Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Program Found in Taskbar


  • This topic is locked This topic is locked
17 replies to this topic

#1 Please Help Us

Please Help Us

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 22 April 2012 - 01:12 PM

I was asked to come here from the "Am I infected" board. Link to previous topic:
http://www.bleepingcomputer.com/forums/topic450990.html#entry2674434

I noticed something odd when I examined my taskbar menu icons today. I found a taskbar icon linked to a program called proxycheck.exe. In curiosity I googled it, and most of the links returned with a confirmation for a trojan or backdoor virus. Naturally, this is very worrying and I decided to check in with a website I trust.

What I've done so far is run rkill, then followed up with an ESET Online Scan, Malwarebytes Anti-malware, and a Super Anti-Spyware scan.

So far all of these have returned with no positives as of yet, however, being paranoid I'm not entirely convinced that if there is or isn't anything on my computer. This is where I come to you bleeping computers, please ease my mind on this subject. I'm sorry if this is not the most descriptive post possible, but I've reported everything I've found related to the issue that is relevant to me. Thank you in advance.

I took a picture of what is causing me worry, since I do not know the origin of this file or how it appeared in my hidden icons. I enabled it to show when it would activate on my end, however, as of now, I have not seen anything. Thank you again for your help in the future.
Picture:
http://i41.tinypic.com/2wfmvk1.png

I run on a 64-bit system so I skipped the GMER step since it said to do so. :)


