Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I still have anything I need to remove?


  • This topic is locked This topic is locked
1 reply to this topic

#1 simtrick

simtrick

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 13 February 2013 - 05:31 PM

Thanks in advance

 

 

ComboFix 13-02-13.02 - Kirk's 02/13/2013  14:12:19.35.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.245 [GMT -8:00]
Running from: c:\users\Kirk's\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-13 to 2013-02-13  )))))))))))))))))))))))))))))))
.
.
2013-02-13 22:20 . 2013-02-13 22:20    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-02-13 22:20 . 2013-02-13 22:20    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-12 17:07 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C76ED62-BF6E-4D8A-B2F1-0A01112E3412}\mpengine.dll
2013-02-11 02:57 . 2013-02-11 02:57    --------    d-----w-    c:\programdata\RightClick
2013-02-11 02:52 . 2013-02-11 03:17    --------    d-----w-    c:\programdata\Browse2save
2013-02-11 02:51 . 2013-02-11 02:51    --------    d-----w-    c:\program files (x86)\Common Files\Software Update Utility
2013-02-11 02:34 . 2013-02-11 02:38    --------    d-----w-    c:\users\Kirk's\AppData\Local\Torch
2013-02-11 02:07 . 2013-02-11 02:07    --------    d-----w-    c:\programdata\CLSoft LTD
2013-02-11 02:07 . 2013-02-11 03:17    --------    d-----w-    c:\programdata\MagniPic
2013-02-10 03:50 . 2013-02-10 03:50    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-02-10 03:49 . 2013-02-10 03:49    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-10 03:49 . 2013-02-10 03:49    --------    d-----w-    c:\program files (x86)\Java
2013-02-08 04:03 . 2013-02-08 04:03    0    ----a-w-    c:\windows\SysWow64\shoDC8B.tmp
2013-02-08 01:17 . 2013-02-08 01:17    --------    d-----w-    C:\found.001
2013-02-08 00:12 . 2013-02-10 01:07    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-08 00:11 . 2013-02-08 00:11    --------    d-----w-    c:\program files (x86)\Apple Software Update
2013-02-08 00:11 . 2013-02-08 00:11    --------    d-----w-    c:\program files\Common Files\Apple
2013-02-07 01:01 . 2013-02-13 02:50    71024    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-07 01:01 . 2013-02-13 02:50    691568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-07 00:49 . 2013-02-07 00:49    --------    d-----w-    c:\users\Public\CyberLink
2013-02-07 00:48 . 2013-02-07 00:48    --------    d-----w-    c:\users\Kirk's\AppData\Roaming\Auslogics
2013-02-07 00:45 . 2013-02-07 00:45    --------    d-----w-    c:\users\Kirk's\AppData\Roaming\InstallShield
2013-02-07 00:38 . 2013-02-07 00:38    0    ----a-w-    c:\windows\SysWow64\shoC18A.tmp
2013-02-06 21:52 . 2013-02-06 21:52    --------    d-----w-    c:\programdata\McAfee Security Scan
2013-02-06 06:13 . 2013-02-06 06:13    --------    d-----w-    c:\program files (x86)\McAfee Security Scan
2013-02-02 07:43 . 2013-02-02 07:44    14794312    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
2013-02-02 07:43 . 2013-02-02 07:44    --------    d-----w-    c:\program files (x86)\LastPass
2013-02-01 07:09 . 2013-02-01 07:09    0    ----a-w-    c:\windows\SysWow64\sho1056.tmp
2013-02-01 03:58 . 2012-10-30 23:51    370288    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-02-01 03:58 . 2012-10-30 23:51    25232    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-02-01 03:58 . 2012-10-30 23:51    59728    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-02-01 03:58 . 2012-10-30 23:51    984144    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-02-01 03:58 . 2012-10-30 23:51    71600    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-02-01 03:58 . 2012-10-15 16:59    54072    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-02-01 03:58 . 2012-10-30 23:51    41224    ----a-w-    c:\windows\avastSS.scr
