Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix


  • This topic is locked This topic is locked
4 replies to this topic

#1 Harryhatt

Harryhatt

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 16 January 2013 - 05:34 PM

I have windows 7. It was Scanned and had 3298 problems. A friend told me to download combofix. I did and got a log report. Where do i send it or what do I do with it?

Moderator edit: Moved to the appropriate forum.
Roger

Edited by rotor123, 16 January 2013 - 05:44 PM.


BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:01 AM

Posted 16 January 2013 - 05:50 PM

Take a look here: http://www.bleepingcomputer.com/forums/topic34773.html Start with step 6

Since you have already run ComboFix include that log as well.

Post your logs as a new topic in this forum: http://www.bleepingcomputer.com/forums/forum22.html

Not Here.
I see your topic has been moved during my reply. Add your logs as a reply to this topic. Thank you

Reply back here with a link to your new topic and we will close this one to avoid confusion for everyone.

Best of luck to you and thank you for choosing Bleeping Computer for your malware assistance needs.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 Harryhatt

Harryhatt
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 16 January 2013 - 06:22 PM

ComboFix 13-01-16.01 - angelize7664 01,16,2013 11:10:44.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2439 [GMT -8:00]
Running from: c:\users\angelize7664\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\My.Freeze.com NetAssistant\NeTAssistant.dll
c:\program files (x86)\TelevisionFanatic
c:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
c:\users\ANGELI~1\AppData\Local\Temp\7zS5113\HPSLPSVC64.DLL
c:\users\angelize7664\AppData\Local\Temp\7zS5113\HPSLPSVC64.DLL
c:\users\angelize7664\videos\HPPIW.EXE
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 19:24 . 2013-01-16 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-16 19:03 . 2013-01-16 19:03 -------- d-----w- c:\program files (x86)\7-Zip
2013-01-16 19:00 . 2013-01-16 19:00 -------- d-----w- c:\programdata\APN
2013-01-16 18:53 . 2012-11-19 09:01 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBE58ABB-AE79-4CAC-89EA-3AF4A268B6F2}\mpengine.dll
2013-01-16 10:04 . 2013-01-16 10:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-16 10:04 . 2013-01-16 10:04 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-14 21:07 . 2012-11-19 09:01 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-13 19:51 . 2013-01-13 19:51 -------- d-----w- c:\users\angelize7664\AppData\Roaming\ShopAtHome
2013-01-09 21:05 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 21:05 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 21:03 . 2012-11-30 02:44 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-09 21:03 . 2012-11-30 02:44 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-09 21:03 . 2012-11-30 05:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 21:03 . 2012-11-30 04:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 21:03 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 21:03 . 2012-11-30 04:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 21:03 . 2012-11-30 02:44 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-09 21:03 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 21:03 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-31 08:23 . 2012-12-31 08:23 -------- d-----w- c:\users\angelize7664\AppData\Roaming\PC Utility Kit
2012-12-31 08:22 . 2012-12-31 08:22 -------- d-----w- c:\program files (x86)\Common Files\PC Utility Kit
2012-12-31 08:22 . 2012-12-31 08:22 -------- d-----w- c:\programdata\PC Utility Kit
2012-12-31 08:22 . 2012-12-31 08:22 -------- d-----w- c:\program files (x86)\PC Utility Kit
2012-12-29 02:16 . 2012-12-29 02:16 -------- d-----w- c:\users\angelize7664\AppData\Local\Programs
2012-12-27 05:24 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2474F6F-D2CC-44C0-BAF2-3B94E7F4ADCE}\gapaengine.dll
2012-12-27 05:13 . 2012-12-27 05:13 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-12-27 04:53 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74413452-652C-4110-8C26-4B2E7FF2BDC9}\mpengine.dll
2012-12-22 08:30 . 2012-12-22 08:30 -------- d-----w- c:\users\angelize7664\AppData\Roaming\ParetoLogic
2012-12-22 08:30 . 2012-12-27 04:52 -------- d-----w- c:\programdata\ParetoLogic
2012-12-21 11:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 11:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 11:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 11:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-18 10:55 . 2012-03-30 21:41 83560 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 10:04 . 2012-05-25 00:21 859552 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-10 11:04 . 2010-01-11 02:14 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 04:22 . 2012-04-02 00:04 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 04:22 . 2011-05-19 07:31 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-15 00:49 . 2011-03-20 06:54 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-10 15:18 . 2012-12-10 15:18 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-12-10 15:18 . 2012-12-10 15:18 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-12-10 15:18 . 2012-12-10 15:18 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-12-10 15:18 . 2012-12-10 15:18 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-12-10 15:18 . 2012-12-10 15:18 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-12-10 15:18 . 2012-12-10 15:18 82432 ----a-w- c:\windows\system32\icardie.dll
2012-12-10 15:18 . 2012-12-10 15:18 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-12-10 15:18 . 2012-12-10 15:18 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-12-10 15:18 . 2012-12-10 15:18 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-12-10 15:18 . 2012-12-10 15:18 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-12-10 15:18 . 2012-12-10 15:18 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-12-10 15:18 . 2012-12-10 15:18 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-12-10 15:18 . 2012-12-10 15:18 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-12-10 15:18 . 2012-12-10 15:18 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-12-10 15:18 . 2012-12-10 15:18 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-12-10 15:18 . 2012-12-10 15:18 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-12-10 15:18 . 2012-12-10 15:18 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-12-10 15:18 . 2012-12-10 15:18 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-12-10 15:18 . 2012-12-10 15:18 448512 ----a-w- c:\windows\system32\html.iec