DDS LOG:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Spud at 13:02:42 on 2012-04-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.6564 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\Spud\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: secunia.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C22BFB56-B648-4731-87ED-3C862FEAC362} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Spud\AppData\Roaming\Mozilla\Firefox\Profiles\un3poe1e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-2-17 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-2-17 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-6-29 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-22 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-11 1692480]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-22 16:43:19 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC1C46BA-ED71-40D4-9D5B-6FAD73FA20DF}\mpengine.dll
2012-04-22 10:30:03 -------- d-----w- C:\Riot Games
2012-04-22 08:05:46 -------- d-----w- C:\Users\Spud\AppData\Local\{49C4D943-8600-47F5-AB2A-06A0C7E72167}
2012-04-22 08:05:17 -------- d-----w- C:\Users\Spud\AppData\Local\{E1ACE25C-8481-45E2-84D8-11B8FCEFA5D8}
2012-04-21 17:04:31 -------- d-----w- C:\Users\Spud\AppData\Local\{F6397918-7658-4994-9B0B-B513DAF5B857}
2012-04-21 17:03:57 -------- d-----w- C:\Users\Spud\AppData\Local\{5BC54B02-78B9-46DB-8E10-8FFBB460ADD8}
2012-04-21 05:03:47 -------- d-----w- C:\Users\Spud\AppData\Local\{CB1192C7-103F-4B64-B946-9FABFFA26237}
2012-04-21 05:03:14 -------- d-----w- C:\Users\Spud\AppData\Local\{015859B6-94FD-49E7-A93B-4D5674B1AB5F}
2012-04-20 17:03:02 -------- d-----w- C:\Users\Spud\AppData\Local\{4998C9D8-2AD2-4D97-A107-CA24A27C498C}
2012-04-20 17:02:27 -------- d-----w- C:\Users\Spud\AppData\Local\{C5CE67CC-EAC5-437D-9E33-857707479AB5}
2012-04-20 05:02:15 -------- d-----w- C:\Users\Spud\AppData\Local\{C7BF1542-C93C-4886-9961-0FAE88DECCD9}
2012-04-20 05:02:06 -------- d-----w- C:\Users\Spud\AppData\Local\{68480ABD-0A84-4FC5-9288-C31F4A920605}
2012-04-19 17:01:55 -------- d-----w- C:\Users\Spud\AppData\Local\{0F1BEE5F-E7C7-4A59-BFEC-1D4AF5BE37C8}
2012-04-19 17:01:21 -------- d-----w- C:\Users\Spud\AppData\Local\{BBCCF2AA-A8D1-4FB5-8DD5-899C82BB9805}
2012-04-19 05:01:09 -------- d-----w- C:\Users\Spud\AppData\Local\{3D2B1F4B-85AF-4452-B0AD-1CE488E6990E}
2012-04-19 05:00:43 -------- d-----w- C:\Users\Spud\AppData\Local\{19C8A7BA-A8B4-4BCD-B5C5-D0AB67B13AD4}
2012-04-18 15:58:48 -------- d-----w- C:\Users\Spud\AppData\Local\{3ACC12BE-953E-467F-ADF5-32A1A2E4AB31}
2012-04-18 15:58:35 -------- d-----w- C:\Users\Spud\AppData\Local\{38C56F21-3354-4699-B0D3-4F16B07505A0}
2012-04-18 03:58:24 -------- d-----w- C:\Users\Spud\AppData\Local\{67F9C744-2928-4A16-AF42-3BC1191F1B00}
2012-04-18 03:58:00 -------- d-----w- C:\Users\Spud\AppData\Local\{B5269133-F163-44CF-95E6-198A6234AA00}
2012-04-17 15:00:49 -------- d-----w- C:\Users\Spud\AppData\Local\{8BE67483-3ADF-42D8-9AF9-9A10EDA98492}
2012-04-17 15:00:16 -------- d-----w- C:\Users\Spud\AppData\Local\{FFEA899D-4D53-4A47-8729-460C578F6AE3}
2012-04-17 03:00:04 -------- d-----w- C:\Users\Spud\AppData\Local\{3152CB54-9EB1-44A4-9EBB-EC265C88159D}
2012-04-17 02:59:31 -------- d-----w- C:\Users\Spud\AppData\Local\{21512B47-587F-405B-891F-27E90B4A83FF}
2012-04-16 14:59:20 -------- d-----w- C:\Users\Spud\AppData\Local\{520ABA4E-DA0D-4048-8883-C91C33E6C975}
2012-04-16 14:58:47 -------- d-----w- C:\Users\Spud\AppData\Local\{2517D007-A74B-4FE2-8D82-80FF73E50EAA}
2012-04-16 02:58:34 -------- d-----w- C:\Users\Spud\AppData\Local\{7A448608-65A7-4BED-AF8E-B49622523D9A}
2012-04-16 02:58:00 -------- d-----w- C:\Users\Spud\AppData\Local\{167E36D5-4609-4C84-A359-376E5D2B959D}
2012-04-15 14:57:48 -------- d-----w- C:\Users\Spud\AppData\Local\{CB5AD1E4-260C-4F1A-B398-CFC1D5F85574}
2012-04-15 14:57:16 -------- d-----w- C:\Users\Spud\AppData\Local\{5B3CD495-507D-4768-958A-07A095F249F9}
2012-04-15 02:57:04 -------- d-----w- C:\Users\Spud\AppData\Local\{C663CCC2-DF7A-4343-A756-A99F3BBEF6E6}
2012-04-15 02:56:15 -------- d-----w- C:\Users\Spud\AppData\Local\{3B4C923F-76BC-4378-9551-142770ADD992}
