Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

snap.do redirect virus.i am still having problems with computer so i am not sure if it is gone


  • This topic is locked This topic is locked
10 replies to this topic

#1 booobooo

booobooo

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 15 December 2012 - 12:33 AM

snap.do appeared to be gone everywhere on c drive but still showed in search engine.i uninstalled Firefox and reinstalled. IE showed no signs of snap.do. no signs of it since reinstall. the main issue i have been having since snap.do arrived is visual. very noticeable in internet explorer and firefox. parts of the pages are not visible, but you can click on them. some pages are almost completely visible and others many things gone. i want to make sure that it is understood that this is not a problem with my monitor directly.it changes areas with pages.the best way i can describe this is, if the screen you are viewing is made up of layers, it is like a layer is missing. i attached a print screen pix of this webpage
https://reg.usps.com/entreg/RegistrationAction!input.action
you can compare what i show and what it is suppose to be
btw, i was using avast. am now using spy doctor with antivirus
erica
not sure if you needed both files so both are attached

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:46 PM

Posted 16 December 2012 - 09:23 AM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 booobooo

booobooo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 December 2012 - 05:51 PM

i hope i am posting this right as a reply
i could not attach files so all are copy paste
i want to really thank you for your prompt replies to my issue


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.6 (12.15.2012:2)
OS: Windows 7 Home Premium x86
Ran by ericabag on Sun 12/16/2012 at 10:06:54.97
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Bar
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1137566945-1674478646-1304806199-1000\software\microsoft\internet explorer\main\\Search Bar
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1137566945-1674478646-1304806199-1000\software\microsoft\internet explorer\main\\Search Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1137566945-1674478646-1304806199-1000\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\SearchAssistant
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1137566945-1674478646-1304806199-1000\software\microsoft\internet explorer\search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\freecauseurlsearchhook.fctoolbarurlsearchhook
Successfully deleted: [Registry Key] hkey_classes_root\freecauseurlsearchhook.fctoolbarurlsearchhook.1
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\zugo
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\freecause
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{88fb16d2-04ea-4ffe-8079-cff68f1b9ce6}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\bandoo"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\ericabag\AppData\Roaming\bandoo"
Successfully deleted: [Folder] "C:\Users\ericabag\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\ericabag\appdata\locallow\conduit"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/16/2012 at 10:10:45.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



# AdwCleaner v2.101 - Logfile created 12/16/2012 at 10:28:20
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : ericabag - ERICABAG-PC
# Boot Mode : Normal
# Running from : C:\Users\ericabag\Downloads\AdwCleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\ericabag\AppData\Roaming\Mozilla\Firefox\Profiles\4gupdryv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\ericabag\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19846 octets] - [13/12/2012 23:50:10]
AdwCleaner[R2].txt - [19907 octets] - [13/12/2012 23:50:30]
AdwCleaner[R3].txt - [19968 octets] - [13/12/2012 23:52:38]
AdwCleaner[S1].txt - [2623 octets] - [16/12/2012 10:14:26]
AdwCleaner[S2].txt - [1110 octets] - [16/12/2012 10:28:20]

########## EOF - C:\AdwCleaner[S2].txt - [1170 octets] ##########


Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.16.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
ericabag :: ERICABAG-PC [administrator]

Protection: Disabled

12/16/2012 10:42:40 AM
mbam-log-2012-12-16 (10-42-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217406
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET SCAN
no file was offered to be saved. here is info

scan results
no threats found
scanned files 290451
infected files 0
cleaned files 0
total scan time 03:10:46
scan status finished

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:46 PM

Posted 16 December 2012 - 07:23 PM

please run the following:

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 booobooo

booobooo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 December 2012 - 09:44 PM

below are logs requested. As far as how my computer runs, performance is fine now. i still have the visual/monitor issues originally stated. this started during the virus and running in safe mode (i am not running in safe mode now). i am guessing here so please be gentle with my ignorance. i refer to the problem as being a layer missing. can you see what i was referring to with original photo posted. the more areas there are on a page to fill in or click on the worse the problem is. looking at my facebook homepage is a disater. if i fill the display with a picture it is perfect, not a flaw. am i correct in my guessing there are layers and do you have any thought on this?
thanks
e

