\programdata\AgentSS\wincfg282.ssf
c:\programdata\AgentSS\wincfg283.ssf
c:\programdata\AgentSS\wincfg284.ssf
c:\programdata\AgentSS\wincfg285.ssf
c:\programdata\AgentSS\wincfg286.ssf
c:\programdata\AgentSS\wincfg287.ssf
c:\programdata\AgentSS\wincfg288.ssf
c:\programdata\AgentSS\wincfg289.ssf
c:\programdata\AgentSS\wincfg29.ssf
c:\programdata\AgentSS\wincfg290.ssf
c:\programdata\AgentSS\wincfg291.ssf
c:\programdata\AgentSS\wincfg292.ssf
c:\programdata\AgentSS\wincfg293.ssf
c:\programdata\AgentSS\wincfg294.ssf
c:\programdata\AgentSS\wincfg295.ssf
c:\programdata\AgentSS\wincfg296.ssf
c:\programdata\AgentSS\wincfg297.ssf
c:\programdata\AgentSS\wincfg298.ssf
c:\programdata\AgentSS\wincfg299.ssf
c:\programdata\AgentSS\wincfg3.ssf
c:\programdata\AgentSS\wincfg30.ssf
c:\programdata\AgentSS\wincfg300.ssf
c:\programdata\AgentSS\wincfg301.ssf
c:\programdata\AgentSS\wincfg302.ssf
c:\programdata\AgentSS\wincfg303.ssf
c:\programdata\AgentSS\wincfg304.ssf
c:\programdata\AgentSS\wincfg305.ssf
c:\programdata\AgentSS\wincfg306.ssf
c:\programdata\AgentSS\wincfg307.ssf
c:\programdata\AgentSS\wincfg308.ssf
c:\programdata\AgentSS\wincfg309.ssf
c:\programdata\AgentSS\wincfg31.ssf
c:\programdata\AgentSS\wincfg310.ssf
c:\programdata\AgentSS\wincfg311.ssf
c:\programdata\AgentSS\wincfg312.ssf
c:\programdata\AgentSS\wincfg313.ssf
c:\programdata\AgentSS\wincfg314.ssf
c:\programdata\AgentSS\wincfg315.ssf
c:\programdata\AgentSS\wincfg316.ssf
c:\programdata\AgentSS\wincfg317.ssf
c:\programdata\AgentSS\wincfg318.ssf
c:\programdata\AgentSS\wincfg319.ssf
c:\programdata\AgentSS\wincfg32.ssf
c:\programdata\AgentSS\wincfg320.ssf
c:\programdata\AgentSS\wincfg321.ssf
c:\programdata\AgentSS\wincfg322.ssf
c:\programdata\AgentSS\wincfg323.ssf
c:\programdata\AgentSS\wincfg324.ssf
c:\programdata\AgentSS\wincfg325.ssf
c:\programdata\AgentSS\wincfg326.ssf
c:\programdata\AgentSS\wincfg327.ssf
c:\programdata\AgentSS\wincfg328.ssf
c:\programdata\AgentSS\wincfg329.ssf
c:\programdata\AgentSS\wincfg33.ssf
c:\programdata\AgentSS\wincfg330.ssf
c:\programdata\AgentSS\wincfg331.ssf
c:\programdata\AgentSS\wincfg332.ssf
c:\programdata\AgentSS\wincfg333.ssf
c:\programdata\AgentSS\wincfg334.ssf
c:\programdata\AgentSS\wincfg335.ssf
c:\programdata\AgentSS\wincfg336.ssf
c:\programdata\AgentSS\wincfg337.ssf
c:\programdata\AgentSS\wincfg338.ssf
c:\programdata\AgentSS\wincfg339.ssf
c:\programdata\AgentSS\wincfg34.ssf
c:\programdata\AgentSS\wincfg340.ssf
c:\programdata\AgentSS\wincfg341.ssf
c:\programdata\AgentSS\wincfg342.ssf
c:\programdata\AgentSS\wincfg343.ssf
c:\programdata\AgentSS\wincfg344.ssf
c:\programdata\AgentSS\wincfg345.ssf
c:\programdata\AgentSS\wincfg346.ssf
c:\programdata\AgentSS\wincfg347.ssf
c:\programdata\AgentSS\wincfg348.ssf
c:\programdata\AgentSS\wincfg349.ssf
c:\programdata\AgentSS\wincfg35.ssf
c:\programdata\AgentSS\wincfg350.ssf
c:\programdata\AgentSS\wincfg351.ssf
c:\programdata\AgentSS\wincfg352.ssf
c:\programdata\AgentSS\wincfg353.ssf
c:\programdata\AgentSS\wincfg354.ssf
c:\programdata\AgentSS\wincfg355.ssf
c:\programdata\AgentSS\wincfg356.ssf
c:\programdata\AgentSS\wincfg357.ssf
c:\programdata\AgentSS\wincfg358.ssf
c:\programdata\AgentSS\wincfg359.ssf
c:\programdata\AgentSS\wincfg36.ssf
c:\programdata\AgentSS\wincfg360.ssf
c:\programdata\AgentSS\wincfg361.ssf
c:\programdata\AgentSS\wincfg362.ssf
c:\programdata\AgentSS\wincfg363.ssf
c:\programdata\AgentSS\wincfg364.ssf
c:\programdata\AgentSS\wincfg365.ssf
c:\programdata\AgentSS\wincfg366.ssf
c:\programdata\AgentSS\wincfg367.ssf
c:\programdata\AgentSS\wincfg368.ssf
c:\programdata\AgentSS\wincfg369.ssf
c:\programdata\AgentSS\wincfg37.ssf
c:\programdata\AgentSS\wincfg370.ssf
c:\programdata\AgentSS\wincfg371.ssf
c:\programdata\AgentSS\wincfg372.ssf
c:\programdata\AgentSS\wincfg373.ssf
c:\programdata\AgentSS\wincfg374.ssf
c:\programdata\AgentSS\wincfg375.ssf
c:\programdata\AgentSS\wincfg376.ssf
c:\programdata\AgentSS\wincfg377.ssf
c:\programdata\AgentSS\wincfg378.ssf
c:\programdata\AgentSS\wincfg379.ssf