2012-04-14 14:56:03 -------- d-----w- C:\Users\Spud\AppData\Local\{0EB52F5C-2155-49A5-8F7D-9637F7764608}
2012-04-14 14:55:28 -------- d-----w- C:\Users\Spud\AppData\Local\{F5D591E1-B306-4C97-8B6A-0D9BBBDC92B5}
2012-04-14 02:55:05 -------- d-----w- C:\Users\Spud\AppData\Local\{AF2D7AA9-48CE-4F54-B971-0E6936AD768F}
2012-04-14 02:54:46 -------- d-----w- C:\Users\Spud\AppData\Local\{708083D4-01C5-4771-809E-C92FC77BE077}
2012-04-14 02:52:47 -------- d-----w- C:\Windows\en
2012-04-14 02:48:13 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9184e3b1cd19e901\DSETUP.dll
2012-04-14 02:48:13 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9184e3b1cd19e901\DXSETUP.exe
2012-04-14 02:48:13 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9184e3b1cd19e901\dsetup32.dll
2012-04-13 11:57:35 -------- d-----w- C:\Users\Spud\AppData\Local\{AFA4688A-6766-4AF6-95A4-B4D5E1C96E03}
2012-04-13 05:39:55 -------- d-----w- C:\Users\Spud\AppData\Roaming\Rags
2012-04-13 05:39:11 -------- d-----w- C:\Program Files (x86)\RagsGame
2012-04-13 05:38:19 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-04-13 05:38:19 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-04-13 05:38:13 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-04-12 23:56:58 -------- d-----w- C:\Users\Spud\AppData\Local\{31B82539-6934-4B02-B1DE-59D890E6FAA9}
2012-04-12 09:37:00 -------- d-----w- C:\Users\Spud\AppData\Local\{EC4EA301-B4AE-4F63-80D4-B7BA7A769828}
2012-04-11 23:36:45 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 23:36:45 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 23:36:45 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 23:34:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 23:34:50 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 23:34:50 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 23:34:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 23:34:49 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 23:34:49 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 23:34:49 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 21:35:40 -------- d-----w- C:\Users\Spud\AppData\Local\{DFACAFA9-D010-43F0-931A-A05ADD95480B}
2012-04-11 09:34:30 -------- d-----w- C:\Users\Spud\AppData\Local\{FEA29FC8-DB3B-4A93-95A9-27C196D921B5}
2012-04-10 21:26:18 -------- d-----w- C:\Users\Spud\AppData\Local\{FB3944D2-22BD-4A8D-ABB5-F0D787D00C5C}
2012-04-10 21:23:39 0 ----a-w- C:\Windows\SysWow64\sho55E7.tmp
2012-04-10 21:17:07 -------- d-----w- C:\Users\Spud\AppData\Local\{4831C6B6-F25D-4D0A-B292-91362D2DF347}
2012-04-10 09:12:31 -------- d-----w- C:\Users\Spud\AppData\Local\{FB449EFF-FD30-47E1-8538-CF9A7182EC79}
2012-04-09 21:12:10 -------- d-----w- C:\Users\Spud\AppData\Local\{F43029E2-6BB7-4EB7-8636-22DC3010A421}
2012-04-09 08:28:53 -------- d-----w- C:\Users\Spud\AppData\Local\{3DEDD5CB-24BC-436A-A54B-D8EB418BD511}
2012-04-08 20:28:43 -------- d-----w- C:\Users\Spud\AppData\Local\{F1BD8E7F-3B08-48DD-88DB-03FE4F368A42}
2012-04-08 08:28:10 -------- d-----w- C:\Users\Spud\AppData\Local\{A971E1D6-3B0C-4365-B60C-08991AF06B58}
2012-04-07 20:28:00 -------- d-----w- C:\Users\Spud\AppData\Local\{D0C8660F-DC56-472F-9A51-FEAC120C7C72}
2012-04-07 08:27:26 -------- d-----w- C:\Users\Spud\AppData\Local\{55B3C5E8-0C2B-4180-B077-92EACE4427B0}
2012-04-06 20:27:15 -------- d-----w- C:\Users\Spud\AppData\Local\{C5A9D6D9-6A02-44C0-8124-7262071459E7}
2012-04-06 08:26:41 -------- d-----w- C:\Users\Spud\AppData\Local\{8EE70F31-8E24-4BF6-AE0E-1BA84D6C60AA}
2012-04-05 20:26:11 -------- d-----w- C:\Users\Spud\AppData\Local\{DB0B242A-4D59-4C04-B012-ED783060FE5C}
2012-04-05 08:18:17 -------- d-----w- C:\Users\Spud\AppData\Local\{B20DCA9A-3D22-461B-B0E4-FFC726750655}
2012-04-04 20:18:06 -------- d-----w- C:\Users\Spud\AppData\Local\{20F85F28-3B96-464F-81F4-B501C3C717B2}
2012-04-04 08:17:33 -------- d-----w- C:\Users\Spud\AppData\Local\{FCBAA94A-C82D-46E5-8A1B-0CC8A13D77BC}
2012-04-03 20:17:23 -------- d-----w- C:\Users\Spud\AppData\Local\{DF260124-A155-456A-9F8C-D0ED1908733B}
2012-04-03 08:16:49 -------- d-----w- C:\Users\Spud\AppData\Local\{2BDE606C-9071-4FB6-A546-1709FAA74ABA}