MiniToolBox by Farbar Version: 25-11-2012
Ran by ericabag (administrator) on 16-12-2012 at 19:17:54
Running from "C:\Users\ericabag\Downloads"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost


=========================== Installed Programs ============================

µTorrent (Version: 2.2.0)
7-Zip 4.65
Acala DVD Ripper Professional 6.3.5.275
Adobe AIR (Version: 3.1.0.4880)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Fonts All (Version: 2.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Player (Version: 1.8)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
Advanced Audio FX Engine (Version: 1.12.05)
Akamai NetSession Interface Service
ALTools Update
ALZip (Version: v8.12)
Amazon Add to Wish List IE Extension 1.2 (Version: 1.2)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Audible Download Manager (Version: 6.6.0.12)
AudibleManager (Version: 1997812959.48.56.22940906)
Auto Collage Studio 3.25
BitTorrent (Version: 7.7.2.28499)
Bonjour (Version: 3.0.0.10)
Browser Guard 4.0 (Version: 4.0.0.1884)
calibre (Version: 0.9.7)
Cheetah CD Burner
Cobian Backup 11 Gravity
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Connect (Version: 1.0.0.1)
ConvertXtoDVD 4.0.5.315 (Version: 4.0.5.315)
Creative Centrale (Version: 1.16.02)
Creative Software Update (Version: 1.03.01)
Creative ZEN X-Fi2 Documentation
D3DX10 (Version: 15.4.2368.0902)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell Touchpad (Version: 7.1007.115.102)
Dell Webcam Central (Version: 1.20.10)
DirectXInstallService (Version: 9.0.2)
ERUNT 1.1j
ESET Online Scanner v3
FBackup 4
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
High-Definition Video Playback (Version: 11.1.11500.4.273)
HP Photo Creations (Version: 1.0.0.5192)
HP Photosmart 5510 series Basic Device Software (Version: 25.0.621.0)
HP Photosmart 5510 series Help (Version: 140.0.2.2)
HP Photosmart 5510 series Product Improvement Study (Version: 25.0.621.0)
HP Update (Version: 5.003.000.004)
IncrediMail (Version: 6.2.5.4807)
IncrediMail 2.0 (Version: 6.2.5.4807)
Integrated Webcam Driver (1.00.02.0825)
Intel® TV Wizard
Intel® Matrix Storage Manager
iTunes (Version: 10.6.3.25)
Jarte 4.5 (Version: 4.5)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 5.1.0 (Standard) (Version: 5.1.0)
Karaoke for DirectX (remove only)
kuler (Version: 2.0)
Live! Cam Avatar Creator (Version: 4.6.2303.1)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Media Converter for Philips (Version: 2.5.2.231)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.0.69.0)
Microsoft Image Composite Editor (Version: 1.4.4)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Research AutoCollage 2008 version 1.1 (Version: 1.01.2008)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mobile Broadband Generic Drivers (Version: 2.03.09.005.14)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero Core Components 11 (Version: 11.0.16300.1.23)
Nero Kwik Media (Version: 1.14.12000.23.100)
Nero Kwik Media (Version: 11.2.01100)
Nero Kwik Media Help (CHM) (Version: 11.0.10300)
Nero SharedVideoCodecs (Version: 1.0.11500.1.5)
Nero Update (Version: 11.0.11500.28.0)
nero.prerequisites.msi (Version: 11.0.20010)
NTI Shadow 3 (Version: 3.1.4.0)
PC Tools Spyware Doctor with AntiVirus 9.1 (Version: 9.1)
PDF Settings CS4 (Version: 9.0)
PhoneClean 1.5.0 (Version: 1.5.0)
Photo Collage Creator 3.61
PhotoMail Maker (Version: 6.0.0.1007)
PhotoScape
Photoshop Camera Raw (Version: 5.0)
Photosynth 2.0110.0317.1042 (Version: 3.3.3.3)
Picture Collage Maker Pro 2.2.5
PIXresizer 2.0.4
PowerDVD DX (Version: 8.2.5024)
QuickSet (Version: 9.2.11)
QuickTime (Version: 7.71.80.42)
Roxio Activation Module (Version: 1.0)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator Premier (Version: 10.1)
Roxio Creator Premier (Version: 3.7.0)
Roxio Creator Premier 10 (Version: 10.2.606)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler (Version: 3.2)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.51.22)
Samsung Kies (Version: 2.0.0.11044_11)
Show Presenter (Version: 3.0)
Snuko (Version: 2.6.10.0)
Suite Shared Configuration CS4 (Version: 1.0)
TuneUp Companion 2.2.7 (Version: 2.2.7)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Verizon Wireless MiFi-2200 Firmware Updates (Version: 1.0.3)
VLC media player 1.1.5 (Version: 1.1.5)
VZAccess Manager (Version: 7.3.5.1)
WIDCOMM Bluetooth Software 6.1.0.4502 (Version: 6.1.0.4502)
Winamp (Version: 5.552 )
Winamp Remote (Version: 2.2008.0508.1530)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
WinZip 12.1 (Version: 12.1.8497)
Xilisoft iPod Video Converter (Version: 5.1.37.0326)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