c:\programdata\AgentSS\wincfg38.ssf
c:\programdata\AgentSS\wincfg380.ssf
c:\programdata\AgentSS\wincfg381.ssf
c:\programdata\AgentSS\wincfg382.ssf
c:\programdata\AgentSS\wincfg383.ssf
c:\programdata\AgentSS\wincfg384.ssf
c:\programdata\AgentSS\wincfg385.ssf
c:\programdata\AgentSS\wincfg386.ssf
c:\programdata\AgentSS\wincfg387.ssf
c:\programdata\AgentSS\wincfg388.ssf
c:\programdata\AgentSS\wincfg389.ssf
c:\programdata\AgentSS\wincfg39.ssf
c:\programdata\AgentSS\wincfg390.ssf
c:\programdata\AgentSS\wincfg391.ssf
c:\programdata\AgentSS\wincfg392.ssf
c:\programdata\AgentSS\wincfg393.ssf
c:\programdata\AgentSS\wincfg394.ssf
c:\programdata\AgentSS\wincfg395.ssf
c:\programdata\AgentSS\wincfg396.ssf
c:\programdata\AgentSS\wincfg397.ssf
c:\programdata\AgentSS\wincfg398.ssf
c:\programdata\AgentSS\wincfg399.ssf
c:\programdata\AgentSS\wincfg4.ssf
c:\programdata\AgentSS\wincfg40.ssf
c:\programdata\AgentSS\wincfg400.ssf
c:\programdata\AgentSS\wincfg401.ssf
c:\programdata\AgentSS\wincfg402.ssf
c:\programdata\AgentSS\wincfg403.ssf
c:\programdata\AgentSS\wincfg404.ssf
c:\programdata\AgentSS\wincfg405.ssf
c:\programdata\AgentSS\wincfg406.ssf
c:\programdata\AgentSS\wincfg407.ssf
c:\programdata\AgentSS\wincfg408.ssf
c:\programdata\AgentSS\wincfg409.ssf
c:\programdata\AgentSS\wincfg41.ssf
c:\programdata\AgentSS\wincfg410.ssf
c:\programdata\AgentSS\wincfg411.ssf
c:\programdata\AgentSS\wincfg412.ssf
c:\programdata\AgentSS\wincfg413.ssf
c:\programdata\AgentSS\wincfg414.ssf
c:\programdata\AgentSS\wincfg415.ssf
c:\programdata\AgentSS\wincfg416.ssf
c:\programdata\AgentSS\wincfg417.ssf
c:\programdata\AgentSS\wincfg418.ssf
c:\programdata\AgentSS\wincfg419.ssf
c:\programdata\AgentSS\wincfg42.ssf
c:\programdata\AgentSS\wincfg420.ssf
c:\programdata\AgentSS\wincfg421.ssf
c:\programdata\AgentSS\wincfg422.ssf
c:\programdata\AgentSS\wincfg423.ssf
c:\programdata\AgentSS\wincfg424.ssf
c:\programdata\AgentSS\wincfg425.ssf
c:\programdata\AgentSS\wincfg426.ssf
c:\programdata\AgentSS\wincfg427.ssf
c:\programdata\AgentSS\wincfg428.ssf
c:\programdata\AgentSS\wincfg429.ssf
c:\programdata\AgentSS\wincfg43.ssf
c:\programdata\AgentSS\wincfg430.ssf
c:\programdata\AgentSS\wincfg431.ssf
c:\programdata\AgentSS\wincfg432.ssf
c:\programdata\AgentSS\wincfg433.ssf
c:\programdata\AgentSS\wincfg434.ssf
c:\programdata\AgentSS\wincfg435.ssf
c:\programdata\AgentSS\wincfg436.ssf
c:\programdata\AgentSS\wincfg437.ssf
c:\programdata\AgentSS\wincfg438.ssf
c:\programdata\AgentSS\wincfg439.ssf
c:\programdata\AgentSS\wincfg44.ssf
c:\programdata\AgentSS\wincfg440.ssf
c:\programdata\AgentSS\wincfg441.ssf
c:\programdata\AgentSS\wincfg442.ssf
c:\programdata\AgentSS\wincfg443.ssf
c:\programdata\AgentSS\wincfg444.ssf
c:\programdata\AgentSS\wincfg445.ssf
c:\programdata\AgentSS\wincfg446.ssf
c:\programdata\AgentSS\wincfg447.ssf
c:\programdata\AgentSS\wincfg448.ssf
c:\programdata\AgentSS\wincfg449.ssf
c:\programdata\AgentSS\wincfg45.ssf
c:\programdata\AgentSS\wincfg450.ssf
c:\programdata\AgentSS\wincfg451.ssf
c:\programdata\AgentSS\wincfg452.ssf
c:\programdata\AgentSS\wincfg453.ssf
c:\programdata\AgentSS\wincfg454.ssf
c:\programdata\AgentSS\wincfg455.ssf
c:\programdata\AgentSS\wincfg456.ssf
c:\programdata\AgentSS\wincfg457.ssf
c:\programdata\AgentSS\wincfg458.ssf
c:\programdata\AgentSS\wincfg459.ssf
c:\programdata\AgentSS\wincfg46.ssf
c:\programdata\AgentSS\wincfg460.ssf
c:\programdata\AgentSS\wincfg461.ssf
c:\programdata\AgentSS\wincfg462.ssf
c:\programdata\AgentSS\wincfg463.ssf
c:\programdata\AgentSS\wincfg464.ssf
c:\programdata\AgentSS\wincfg465.ssf
c:\programdata\AgentSS\wincfg466.ssf
c:\programdata\AgentSS\wincfg467.ssf
c:\programdata\AgentSS\wincfg468.ssf
c:\programdata\AgentSS\wincfg469.ssf
c:\programdata\AgentSS\wincfg47.ssf
c:\programdata\AgentSS\wincfg470.ssf
c:\programdata\AgentSS\wincfg471.ssf
c:\programdata\AgentSS\wincfg472.ssf
c:\programdata\AgentSS\wincfg473.ssf
c:\programdata\AgentSS\wincfg474.ssf
c:\programdata\AgentSS\wincfg475.ssf
c:\programdata\AgentSS\wincfg476.ssf