2012-04-02 20:16:21 -------- d-----w- C:\Users\Spud\AppData\Local\{26CFF981-FABA-4CC9-856F-A58F7593364C}
2012-04-02 07:19:00 -------- d-----w- C:\Users\Spud\AppData\Local\{70D45EF9-4FC9-4101-ACE9-62FC24199A01}
2012-04-01 19:18:28 -------- d-----w- C:\Users\Spud\AppData\Local\{B26C9639-CECB-42AC-A9CC-13D200B97C81}
2012-04-01 07:17:40 -------- d-----w- C:\Users\Spud\AppData\Local\{24CDF496-6017-4B43-82B8-E7230A03B5DE}
2012-03-31 19:17:06 -------- d-----w- C:\Users\Spud\AppData\Local\{19F83722-06FB-4F62-BB0B-0850A0B4CFF0}
2012-03-31 07:16:33 -------- d-----w- C:\Users\Spud\AppData\Local\{FD5838AF-C151-4F0A-B4B9-A39F3A043B9C}
2012-03-30 19:15:59 -------- d-----w- C:\Users\Spud\AppData\Local\{1C2FCF73-4967-4380-B019-C8B0F2E0E0D5}
2012-03-30 07:15:26 -------- d-----w- C:\Users\Spud\AppData\Local\{5E30AE2B-083F-4F78-8FA0-670208E1F4C6}
2012-03-30 05:44:49 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-29 19:14:53 -------- d-----w- C:\Users\Spud\AppData\Local\{553160CA-F174-4357-8C13-541C2886A9B0}
2012-03-29 07:14:19 -------- d-----w- C:\Users\Spud\AppData\Local\{3EB22175-5925-4CCD-83F0-B1B5EBE38F70}
2012-03-28 19:14:08 -------- d-----w- C:\Users\Spud\AppData\Local\{C81ED826-3FE9-4A58-8641-6FD6B5AAA12D}
2012-03-28 19:13:35 -------- d-----w- C:\Users\Spud\AppData\Local\{4A05CB73-3D19-455F-88F4-301CD9A55F32}
2012-03-28 07:13:24 -------- d-----w- C:\Users\Spud\AppData\Local\{A576F581-281A-487B-B189-1C41A0AAD81B}
2012-03-28 07:12:51 -------- d-----w- C:\Users\Spud\AppData\Local\{9E2DC024-FCF0-4F78-9529-8114F6E15AB1}
2012-03-27 19:12:39 -------- d-----w- C:\Users\Spud\AppData\Local\{63825A2E-4F96-4A26-8B0E-24F6192DC559}
2012-03-27 19:12:07 -------- d-----w- C:\Users\Spud\AppData\Local\{C2C87F3A-C10C-43E4-956F-30A3624BB1F6}
2012-03-27 07:11:56 -------- d-----w- C:\Users\Spud\AppData\Local\{E3B76C3D-4F81-475F-A81A-1209C1A70B51}
2012-03-27 07:11:23 -------- d-----w- C:\Users\Spud\AppData\Local\{54B623FC-859D-47CE-B177-16D4298F450E}
2012-03-26 19:11:09 -------- d-----w- C:\Users\Spud\AppData\Local\{882DB56B-6BF2-4537-BB1D-AF6211C05EDF}
2012-03-26 19:10:56 -------- d-----w- C:\Users\Spud\AppData\Local\{57717E13-1BB5-4CD5-B7B8-16CF701F25AA}
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-26 07:10:44 -------- d-----w- C:\Users\Spud\AppData\Local\{BC24C5EF-9FB7-40B3-B981-7269DE0877EC}
2012-03-26 07:10:11 -------- d-----w- C:\Users\Spud\AppData\Local\{3F951475-CD52-4B71-B894-619ECCC689FA}
2012-03-25 19:09:59 -------- d-----w- C:\Users\Spud\AppData\Local\{C461D4CA-599B-4A5E-8A46-1A5A1F123436}
2012-03-25 19:09:26 -------- d-----w- C:\Users\Spud\AppData\Local\{1FADF56D-9B95-4048-A180-271699AFF1FE}
2012-03-25 07:09:15 -------- d-----w- C:\Users\Spud\AppData\Local\{2B8F3F9C-C1F7-4407-91C7-33263D3CB6B5}
2012-03-25 07:08:42 -------- d-----w- C:\Users\Spud\AppData\Local\{28AF1B5E-46B1-4BA7-8D7F-9AB12A5DFDC6}
2012-03-24 19:08:30 -------- d-----w- C:\Users\Spud\AppData\Local\{6CEB2AA5-5635-4945-A184-DAD1A0E4350A}
2012-03-24 19:07:56 -------- d-----w- C:\Users\Spud\AppData\Local\{BB5383A3-8BC5-4215-85BC-B63F457A7BCE}
2012-03-24 07:07:45 -------- d-----w- C:\Users\Spud\AppData\Local\{A1E64A12-DBD9-4FDA-B531-18140703ECC0}
2012-03-24 07:07:12 -------- d-----w- C:\Users\Spud\AppData\Local\{050603CE-5A50-4CF0-886A-7255ABE476C3}
2012-03-23 19:07:00 -------- d-----w- C:\Users\Spud\AppData\Local\{20D8651C-7FDC-44AD-99AE-F1232AFBC877}
2012-03-23 19:06:26 -------- d-----w- C:\Users\Spud\AppData\Local\{A73CE7B1-2807-44CB-B18B-148B04F2748D}
.
==================== Find3M ====================
.
2012-04-21 23:43:44 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-08 23:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 23:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-16 20:00:56 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-14 17:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 01:41:03 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-02-10 01:41:03 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-10 01:32:40 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-02-10 01:32:30 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 13:07:01.27 ===============