**** End of log ****

Farbar Service Scanner Version: 10-12-2012
Ran by ericabag (administrator) on 16-12-2012 at 19:19:11
Running from "C:\Users\ericabag\Downloads"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-11-14 02:39] - [2012-10-03 09:58] - 1293680 ____A (Microsoft Corporation) E23A56F843E2AEBBB209D0ACCA73C640

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:46 PM

Posted 16 December 2012 - 11:11 PM

Please run the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 booobooo

booobooo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 17 December 2012 - 02:38 AM

i hope all is clean. i may have done something that i shouldnt have. it said i couldnt reply to the last message so i thought i was clean. i did last resort to get screen back looking right. i did system restore. it did fix problem. at time of infection windows did a lot of updates and i am guessing something happened there.
I RAN COMBOFIX BEFORE RESTORE
if all is not clean let me know. i can start at beginning if need be :( or restore back....sorry
i am leaving town for a few days tomorrow but will be right back at it on friday if all is not good.

log follows

ComboFix 12-12-17.01 - ericabag 12/16/2012 21:23:49.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3544.2104 [GMT -7:00]
Running from: c:\users\ericabag\Downloads\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1355457153.bdinstall.bin
c:\programdata\1355463117.bdinstall.bin
c:\users\ericabag\GoToAssistDownloadHelper.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\TEMP\tmp1973254042.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-17 04:37 . 2012-12-17 04:40 -------- d-----w- c:\users\ericabag\AppData\Local\temp
2012-12-17 04:37 . 2012-12-17 04:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-17 04:31 . 2012-12-17 04:31 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA63CC5C-93D3-4819-A59B-6DE90114CE60}\offreg.dll
2012-12-16 17:54 . 2012-12-16 17:54 -------- d-----w- c:\program files\ESET
2012-12-16 17:06 . 2012-12-16 17:06 -------- d-----w- c:\windows\ERUNT
2012-12-16 17:05 . 2012-12-16 17:06 -------- d-----w- C:\JRT
2012-12-15 17:06 . 2012-12-15 17:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-15 16:45 . 2012-12-15 16:45 -------- d-----w- C:\_OTM
2012-12-15 16:40 . 2012-12-15 16:41 -------- d-----w- c:\program files\ERUNT
2012-12-15 16:32 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA63CC5C-93D3-4819-A59B-6DE90114CE60}\mpengine.dll
2012-12-15 04:34 . 2012-10-31 16:19 577176 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-12-15 04:34 . 2012-10-31 16:19 55008 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-12-15 04:34 . 2012-10-31 16:19 36456 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-12-15 04:33 . 2012-10-24 00:40 62688 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-12-15 04:33 . 2012-10-24 00:40 769144 ----a-w- c:\windows\BDTSupport.dll
2012-12-15 04:33 . 2012-10-24 00:40 150648 ----a-w- c:\windows\SGDetectionTool.dll
2012-12-15 04:33 . 2012-10-24 00:40 2280568 ----a-w- c:\windows\PCTBDCore.dll
2012-12-15 04:33 . 2012-10-24 00:40 1690744 ----a-w- c:\windows\PCTBDRes.dll
2012-12-15 04:33 . 2012-10-31 21:21 178584 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-12-15 04:33 . 2012-10-31 21:21 260760 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-12-15 04:32 . 2012-11-01 22:35 19464 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-12-15 04:32 . 2012-11-01 22:35 68272 ----a-w- c:\windows\system32\drivers\pctplsm.sys
2012-12-15 04:32 . 2012-11-01 22:35 71752 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-12-15 04:28 . 2012-02-28 18:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-12-15 04:28 . 2012-02-28 18:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-12-15 04:28 . 2012-10-22 23:38 368616 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-12-15 04:28 . 2012-10-22 23:38 163288 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-12-14 23:21 . 2012-12-14 23:20 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-14 23:20 . 2012-12-14 23:20 -------- d-----w- c:\program files\Java
2012-12-14 08:30 . 2012-12-14 08:30 -------- d-----w- c:\users\ericabag\AppData\Local\Threat Expert
2012-12-14 04:34 . 2012-12-15 04:32 -------- d-----w- c:\program files\PC Tools
2012-12-14 04:28 . 2012-11-01 22:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-12-14 04:28 . 2012-12-15 04:34 -------- d-----w- c:\program files\Common Files\PC Tools
2012-12-14 04:27 . 2012-12-15 04:34 -------- d-----w- c:\programdata\PC Tools
2012-12-14 04:27 . 2012-12-14 04:27 -------- d-----w- c:\users\ericabag\AppData\Roaming\TestApp