c:\programdata\AgentSS\wincfg477.ssf
c:\programdata\AgentSS\wincfg478.ssf
c:\programdata\AgentSS\wincfg479.ssf
c:\programdata\AgentSS\wincfg48.ssf
c:\programdata\AgentSS\wincfg480.ssf
c:\programdata\AgentSS\wincfg481.ssf
c:\programdata\AgentSS\wincfg482.ssf
c:\programdata\AgentSS\wincfg483.ssf
c:\programdata\AgentSS\wincfg484.ssf
c:\programdata\AgentSS\wincfg485.ssf
c:\programdata\AgentSS\wincfg486.ssf
c:\programdata\AgentSS\wincfg487.ssf
c:\programdata\AgentSS\wincfg488.ssf
c:\programdata\AgentSS\wincfg489.ssf
c:\programdata\AgentSS\wincfg49.ssf
c:\programdata\AgentSS\wincfg490.ssf
c:\programdata\AgentSS\wincfg491.ssf
c:\programdata\AgentSS\wincfg492.ssf
c:\programdata\AgentSS\wincfg493.ssf
c:\programdata\AgentSS\wincfg494.ssf
c:\programdata\AgentSS\wincfg495.ssf
c:\programdata\AgentSS\wincfg496.ssf
c:\programdata\AgentSS\wincfg497.ssf
c:\programdata\AgentSS\wincfg498.ssf
c:\programdata\AgentSS\wincfg499.ssf
c:\programdata\AgentSS\wincfg5.ssf
c:\programdata\AgentSS\wincfg50.ssf
c:\programdata\AgentSS\wincfg500.ssf
c:\programdata\AgentSS\wincfg51.ssf
c:\programdata\AgentSS\wincfg52.ssf
c:\programdata\AgentSS\wincfg53.ssf
c:\programdata\AgentSS\wincfg54.ssf
c:\programdata\AgentSS\wincfg55.ssf
c:\programdata\AgentSS\wincfg56.ssf
c:\programdata\AgentSS\wincfg57.ssf
c:\programdata\AgentSS\wincfg58.ssf
c:\programdata\AgentSS\wincfg59.ssf
c:\programdata\AgentSS\wincfg6.ssf
c:\programdata\AgentSS\wincfg60.ssf
c:\programdata\AgentSS\wincfg61.ssf
c:\programdata\AgentSS\wincfg62.ssf
c:\programdata\AgentSS\wincfg63.ssf
c:\programdata\AgentSS\wincfg64.ssf
c:\programdata\AgentSS\wincfg65.ssf
c:\programdata\AgentSS\wincfg66.ssf
c:\programdata\AgentSS\wincfg67.ssf
c:\programdata\AgentSS\wincfg68.ssf
c:\programdata\AgentSS\wincfg69.ssf
c:\programdata\AgentSS\wincfg7.ssf
c:\programdata\AgentSS\wincfg70.ssf
c:\programdata\AgentSS\wincfg71.ssf
c:\programdata\AgentSS\wincfg72.ssf
c:\programdata\AgentSS\wincfg73.ssf
c:\programdata\AgentSS\wincfg74.ssf
c:\programdata\AgentSS\wincfg75.ssf
c:\programdata\AgentSS\wincfg76.ssf
c:\programdata\AgentSS\wincfg77.ssf
c:\programdata\AgentSS\wincfg78.ssf
c:\programdata\AgentSS\wincfg79.ssf
c:\programdata\AgentSS\wincfg8.ssf
c:\programdata\AgentSS\wincfg80.ssf
c:\programdata\AgentSS\wincfg81.ssf
c:\programdata\AgentSS\wincfg82.ssf
c:\programdata\AgentSS\wincfg83.ssf
c:\programdata\AgentSS\wincfg84.ssf
c:\programdata\AgentSS\wincfg85.ssf
c:\programdata\AgentSS\wincfg86.ssf
c:\programdata\AgentSS\wincfg87.ssf
c:\programdata\AgentSS\wincfg88.ssf
c:\programdata\AgentSS\wincfg89.ssf
c:\programdata\AgentSS\wincfg9.ssf
c:\programdata\AgentSS\wincfg90.ssf
c:\programdata\AgentSS\wincfg91.ssf
c:\programdata\AgentSS\wincfg92.ssf
c:\programdata\AgentSS\wincfg93.ssf
c:\programdata\AgentSS\wincfg94.ssf
c:\programdata\AgentSS\wincfg95.ssf
c:\programdata\AgentSS\wincfg96.ssf
c:\programdata\AgentSS\wincfg97.ssf
c:\programdata\AgentSS\wincfg98.ssf
c:\programdata\AgentSS\wincfg99.ssf
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-14 to 2013-08-14  )))))))))))))))))))))))))))))))
.
.
2013-08-14 16:36 . 2013-08-14 16:36 -------- d-----w- c:\users\wally\AppData\Local\temp
2013-08-14 16:36 . 2013-08-14 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-14 03:33 . 2013-08-14 03:37 -------- d-----w- c:\windows\system32\MRT
2013-08-14 00:44 . 2013-08-14 01:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-14 00:36 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 00:36 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-14 00:36 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 00:36 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 00:36 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 00:36 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-14 00:36 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-14 00:36 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-14 00:36 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 00:36 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-12 01:45 . 2013-08-12 01:45 -------- d-----w- c:\users\WordProphet\AppData\Roaming\Malwarebytes