Attached Files


Edited by Please Help Us, 22 April 2012 - 01:14 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 AM

Posted 23 April 2012 - 12:51 PM

We are in the process of researching and investigating your log. Please be patient as we do this and a Helper will respond as soon as possible.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:02:27 PM

Posted 24 April 2012 - 08:44 AM

Hi Please Help Us, my name is Mark and I will be helping you.

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.



There is nothing of significance showing in the logs. It is likely that your Anti Virus blocked the infection leaving Proxycheck.exe behind as a harmless remnant. Nevertheless, we should carry out some further checks and remove that file.

Please follow the instructions below in the order listed and post the log from Combofix in your next reply.

STEP 1
Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
When the window opens click on Start. It will close all running programs and clear the desktop icons.
When complete you will be asked to reboot, accept the request and your PC will reboot automatically.


STEP 2
NOTE: If you have already used Combofix please delete the icon from your desktop.
  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

STEP 3
Please download ComboFix Posted Image from one of the locations below and save it to your Desktop. <-Important!!!
Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.


Please include in your next post.
Log from Combofix.
Tell me if Proxycheck.exe is still present.


#4 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 24 April 2012 - 11:56 AM

Hello, just got done with the combofix scan, and, well, I have a question. During the scan I got an error that dealt with an invalid access. I could not read the message fast enough during the shutdown, however, upon reboot, everything appears to be normal. The only thing different is the icons in my taskbar have been set to default. Everything else is as was, and Proxycheck.exe is still in my taskbar icons tucked away there.

If you have any questions I'll do my best to answer.

EDIT: :crazy: Turns out on restoring my icons through deleting the previous icon history and rebooting explorer.exe it got rid of Proxycheck.exe in the taskmanager bar. Ever have a moment where you feel completely and utterly stupid? :P I suppose a check up is never a bad thing I just feel bad for coming here and wasting your time. Is anything else up captain that you can see in the logs, or is everything okay?

Here is the log:

ComboFix 12-04-24.02 - Spud 04/24/2012 11:25:20.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7287 [GMT -5:00]
Running from: c:\users\Spud\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Spud\AppData\Roaming\Mozilla\Firefox\Profiles\un3poe1e.default\weave\toFetch
c:\users\Spud\AppData\Roaming\Mozilla\Firefox\Profiles\un3poe1e.default\weave\toFetch\clients.json
c:\users\Spud\AppData\Roaming\Mozilla\Firefox\Profiles\un3poe1e.default\weave\toFetch\tabs.json
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
W:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 16:33 . 2012-04-24 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 20:42 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{349B4E60-121E-400A-9FE6-887E6ABBC517}\mpengine.dll
2012-04-22 10:30 . 2012-04-22 10:30 -------- d-----w- C:\Riot Games
2012-04-21 23:43 . 2012-04-21 23:43 -------- d-----w- c:\windows\system32\Macromed
2012-04-14 02:52 . 2012-04-14 02:52 -------- d-----w- c:\windows\en
2012-04-14 02:51 . 2012-04-14 02:51 -------- d-----w- c:\program files\Windows Live
2012-04-14 02:48 . 2012-04-14 02:48 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9184e3b1cd19e901\DSETUP.dll
2012-04-14 02:48 . 2012-04-14 02:48 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9184e3b1cd19e901\DXSETUP.exe
2012-04-14 02:48 . 2012-04-14 02:48 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9184e3b1cd19e901\dsetup32.dll
2012-04-13 05:39 . 2012-04-17 09:01 -------- d-----w- c:\users\Spud\AppData\Roaming\Rags
2012-04-13 05:39 . 2012-04-13 05:39 -------- d-----w- c:\program files (x86)\RagsGame
2012-04-13 05:38 . 2012-04-13 05:38 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-04-13 05:38 . 2012-04-13 05:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-13 05:38 . 2012-04-13 05:38 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-04-11 23:36 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 23:36 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 23:36 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 23:34 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 23:34 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 23:34 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 23:34 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 23:34 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 23:34 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 23:34 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-30 05:44 . 2012-04-21 23:43 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 23:43 . 2011-05-16 13:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 08:46 . 2011-04-04 07:11 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 20:56 . 2010-08-21 22:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-17 06:38 . 2012-03-14 08:40 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 08:40 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 08:40 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 08:40 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 20:00 . 2010-08-11 22:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 15:43 . 2012-02-10 15:46 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBB3F563-977C-49D2-9F5E-05C42DE670D0}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 08:41 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 08:41 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 01:41 . 2012-02-10 01:32 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-10 01:41 . 2010-12-21 07:52 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-10 01:32 . 2010-12-21 07:51 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-10 01:32 . 2012-02-10 01:32 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-03 04:34 . 2012-03-14 08:41 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-08-18 04:19 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 253088]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-08-05 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-08-05 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-18 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: secunia.com
FF - ProfilePath - c:\users\Spud\AppData\Roaming\Mozilla\Firefox\Profiles\un3poe1e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-170886978-1108577658-2134581942-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-170886978-1108577658-2134581942-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-170886978-1108577658-2134581942-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:d0,c5,d7,a0,c8,75,ba,f2,9f,87,d7,7a,25,4f,33,84,42,cd,34,fb,ef,e2,f3,
48,5a,3d,6b,cb,ae,1a,04,82,99,41,ba,41,54,88,f3,54,ef,71,59,cc,db,bb,7e,c3,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-170886978-1108577658-2134581942-1001\Software\SecuROM\License information*]
"datasecu"=hex:71,b0,22,f2,fe,ee,44,f8,27,2b,8a,9e,42,3c,a4,e5,ec,24,e2,1b,69,
89,4e,bb,01,6d,c6,7f,7a,c4,f6,76,be,2a,21,97,be,8d,be,3c,c9,9b,f5,1e,2b,7a,\
"rkeysecu"=hex:8e,87,a9,0d,b7,a8,b1,f3,47,6f,3f,ea,c4,16,2f,ab
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zb_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zb_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-24 11:43:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 16:43
.
Pre-Run: 398,338,523,136 bytes free
Post-Run: 398,036,480,000 bytes free
.
- - End Of File - - 27CCF3F05B637E2F7C97AC92C6CF31A0

Edited by Please Help Us, 24 April 2012 - 12:19 PM.