2012-12-14 04:19 . 2012-12-14 04:19 -------- d-----w- c:\programdata\BDLogging
2012-12-14 04:18 . 2007-04-11 17:11 511328 ----a-w- c:\windows\capicom.dll
2012-12-14 03:59 . 2012-12-14 03:59 -------- d-----w- c:\users\ericabag\AppData\Roaming\QuickScan
2012-12-14 03:52 . 2012-12-14 07:09 -------- d-----w- c:\program files\Bitdefender
2012-12-14 03:35 . 2012-12-14 05:32 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-12-14 03:08 . 2012-12-14 03:08 -------- d-----w- c:\programdata\IObit
2012-12-14 03:08 . 2012-12-14 03:38 -------- d-----w- c:\users\ericabag\AppData\Roaming\IObit
2012-12-14 03:08 . 2012-12-14 03:08 -------- d-----w- c:\program files\IObit
2012-12-13 10:10 . 2012-11-16 16:33 149536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-12-13 10:10 . 2012-11-14 01:48 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-12-13 10:10 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 10:10 . 2012-11-14 01:51 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-12-13 10:10 . 2012-11-14 01:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-12-13 10:10 . 2012-11-14 01:52 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-12-13 10:09 . 2012-11-14 01:57 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-12-13 10:09 . 2012-11-16 16:33 757280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-12-13 10:09 . 2012-11-14 02:09 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-13 10:09 . 2012-11-14 02:00 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-13 10:09 . 2012-11-14 02:01 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-12-13 10:09 . 2012-11-14 01:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-12 23:51 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 23:51 . 2012-10-04 16:43 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-12 23:51 . 2012-10-04 16:47 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-12-12 23:51 . 2012-10-04 14:57 271360 ----a-w- c:\windows\system32\conhost.exe
2012-12-12 23:49 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 23:49 . 2012-11-05 20:32 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 23:49 . 2012-11-05 20:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 23:49 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 20:58 . 2012-12-12 20:58 -------- d-----w- c:\programdata\Softland
2012-12-12 20:58 . 2012-12-12 20:58 -------- d-----w- c:\users\ericabag\AppData\Roaming\Softland
2012-12-12 20:58 . 2012-12-12 20:58 -------- d-----w- c:\program files\Softland
2012-12-12 20:55 . 2012-12-17 02:57 -------- d-----w- c:\program files\Cobian Backup 11
2012-12-12 10:31 . 2012-12-12 10:34 -------- d-----w- c:\users\ericabag\AppData\Roaming\Jarte
2012-12-12 10:31 . 2012-12-12 10:31 -------- d-----w- c:\program files\Jarte
2012-12-12 10:20 . 2012-12-12 10:20 -------- d-----w- C:\AcalaSoft
2012-12-12 10:14 . 2012-12-12 10:14 -------- d-----w- c:\program files\AcalaSoft
2012-12-10 21:57 . 2012-12-10 21:57 -------- d-----w- c:\users\ericabag\AppData\Roaming\Malwarebytes
2012-12-10 21:57 . 2012-12-10 21:57 -------- d-----w- c:\programdata\Malwarebytes
2012-12-04 03:05 . 2012-12-04 03:05 -------- d-----w- c:\users\ericabag\AppData\Roaming\PhoneClean
2012-12-04 03:05 . 2012-12-04 03:05 -------- d-----w- c:\users\ericabag\AppData\Local\iMobie_Inc
2012-12-04 03:05 . 2012-12-04 03:05 -------- d-----w- c:\program files\iMobie
2012-12-02 23:39 . 2012-12-02 23:39 -------- d-----w- c:\program files\Common Files\Java
2012-12-02 23:39 . 2012-12-14 23:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-02 23:39 . 2012-12-14 23:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-24 11:40 . 2012-11-24 11:42 -------- d-----w- c:\users\ericabag\AppData\Roaming\calibre
2012-11-24 11:40 . 2012-11-24 11:40 -------- d-----w- c:\program files\Calibre2
2012-11-24 07:44 . 2012-11-24 07:44 -------- d-----w- c:\users\ericabag\AppData\Roaming\MajorWare
2012-11-24 07:27 . 2012-11-24 07:27 -------- d-----w- c:\program files\4Media
2012-11-22 17:33 . 2012-11-22 17:33 -------- d-----w- c:\users\ericabag\AppData\Local\CRE
2012-11-22 17:33 . 2012-11-22 17:33 -------- d-----w- c:\program files\BitTorrent
2012-11-22 17:31 . 2012-12-13 10:38 -------- d-----w- c:\users\ericabag\AppData\Roaming\BitTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 14:26 . 2012-09-06 17:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 14:26 . 2011-06-07 00:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-23 23:30 . 2012-12-15 04:33 3488 ----a-w- c:\windows\UDB.zip
2012-10-23 23:30 . 2012-12-15 04:33 131 ----a-w- c:\windows\IDB.zip