2012-12-10 15:18 . 2012-12-10 15:18 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-12-10 15:18 . 2012-12-10 15:18 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-12-10 15:18 . 2012-12-10 15:18 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-12-10 15:18 . 2012-12-10 15:18 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-12-10 15:18 . 2012-12-10 15:18 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-12-10 15:18 . 2012-12-10 15:18 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-10 15:18 . 2012-12-10 15:18 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-12-10 15:18 . 2012-12-10 15:18 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-12-10 15:18 . 2012-12-10 15:18 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-12-10 15:18 . 2012-12-10 15:18 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-12-10 15:18 . 2012-12-10 15:18 222208 ----a-w- c:\windows\system32\msls31.dll
2012-12-10 15:18 . 2012-12-10 15:18 197120 ----a-w- c:\windows\system32\msrating.dll
2012-12-10 15:18 . 2012-12-10 15:18 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-12-10 15:18 . 2012-12-10 15:18 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-12-10 15:18 . 2012-12-10 15:18 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-12-10 15:18 . 2012-12-10 15:18 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-12-10 15:18 . 2012-12-10 15:18 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-12-10 15:18 . 2012-12-10 15:18 149504 ----a-w- c:\windows\system32\occache.dll
2012-12-10 15:18 . 2012-12-10 15:18 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-12-10 15:18 . 2012-12-10 15:18 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-12-10 15:18 . 2012-12-10 15:18 12288 ----a-w- c:\windows\system32\mshta.exe
2012-12-10 15:18 . 2012-12-10 15:18 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-12-10 15:18 . 2012-12-10 15:18 114176 ----a-w- c:\windows\system32\admparse.dll
2012-12-10 15:18 . 2012-12-10 15:18 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-12-10 15:18 . 2012-12-10 15:18 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-12-10 15:18 . 2012-12-10 15:18 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-12-10 15:18 . 2012-12-10 15:18 103936 ----a-w- c:\windows\system32\inseng.dll
2012-12-10 15:18 . 2012-12-10 15:18 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-12-10 15:18 . 2012-12-10 15:18 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-12-10 15:18 . 2012-12-10 15:18 160256 ----a-w- c:\windows\system32\wextract.exe
2012-11-30 04:45 . 2013-01-09 21:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 18:35 . 2010-04-25 14:47 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-14 07:06 . 2012-12-13 11:01 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 11:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 11:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 11:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 11:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 11:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 11:01 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 11:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 11:01 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 11:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 11:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 11:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 11:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 11:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 11:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 11:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 11:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 11:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 11:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 11:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 11:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 11:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-09 05:45 . 2012-12-13 01:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 01:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 01:36 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 01:36 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyn0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}]
2012-10-18 16:10 2572728 ----a-w- c:\users\angelize7664\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Zynga\prxtbZyn0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyn0.dll" [2011-05-09 176936]
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\users\angelize7664\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2012-10-18 2572728]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-07-10 338848]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-19 54576]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-11-22 2127896]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"ShopAtHomeWatcher"="c:\users\angelize7664\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2012-10-18 103864]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1255736]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-10 23:02 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 04:22]
.
2013-01-16 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-12-12 20:51]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 18:30]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 18:30]
.
2013-01-13 c:\windows\Tasks\HPCeeScheduleForangelize7664.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-01-16 c:\windows\Tasks\PC Utility Kit Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-01-09 c:\windows\Tasks\PC Utility Kit Update3.job
- c:\program files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe [2012-03-27 19:30]
.
2013-01-10 c:\windows\Tasks\PC Utility Kit.job
- c:\program files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2012-11-29 21:15]
.
2012-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.15.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00f2c0c6-2194-484e-9064-44e57787867b} - (no file)
BHO-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files (x86)\My.Freeze.com NetAssistant\NetAssistant.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{00F2C0C6-2194-484E-9064-44E57787867B} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2013-01-16 11:41:29 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-16 19:41
.
Pre-Run: 318,018,109,440 bytes free
Post-Run: 318,286,598,144 bytes free
.
- - End Of File - - 22994132F2387B233CB4E5AE9D957F47

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 PM

Posted 18 January 2013 - 02:11 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.


Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists on this computer.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 PM

Posted 24 January 2013 - 09:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users