#5 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:02:27 PM

Posted 24 April 2012 - 02:38 PM

Good job, and you have not wasted my time at all.

There are a couple more things to do to clean up and check for any required updates. After that, we just need to remove the tools used and we will be done, please wait for the instructions before you uninstall anything.

First follow this guide which will completely remove that old icon from the system. If this is what you have already done no need to repeat it.
Clear Past Notification Icons in Windows 7

Then follow the next two steps to remove orphan entries and check if any updates are required.

STEP 1
We are now going to run ComboFix a different way.

Open Notepad by clicking on Posted Image and in the Search box type: Notepad.exe and hit Enter.
Copy and paste everything in the code box below into it.
-- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.

KillAll::

DDS::
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper - No File
BHO-X64: URLRedirectionBHO - No File

Reboot::
  • Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
  • Close your browser and disconnect from the Internet.
  • Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.

    Posted Image
  • This will start ComboFix again and launch the script.
  • ComboFix may reboot your system when it finishes. This is normal.
  • A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next reply.
  • Be sure to re-enable your anti-virus and other security programs after the scan is complete.


STEP 2
Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited by mark1956, 24 April 2012 - 02:40 PM.


#6 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 24 April 2012 - 08:27 PM

Scanning went much smoother this time, not a single error popped up during the process. Here are the logs.

Is there anything else you'd like me to do? :)

Combofix:
ComboFix 12-04-24.05 - Spud 04/24/2012 19:54:38.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7522 [GMT -5:00]
Running from: c:\users\Spud\Desktop\ComboFix.exe
Command switches used :: c:\users\Spud\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Spud\AppData\Roaming\Mozilla\Firefox\Profiles\un3poe1e.default\weave\toFetch
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 01:02 . 2012-04-25 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 18:17 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{305CCFD9-755F-4300-95E7-91466CC2E82C}\mpengine.dll
2012-04-22 10:30 . 2012-04-22 10:30 -------- d-----w- C:\Riot Games
2012-04-21 23:43 . 2012-04-21 23:43 -------- d-----w- c:\windows\system32\Macromed
2012-04-14 02:52 . 2012-04-14 02:52 -------- d-----w- c:\windows\en
2012-04-14 02:51 . 2012-04-14 02:51 -------- d-----w- c:\program files\Windows Live
2012-04-14 02:48 . 2012-04-14 02:48 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9184e3b1cd19e901\DSETUP.dll
2012-04-14 02:48 . 2012-04-14 02:48 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9184e3b1cd19e901\DXSETUP.exe
2012-04-14 02:48 . 2012-04-14 02:48 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9184e3b1cd19e901\dsetup32.dll
2012-04-13 05:39 . 2012-04-17 09:01 -------- d-----w- c:\users\Spud\AppData\Roaming\Rags
2012-04-13 05:39 . 2012-04-13 05:39 -------- d-----w- c:\program files (x86)\RagsGame
2012-04-13 05:38 . 2012-04-13 05:38 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-04-13 05:38 . 2012-04-13 05:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-13 05:38 . 2012-04-13 05:38 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-04-11 23:36 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 23:36 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 23:36 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 23:34 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 23:34 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 23:34 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 23:34 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 23:34 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 23:34 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 23:34 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-30 05:44 . 2012-04-21 23:43 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 23:43 . 2011-05-16 13:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 08:46 . 2011-04-04 07:11 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 20:56 . 2010-08-21 22:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-17 06:38 . 2012-03-14 08:40 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 08:40 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 08:40 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 08:40 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 20:00 . 2010-08-11 22:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 15:43 . 2012-02-10 15:46 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBB3F563-977C-49D2-9F5E-05C42DE670D0}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 08:41 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 08:41 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 01:41 . 2012-02-10 01:32 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-10 01:41 . 2010-12-21 07:52 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-10 01:32 . 2010-12-21 07:51 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-10 01:32 . 2012-02-10 01:32 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-03 04:34 . 2012-03-14 08:41 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-08-18 04:19 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-24_16.34.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-25 01:03 . 2012-04-25 01:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-24 16:34 . 2012-04-24 16:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 01:03 . 2012-04-25 01:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-24 16:34 . 2012-04-24 16:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-25 01:02 354544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-24 16:33 354544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-08-28 01:49 . 2012-04-25 01:02 32488940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-170886978-1108577658-2134581942-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\users\Spud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 253088]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-08-05 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-08-05 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-18 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: secunia.com
FF - ProfilePath - c:\users\Spud\AppData\Roaming\Mozilla\Firefox\Profiles\un3poe1e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-170886978-1108577658-2134581942-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-170886978-1108577658-2134581942-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-170886978-1108577658-2134581942-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:d0,c5,d7,a0,c8,75,ba,f2,9f,87,d7,7a,25,4f,33,84,42,cd,34,fb,ef,e2,f3,
48,5a,3d,6b,cb,ae,1a,04,82,99,41,ba,41,54,88,f3,54,ef,71,59,cc,db,bb,7e,c3,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-170886978-1108577658-2134581942-1001\Software\SecuROM\License information*]
"datasecu"=hex:71,b0,22,f2,fe,ee,44,f8,27,2b,8a,9e,42,3c,a4,e5,ec,24,e2,1b,69,
89,4e,bb,01,6d,c6,7f,7a,c4,f6,76,be,2a,21,97,be,8d,be,3c,c9,9b,f5,1e,2b,7a,\
"rkeysecu"=hex:8e,87,a9,0d,b7,a8,b1,f3,47,6f,3f,ea,c4,16,2f,ab
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zb_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zb_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zb.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-24 20:12:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-25 01:12
ComboFix2.txt 2012-04-24 16:43
.
Pre-Run: 397,677,015,040 bytes free
Post-Run: 397,578,481,664 bytes free
.
- - End Of File - - 10BCD895FBB3F1B51296E1AC6B9DDC54