2012-10-16 07:39 . 2012-11-28 13:09 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-14 09:39 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 09:39 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-14 09:39 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 09:39 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 09:39 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 09:39 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 09:39 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 09:39 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 09:39 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 09:39 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-14 09:39 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-29 08:27 . 2012-12-14 23:46 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Snuko]
@="{31a4be92-68f1-84fd-e0cb-3b98abed09e3}"
[HKEY_CLASSES_ROOT\CLSID\{31a4be92-68f1-84fd-e0cb-3b98abed09e3}]
2011-06-20 11:09 3455008 ----a-w- c:\program files\MyBackup\Snukoshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Snuko2]
@="{d62c2945-e5f4-48b1-e4ae-6b81a7e9b72d}"
[HKEY_CLASSES_ROOT\CLSID\{d62c2945-e5f4-48b1-e4ae-6b81a7e9b72d}]
2011-06-20 11:09 3455008 ----a-w- c:\program files\MyBackup\Snukoshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Snuko3]
@="{4a5d9b31-7fd3-b7ac-6a7b-15ffee696f7e}"
[HKEY_CLASSES_ROOT\CLSID\{4a5d9b31-7fd3-b7ac-6a7b-15ffee696f7e}]
2011-06-20 11:09 3455008 ----a-w- c:\program files\MyBackup\Snukoshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-08-01 958352]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-08-01 3507088]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-01 20880]
"Akamai NetSession Interface"="c:\users\ericabag\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-11-01 2717816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 2125472]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [x]
R3 GSService;GSService;c:\windows\system32\GSService.exe [x]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [x]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswKbd;aswKbd; [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x]
S1 SnukoFilter;SnukoFilter;c:\windows\system32\DRIVERS\Snuko.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 MCMUv2;Monitor Color Manager;c:\windows\system32\bmon.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 SABBv1b;USB Device Adapter;c:\windows\system32\sasvc.exe [x]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [x]
S2 Snukobackup;Snuko Backup Service;c:\program files\MyBackup\Snukobackup.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [x]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [x]
S3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - ccHP
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVix86
*Deregistered* - SRTSPX
*Deregistered* - SymDS
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SymIRON
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-06 14:26]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 03:00]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 03:00]
.
2012-12-17 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ericabag\AppData\Roaming\Mozilla\Firefox\Profiles\4gupdryv.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - ExtSQL: 2012-12-14 21:33; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; c:\program files\PC Tools\PC Tools Security\BDT\Firefox
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - c:\program files\Gamers Unite! Snag Bar\Toolbar.dll
Toolbar-{25515A79-C1C7-4B97-97F8-31A711694487} - c:\program files\Gamers Unite! Snag Bar\Toolbar.dll
WebBrowser-{25515A79-C1C7-4B97-97F8-31A711694487} - c:\program files\Gamers Unite! Snag Bar\Toolbar.dll
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Dell PC TuneUp Startup - c:\program files\iolo\Common\Lib\ioloLManager.exe
AddRemove-TuneUpMedia - c:\program files\TuneUpMedia\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\08\03\18\05,\"N"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1160)
c:\program files\MyBackup\Snukoshell.dll
c:\program files\MyBackup\LIBEAY32.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\STacSV.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Winamp Remote\bin\OrbTray.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\msiexec.exe
c:\program files\PC Tools\PC Tools Security\pctsSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Winamp Remote\bin\Orb.exe
c:\windows\system32\sppsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-12-16 21:45:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-17 04:45
.
Pre-Run: 109,516,521,472 bytes free
Post-Run: 109,222,203,392 bytes free
.
- - End Of File - - E5DA5F64B6899BC1798D305818D1E2FA