2013-08-12 01:45 . 2013-08-12 01:45 -------- d-----w- c:\programdata\Malwarebytes
2013-08-12 01:45 . 2013-08-12 01:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-12 01:45 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-12 01:45 . 2013-08-12 01:45 -------- d-----w- c:\users\WordProphet\AppData\Local\Programs
2013-08-12 01:22 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-08-12 01:22 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-08-12 01:22 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-08-12 01:22 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-08-12 01:22 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-08-12 01:22 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-08-12 01:22 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-08-12 01:22 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-08-12 01:22 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-08-12 01:22 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-08-12 01:22 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-12 01:22 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-08-12 01:20 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-12 01:20 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-08-12 00:34 . 2013-08-12 01:37 -------- d-----w- c:\users\WordProphet\AppData\Local\Adobe
2013-08-12 00:04 . 2013-08-12 00:04 -------- d--h--w- c:\windows\msdownld.tmp
2013-07-17 19:01 . 2013-07-17 19:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 03:32 . 2012-12-16 06:21 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-12 01:36 . 2012-03-10 02:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-12 01:36 . 2012-03-10 02:08 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-17 19:01 . 2012-10-05 00:33 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-17 19:01 . 2012-10-05 00:33 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-09 04:45 . 2013-08-14 00:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-17 03:25 . 2013-06-17 03:25 0 ----a-w- c:\windows\SysWow64\sho76D7.tmp
2013-06-17 03:20 . 2013-06-17 03:20 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-17 03:20 . 2013-06-17 03:20 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-17 03:20 . 2013-06-17 03:20 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-17 03:20 . 2013-06-17 03:20 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-17 03:20 . 2013-06-17 03:20 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-17 03:20 . 2013-06-17 03:20 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-17 03:20 . 2013-06-17 03:20 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-17 03:20 . 2013-06-17 03:20 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-17 03:20 . 2013-06-17 03:20 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-17 03:20 . 2013-06-17 03:20 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-17 03:20 . 2013-06-17 03:20 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-17 03:20 . 2013-06-17 03:20 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-17 03:20 . 2013-06-17 03:20 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-17 03:20 . 2013-06-17 03:20 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-17 03:20 . 2013-06-17 03:20 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-17 03:20 . 2013-06-17 03:20 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-17 03:20 . 2013-06-17 03:20 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-17 03:20 . 2013-06-17 03:20 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-17 03:20 . 2013-06-17 03:20 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-17 03:20 . 2013-06-17 03:20 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-17 03:20 . 2013-06-17 03:20 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-17 03:20 . 2013-06-17 03:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-17 03:20 . 2013-06-17 03:20 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-17 03:20 . 2013-06-17 03:20 441856 ----a-w- c:\windows\system32\html.iec