Security Check:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Secunia PSI (2.0.0.1003)
Java™ 6 Update 31
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox 10.0.3 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Spybot Teatimer.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

#7 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:02:27 PM

Posted 25 April 2012 - 02:43 AM

Ok, things are looking good. Now we need to remove the tools used, after that I will provide instructions for some updates.

To re-enable your CD Emulation drivers if you disabled them, double click DeFogger.exe to run the tool again.

  • The application window will appear.
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK.
  • DeFogger will now ask to reboot the machine...click OK.
To uninstall ComboFix, press the WINKEY + R keys on your keyboard or click Posted Image > Run... and in the Open dialog box, type: ComboFix /Uninstall

Posted Image

  • Press OK.
    -- Vista/Windows 7 users refer to these instructions.
  • If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.
  • This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
  • When it has finished you will see a dialog box stating that "ComboFix has been uninstalled".
  • After that, you can delete the ComboFix.exe program from your computer (Desktop).

    Next
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program.
    If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).


Please post back when this is complete and let me know if you have had any problems.

#8 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 25 April 2012 - 05:02 AM

Alright, everything seems to have gone alright except for that my Microsoft Security Essentials is failing to start real time protection despite the settings saying it should. I'll do a little google-fu but do you know why anything like this would happen? It didn't start happening till I started restarting like crazy for all the steps. :P

Not that I'm angry or anything, just curious.

Also, what else do you require for me to do, I'll do my best. :)

#9 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:02:27 PM

Posted 25 April 2012 - 08:26 AM

Ok, the best way to solve this is to uninstall MSE and then reinstall the newest version.

Please download MSE from here: Microsoft Security Essentials Download then follow the instructions below.

Steps to replace an existing anti-virus
  • Before removing your old anti-virus, download the replacement anti-virus you want to use.
  • Download any specialized removal tools available from the anti-virus vendor.
  • Disconnect from the Internet.
  • Uninstall your current anti-virus.
  • Reboot and install the replacement.
  • Reboot again to ensure it is working properly before reconnecting to the Internet.
  • Connect to the Internet and immediately download the latest definition database updates.
Please refer to this guide if you have any problems with uninstalling MSE.

Please let me know when this is done and if there are any more problems.

#10 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 25 April 2012 - 09:28 AM

Haha, sorry for speaking so soon. As soon as I posted that this morning I saw there was a new version and it fixed it perfectly. I updated and had to call it a night, was up too late.

Anything else sir?

#11 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:02:27 PM

Posted 25 April 2012 - 10:03 AM

Just a couple more things to do and we are finished. Security Check doesn't show Java as out of date, but it is so please update it.

Please update Firefox: How to Update Firefox

Adobe
Please use Add/Remove programs to uninstall any/all versions of Adobe on your system.
Then go to this link here and select the latest version to download and install. You will normally only need the downloads from either of the four "Readers and Players" in the top right hand corner of the page. Older versions of Adobe are vulnerable to infection so should always be uninstalled before installing the most up to date version available.

Java
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Click on Start Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
----------------------------------------------------------

Some additional security measures.
If your present security software does not include a third party Firewall or AntiSpyware.

Go Here for a selection of third party Firewalls.

Go Here or Here for Anti Spyware.

Always keep your Java, Adobe and Flash Player up to date.
Why you should update Java
Why you should update Adobe
Why you should update Flash Player

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of Malwarebytes with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites.