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:46 PM

Posted 17 December 2012 - 09:20 AM

Please re-run ComboFix to make sure no infection was restored

please allow it to update if it asks to do so, post the fresh log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 booobooo

booobooo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 17 December 2012 - 10:24 AM

ok, here is new combofix log. btw, i do know where and when i got virus. the stupid things we do when we are tired. i was having problems for a while with java so i reinstalled. i was tired and didnt notice the site looked like theirs but wasnt. :(
do donations go directly to you? i will hopefully be working in feb and if donation does go to you i want to make sure you get it. can i do a reply to these links in feb?

ComboFix 12-12-17.02 - ericabag 12/17/2012 7:55.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3544.2076 [GMT -7:00]
Running from: c:\users\ericabag\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ericabag\AppData\Local\temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
c:\users\ericabag\AppData\Roaming\inst.exe
c:\users\ericabag\AppData\Roaming\vso_ts_preview.xml
c:\users\ericabag\GoToAssistDownloadHelper.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\TEMP\tmp3545547455.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-17 15:07 . 2012-12-17 15:09 -------- d-----w- c:\users\ericabag\AppData\Local\temp
2012-12-17 15:07 . 2012-12-17 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-17 14:21 . 2012-12-17 14:24 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-17 06:42 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-17 06:35 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4B14875-4560-44A5-B28F-93572B77B3FB}\mpengine.dll
2012-12-16 17:54 . 2012-12-16 17:54 -------- d-----w- c:\program files\ESET
2012-12-16 17:05 . 2012-12-17 06:22 -------- d-----w- C:\JRT
2012-12-15 17:06 . 2012-12-15 17:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-15 16:45 . 2012-12-15 16:45 -------- d-----w- C:\_OTM
2012-12-15 16:40 . 2012-12-17 06:21 -------- d-----w- c:\program files\ERUNT
2012-12-15 04:34 . 2012-10-31 16:19 55008 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-12-14 08:30 . 2012-12-14 08:30 -------- d-----w- c:\users\ericabag\AppData\Local\Threat Expert
2012-12-14 04:36 . 2012-10-24 00:40 150648 ----a-w- c:\windows\SGDetectionTool.dll1213.old
2012-12-14 04:36 . 2012-10-24 00:40 2280568 ----a-w- c:\windows\PCTBDCore.dll1213.old
2012-12-14 04:34 . 2012-12-15 04:32 -------- d-----w- c:\program files\PC Tools
2012-12-14 04:28 . 2012-12-15 04:34 -------- d-----w- c:\program files\Common Files\PC Tools
2012-12-14 04:27 . 2012-12-15 04:34 -------- d-----w- c:\programdata\PC Tools
2012-12-14 04:27 . 2012-12-14 04:27 -------- d-----w- c:\users\ericabag\AppData\Roaming\TestApp
2012-12-14 04:19 . 2012-12-14 04:19 -------- d-----w- c:\programdata\BDLogging
2012-12-14 04:18 . 2007-04-11 17:11 511328 ----a-w- c:\windows\capicom.dll
2012-12-14 03:59 . 2012-12-14 03:59 -------- d-----w- c:\users\ericabag\AppData\Roaming\QuickScan
2012-12-14 03:52 . 2012-12-14 07:09 -------- d-----w- c:\program files\Bitdefender
2012-12-14 03:35 . 2012-12-14 05:32 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-12-14 03:08 . 2012-12-17 06:21 -------- d-----w- c:\users\ericabag\AppData\Roaming\IObit
2012-12-14 03:08 . 2012-12-14 03:08 -------- d-----w- c:\program files\IObit
2012-12-12 23:49 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 20:58 . 2012-12-17 06:21 -------- d-----w- c:\programdata\Softland
2012-12-12 20:58 . 2012-12-12 20:58 -------- d-----w- c:\users\ericabag\AppData\Roaming\Softland
2012-12-12 20:58 . 2012-12-12 20:58 -------- d-----w- c:\program files\Softland