2013-06-17 03:20 . 2013-06-17 03:20 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-17 03:20 . 2013-06-17 03:20 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-17 03:20 . 2013-06-17 03:20 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-17 03:20 . 2013-06-17 03:20 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-17 03:20 . 2013-06-17 03:20 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-17 03:20 . 2013-06-17 03:20 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-17 03:20 . 2013-06-17 03:20 235008 ----a-w- c:\windows\system32\url.dll
2013-06-17 03:20 . 2013-06-17 03:20 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-17 03:20 . 2013-06-17 03:20 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-17 03:20 . 2013-06-17 03:20 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-17 03:20 . 2013-06-17 03:20 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-17 03:20 . 2013-06-17 03:20 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-17 03:20 . 2013-06-17 03:20 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-17 03:20 . 2013-06-17 03:20 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-17 03:20 . 2013-06-17 03:20 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-17 03:20 . 2013-06-17 03:20 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-17 03:20 . 2013-06-17 03:20 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-17 03:20 . 2013-06-17 03:20 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-17 03:20 . 2013-06-17 03:20 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-17 03:20 . 2013-06-17 03:20 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-17 03:20 . 2013-06-17 03:20 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-17 03:20 . 2013-06-17 03:20 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-17 03:20 . 2013-06-17 03:20 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-17 03:20 . 2013-06-17 03:20 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-17 03:20 . 2013-06-17 03:20 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-17 03:19 . 2013-06-17 03:19 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-17 03:19 . 2013-06-17 03:19 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-17 03:19 . 2013-06-17 03:19 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-17 03:19 . 2013-06-17 03:19 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-17 03:19 . 2013-06-17 03:19 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-17 03:19 . 2013-06-17 03:19 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-17 03:19 . 2013-06-17 03:19 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-17 03:19 . 2013-06-17 03:19 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-17 03:19 . 2013-06-17 03:19 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-17 03:19 . 2013-06-17 03:19 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-17 03:19 . 2013-06-17 03:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-17 03:19 . 2013-06-17 03:19 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-17 03:19 . 2013-06-17 03:19 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-17 03:19 . 2013-06-17 03:19 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-17 03:19 . 2013-06-17 03:19 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-17 03:19 . 2013-06-17 03:19 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-17 03:19 . 2013-06-17 03:19 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-17 03:19 . 2013-06-17 03:19 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-17 03:19 . 2013-06-17 03:19 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-17 03:19 . 2013-06-17 03:19 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-17 03:19 . 2013-06-17 03:19 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-17 03:19 . 2013-06-17 03:19 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-17 03:19 . 2013-06-17 03:19 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-17 03:19 . 2013-06-17 03:19 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-17 03:19 . 2013-06-17 03:19 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-17 03:19 . 2013-06-17 03:19 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-06-17 03:19 . 2013-06-17 03:19 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-06-17 03:19 . 2013-06-17 03:19 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-06-17 03:19 . 2013-06-17 03:19 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ab5d199e-9659-47a2-930b-fc3b69061353}]