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. WinPatrol takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your start up programs.

You have Spybot S&D on your system. Please read this:
FYI: mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products).


Ad-Aware...have gone into a downhill spiral over the past five years and recently sold the company to Solaria... Majorgeeks stopped listing Ad-Aware as a “pick” some years ago as we watched the quality of the company slip over the years...it can’t stand up to the new generation of anti-spyware applications...

What does the future hold for Ad-Aware?

Ad-Aware has even been placed into the Installers Hall of Shame for bundling and pre-checking Google Chrome during the installation. Also read Lavasoft Turning to the Dark Side? written by a former volunteer (now a MVP) who provided support for Ad-Aware but no longer uses the program.

As for Spybot S&D, most people don't understand how to use TeaTimer and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows Registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. If you don't have understanding how a particular security tool works, then you probably should not be using it. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and in some cases it will even prevent disinfection of malware by those tools.

You have uTorrent on your system. Please read this:
Important Note: Using any torrent, peer-to-peer (P2P) file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare, Azureus/Vuze) or visiting such sites is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. As such, it is not uncommon for some anti-virus/anti-malware disinfection tools to detect torrent related files and programs as a threat and attempt to remove them.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and
malicious Flash ads that install malware. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P file sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications and torrent web sites.
Using such programs or browsing torrent sites is almost a guaranteed way to get yourself infected!!

#12 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 25 April 2012 - 11:38 AM

Alright, all updates out of the way, plus a few other Secunia noticed, I only have one or two questions left for you before I stop bothering you and let you help people who really need it at this point. :P

For the firewall recommendations, do I need need a third party one? I already have a router and am using window's firewall. Is this secure enough or would you recommend I really use one of the third party ones, and if so, do you have a recommendation for any of them?

Also I'm running Super Anti-Spyware already on my computer, would it be safe to use SpywareBlaster as well, or should I only stick to SAS?

Thank you again for all the help you've done so far, sorry I'm asking you so many questions again! :)

#13 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:02:27 PM

Posted 25 April 2012 - 05:20 PM

Anything that can improve your systems security is worth having so I would suggest you install a third party firewall as they do offer a better level of protection when compared to the Windows firewall. I use Comodo which seems to work well but it really is down to personal choice. Be sure to disable Windows Firewall if you decide to install one.

You may find if you use more than one Anti Spyware program you will get conflicts, the rule of thumb is to only have one of any type of security software, i.e. one Firewall, one Anti Virus and one Anti Spyware. Having said that, some can run side by side without causing any problems. If you only have the free version of SAS it is not a full time active scanner, you only get this with the paid for version so it can only be used for running scans, in this case you would benefit from installing SpywareBlaster as it has an active component. If you are uninstalling Spybot S&D make sure you disable Teatimer.exe in the Task Manager first.

If you have any further questions then please ask.

And, you're welcome.

#14 Please Help Us

Please Help Us
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 25 April 2012 - 08:43 PM

Ah, so I would not want to use Comodo since I'm already using Microsoft Security Essentials since the two may conflict? Since it seems like it comes with an anti-malware service already. I'd want a standalone firewall and that's it?

Edit 2: another odd file in my properties taskbar. Objlist.exe, I've never seen it before and it appears like it could be a normal program, but it's always mixed results when it comes to my google-fu it seems.
Picture: http://i45.tinypic.com/2jecjmo.png
^ Edit 3:Sorry I keep editing, Found out the above is supposed to be part of security check, the file you asked me to download to check for updates? At least, that's what it appears to be. Perhaps just a ghost in the taskbar manager like the proxychecker.exe. My only concern is that, well, proxy.exe came back.

Also...I just saw this as well. :o Proxycheck.exe came back.
Picture: http://i46.tinypic.com/346ayhx.png

Maybe they're legitimate programs or another task icon ghost like before? I'm not sure, just scares me to think about it a little bit if they're not. Your advice on this new turn of events sir? Anything I can do to double check, another combofix or something along those lines? Thank you again for your time, I just feel like I went full circle with this. Sorry I just feel like I keep wasting your time at this point. :wacko:

Edited by Please Help Us, 25 April 2012 - 09:13 PM.


#15 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:02:27 PM

Posted 26 April 2012 - 07:14 AM

Ah, so I would not want to use Comodo since I'm already using Microsoft Security Essentials since the two may conflict? Since it seems like it comes with an anti-malware service already. I'd want a standalone firewall and that's it?


Comodo is a standalone Firewall and Microsoft Security Essentials is an Anti Virus, so they will be fine running together.

If you delete the Security Check icon from your desktop (if you have not already done so) and then run this routine again Clear Past Notification Icons in Windows 7, that will get rid of Objlist.exe as well.

It is possible that the registry changes that took place when you previously ran this did not save, so please reboot immediately after making the registry deletions.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users