2012-12-12 10:31 . 2012-12-12 10:34 -------- d-----w- c:\users\ericabag\AppData\Roaming\Jarte
2012-12-12 10:31 . 2012-12-17 06:21 -------- d-----w- c:\program files\Jarte
2012-12-12 10:20 . 2012-12-12 10:20 -------- d-----w- C:\AcalaSoft
2012-12-12 10:14 . 2012-12-12 10:14 -------- d-----w- c:\program files\AcalaSoft
2012-12-10 21:57 . 2012-12-10 21:57 -------- d-----w- c:\users\ericabag\AppData\Roaming\Malwarebytes
2012-12-10 21:57 . 2012-12-17 06:13 -------- d-----w- c:\programdata\Malwarebytes
2012-12-10 21:57 . 2012-12-17 06:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-10 21:57 . 2012-09-30 02:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-04 03:05 . 2012-12-04 03:05 -------- d-----w- c:\users\ericabag\AppData\Roaming\PhoneClean
2012-12-04 03:05 . 2012-12-04 03:05 -------- d-----w- c:\users\ericabag\AppData\Local\iMobie_Inc
2012-12-04 03:05 . 2012-12-04 03:05 -------- d-----w- c:\program files\iMobie
2012-12-02 23:39 . 2012-12-02 23:39 -------- d-----w- c:\program files\Common Files\Java
2012-12-02 23:39 . 2012-12-02 23:39 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-02 23:39 . 2012-12-02 23:39 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-02 23:39 . 2012-12-02 23:39 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-24 11:40 . 2012-11-24 11:42 -------- d-----w- c:\users\ericabag\AppData\Roaming\calibre
2012-11-24 11:40 . 2012-11-24 11:40 -------- d-----w- c:\program files\Calibre2
2012-11-24 07:44 . 2012-11-24 07:44 -------- d-----w- c:\users\ericabag\AppData\Roaming\MajorWare
2012-11-24 07:27 . 2012-11-24 07:27 -------- d-----w- c:\program files\4Media
2012-11-24 07:26 . 2012-12-17 14:52 -------- d-----w- c:\programdata\WeCareReminder
2012-11-22 17:33 . 2012-11-22 17:33 -------- d-----w- c:\users\ericabag\AppData\Local\CRE
2012-11-22 17:33 . 2012-12-17 06:22 -------- d-----w- c:\program files\Conduit
2012-11-22 17:33 . 2012-11-22 17:33 -------- d-----w- c:\program files\BitTorrent
2012-11-22 17:31 . 2012-12-17 06:22 -------- d-----w- c:\users\ericabag\AppData\Roaming\BitTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-17 07:26 . 2012-09-06 17:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-17 07:26 . 2011-06-07 00:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2011-10-24 21:09 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-10-24 21:09 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-10-24 21:09 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-10-24 21:09 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-10-24 21:09 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-10-24 21:09 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-10-24 21:09 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 07:39 . 2012-11-28 13:09 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 15:59 . 2012-06-01 15:42 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 17:40 . 2012-11-14 09:39 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 09:39 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-14 09:39 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 09:39 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 09:39 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 09:39 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 09:39 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 09:39 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 09:39 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 09:39 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-14 09:39 78336 ----a-w- c:\windows\system32\synceng.dll
2012-12-05 22:22 . 2012-10-27 03:20 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}]
c:\program files\Gamers Unite! Snag Bar\Toolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Snuko]
@="{31a4be92-68f1-84fd-e0cb-3b98abed09e3}"