2012-10-15 09:21 62864 ----a-w- c:\program files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a899079d-206f-43a6-be6a-07e0fa648ea0}"= "c:\program files (x86)\GamingWonderland\bar\1.bin\gtbar.dll" [2012-10-15 703632]
.
[HKEY_CLASSES_ROOT\clsid\{a899079d-206f-43a6-be6a-07e0fa648ea0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-27 630912]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"Intel AppUp® center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-09-25 156000]
"Intel AppUp® center Systray"="c:\program files (x86)\Intel\IntelAppStore\bin\AppUp.exe" [2012-09-25 917792]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 GamingWonderlandService;GamingWonderlandService;c:\progra~2\GAMING~2\bar\1.bin\gtbarsvc.exe;c:\progra~2\GAMING~2\bar\1.bin\gtbarsvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys;c:\windows\SYSNATIVE\Drivers\smhwadb.sys [x]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFBUS.sys [x]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFCVsp.sys [x]
R3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFFLT.sys [x]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFMdm.sys [x]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFNET.sys [x]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFNVsp.sys [x]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFVsp.sys [x]
R3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1301000.01C\ccSetx64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys;c:\windows\SYSNATIVE\DRIVERS\smhwdev.sys [x]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys;c:\windows\SYSNATIVE\DRIVERS\smhwser.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\SYSNATIVE\drivers\amdiox64.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-10 01:36]
.
2013-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22 22:28]
.
2013-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22 22:28]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752888363-812739472-2210568600-1004Core.job
- c:\users\wally\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-05 10:54]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752888363-812739472-2210568600-1004UA.job
- c:\users\wally\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-05 10:54]
.
2013-03-04 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-12-15 c:\windows\Tasks\HPCeeScheduleForwally.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2012-12-22 c:\windows\Tasks\HPCeeScheduleForWordProphet.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2013-08-14 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2013-05-31 01:32]
.
2013-06-17 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2013-05-31 01:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-10-05 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/inbox?feature=mhee&folder=messages
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110011341191} - c:\program files (x86)\Vid-Saver\Vid-Saver.dll
BHO-{7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - (no file)
Wow6432Node-HKLM-Run-GamingWonderland Search Scope Monitor - c:\progra~2\GAMING~2\bar\1.bin\gtsrchmn.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-14  09:39:55
ComboFix-quarantined-files.txt  2013-08-14 16:39
.
Pre-Run: 662,144,602,112 bytes free
Post-Run: 661,651,394,560 bytes free
.
- - End Of File - - C115DC3334FEA6EA21B3DBD9FB789EA6
A36C5E4F47E84449FF07ED3517B43A31
 



#11 Phxpcman

Phxpcman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 14 August 2013 - 11:55 AM

And unfortunately, I am still having the same problem with usagold.com/live gold prices...

:(

Incidentally, I tried to do a browser hijack repair yesterday, but there was no hijack showing.

 

The window in the hosts file said:

127.0.0.1 localhost

::localhost

 

And there were no other addresses present...


Edited by Phxpcman, 14 August 2013 - 11:57 AM.


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,063 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 15 August 2013 - 04:19 AM

Don´t do any scans without recommendation!

Your problem seems to be not malware related - but before we can go after it, we have to take out some remainings of adware that was isntalled on your computer.

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Edited by TB-Psychotic, 15 August 2013 - 04:20 AM.

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#13 Phxpcman

Phxpcman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 15 August 2013 - 11:28 AM

Sir,

 

I'm afraid I don't understand.

There is nothing attached to your message except an image.

I don't have access to either of the icons in the image you sent me; and I don't know where to get them...



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,063 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 16 August 2013 - 12:49 AM

there went something wrong while attaching, I´m sorry. Here is the file you have to drag into combofix:

Attached Files


Edited by TB-Psychotic, 16 August 2013 - 12:49 AM.

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#15 Phxpcman

Phxpcman
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 16 August 2013 - 04:45 PM

Ok...this is getting a bit frustrating, sir...

 

I downloaded that file that you gave me, "CFScript.txt.

 

It has downloaded into my "downloads" folder on my laptop.

There are only 2 options when I click the link: open, or save. When I click save, it downloads it to my downloads file.

When I click open a window pops up with some text.

 

I don't know what you mean by "Download the attached CFScript.txt and save it to the location where Combofix is."

 

What location is that? What is Combofix? Is it on my computer somewhere?

I don't see anything on my computer like the image you showed me...

 

Please explain. I am more than willing to follow your instructions to get this process completed...
 






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users