[HKEY_CLASSES_ROOT\CLSID\{31a4be92-68f1-84fd-e0cb-3b98abed09e3}]
2011-06-20 11:09 3455008 ----a-w- c:\program files\MyBackup\Snukoshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Snuko2]
@="{d62c2945-e5f4-48b1-e4ae-6b81a7e9b72d}"
[HKEY_CLASSES_ROOT\CLSID\{d62c2945-e5f4-48b1-e4ae-6b81a7e9b72d}]
2011-06-20 11:09 3455008 ----a-w- c:\program files\MyBackup\Snukoshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Snuko3]
@="{4a5d9b31-7fd3-b7ac-6a7b-15ffee696f7e}"
[HKEY_CLASSES_ROOT\CLSID\{4a5d9b31-7fd3-b7ac-6a7b-15ffee696f7e}]
2011-06-20 11:09 3455008 ----a-w- c:\program files\MyBackup\Snukoshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-08-01 958352]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-08-01 3507088]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-01 20880]
"AdobeBridge"="" [BU]
"Akamai NetSession Interface"="c:\users\ericabag\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [BU]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 2125472]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [x]
R3 GSService;GSService;c:\windows\system32\GSService.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [x]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [x]
S1 SnukoFilter;SnukoFilter;c:\windows\system32\DRIVERS\Snuko.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MCMUv2;Monitor Color Manager;c:\windows\system32\bmon.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 SABBv1b;USB Device Adapter;c:\windows\system32\sasvc.exe [x]
S2 Snukobackup;Snuko Backup Service;c:\program files\MyBackup\Snukobackup.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [x]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - ccHP
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVix86
*Deregistered* - SRTSPX
*Deregistered* - SymDS
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SymIRON
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-06 07:26]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 03:00]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 03:00]
.
2012-12-17 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ericabag\AppData\Roaming\Mozilla\Firefox\Profiles\ixlgj6lp.default-1354315463058\
FF - ExtSQL: 2012-12-16 23:26; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\08\03\18\05,\"N"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4072)
c:\program files\MyBackup\Snukoshell.dll
c:\program files\MyBackup\LIBEAY32.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\STacSV.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Winamp Remote\bin\OrbTray.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\msiexec.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-12-17 08:14:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-17 15:14
ComboFix2.txt 2012-12-17 04:45
.
Pre-Run: 125,825,830,912 bytes free
Post-Run: 126,002,868,224 bytes free
.
- - End Of File - - 1E2186F77112ED3630D6F0E22AACDF8A

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:46 PM

Posted 17 December 2012 - 10:34 AM

do donations go directly to you? i will hopefully be working in feb and if donation does go to you i want to make sure you get it. can i do a reply to these links in feb?

yes, they do, thank-you and the topic will be locked, but the information will all still be there in February.

Please re-run the Junkware removal tool again, just to make certain nothing else was restored, but the log looks good


NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version XI)
Having the latest updates ensures there are no security vulnerabilities in your system.



How is the computer running now, are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:46 PM

Posted 30 December 2012 - 07:56 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users