2013-02-01 03:58 . 2012-10-30 23:50    227648    ----a-w-    c:\windows\SysWow64\aswBoot.exe
2013-02-01 03:17 . 2013-02-07 07:04    --------    d-----w-    c:\users\Kirk's\AppData\Roaming\Malwarebytes
2013-02-01 03:16 . 2013-02-01 03:16    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-01 03:16 . 2013-02-01 03:16    --------    d-----w-    c:\programdata\Malwarebytes
2013-02-01 03:16 . 2012-12-15 00:49    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-01-27 02:40 . 2013-01-27 02:40    231376    ----a-w-    c:\windows\system32\drivers\truecrypt.sys
2013-01-25 22:25 . 2013-01-29 05:16    2556320    ----a-w-    c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-01-25 21:46 . 2013-01-29 05:35    --------    d-----w-    c:\program files (x86)\Microsoft ASP.NET
2013-01-25 21:41 . 2013-01-29 05:38    --------    d-----w-    c:\program files (x86)\NuGet
2013-01-25 21:41 . 2013-01-25 21:41    --------    d-----w-    c:\program files\IIS
2013-01-25 21:41 . 2013-01-25 21:41    --------    d-----w-    c:\program files (x86)\IIS
2013-01-25 21:38 . 2010-05-26 19:41    1998168    ----a-w-    c:\windows\SysWow64\D3DX9_43.dll
2013-01-25 21:36 . 2013-01-25 21:36    --------    d-----w-    c:\program files (x86)\Windows Kits
2013-01-25 20:55 . 2013-02-01 06:48    --------    d-----w-    c:\program files (x86)\Microsoft Visual Studio 11.0
2013-01-25 20:55 . 2013-02-01 06:55    --------    d-----w-    c:\program files (x86)\Microsoft SDKs
2013-01-25 20:39 . 2013-01-29 06:21    --------    d-----w-    c:\programdata\Package Cache
2013-01-25 19:50 . 2013-01-25 19:50    --------    d-----w-    c:\programdata\ClickIT
2013-01-25 19:48 . 2013-01-25 22:41    --------    d-----w-    c:\program files (x86)\SaveAs
2013-01-25 19:44 . 2013-02-11 03:17    --------    d-----w-    c:\programdata\InstallMate
2013-01-25 07:29 . 2013-01-25 07:31    --------    d-----w-    c:\users\Kirk's\AppData\Local\Vidalia
2013-01-24 22:51 . 2013-01-24 22:58    --------    d-----w-    C:\NetTrak
2013-01-24 22:49 . 2013-01-24 22:49    --------    d-----w-    c:\program files (x86)\Network Asset Tracker
2013-01-20 18:20 . 2013-02-07 01:00    --------    d-----w-    c:\programdata\Intel
2013-01-20 07:54 . 2013-02-07 01:00    --------    d-----w-    c:\users\Kirk's\AppData\Roaming\Intel
2013-01-20 07:54 . 2013-02-07 01:00    --------    d-----w-    c:\users\UpdatusUser\Roaming
2013-01-20 07:54 . 2013-02-07 01:00    --------    d-----w-    c:\users\Public\Roaming
2013-01-20 07:54 . 2013-02-07 01:00    --------    d-----w-    c:\users\Kirk's\Roaming
2013-01-20 07:54 . 2013-02-07 01:00    --------    d-----w-    c:\users\Default\Roaming
2013-01-20 07:18 . 2013-02-10 03:11    --------    d-----w-    c:\users\Kirk's\AppData\Local\Akamai
2013-01-18 05:36 . 2013-01-18 05:36    --------    d-----w-    c:\users\Kirk's\AppData\Roaming\EeeStorageUploader
2013-01-18 04:38 . 2013-01-18 04:38    0    ----a-w-    c:\windows\SysWow64\sho1CF6.tmp
2013-01-17 15:34 . 2013-01-17 15:34    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2013-01-17 15:33 . 2013-01-17 15:33    --------    d-sh--w-    c:\windows\SysWow64\%APPDATA%
2013-01-17 02:31 . 2013-01-17 02:31    --------    d-----w-    c:\program files (x86)\Microsoft Synchronization Services
2013-01-17 02:27 . 2013-01-17 02:27    --------    d-----w-    c:\program files (x86)\Microsoft Analysis Services
2013-01-17 01:40 . 2013-01-17 01:40    --------    d-----w-    c:\program files (x86)\Elaborate Bytes
2013-01-16 18:30 . 2013-02-01 02:31    --------    d-----w-    c:\users\Kirk's\VirtualBox VMs
2013-01-16 05:49 . 2012-12-19 22:48    237992    ----a-w-    c:\windows\system32\drivers\VBoxDrv.sys
2013-01-16 05:48 . 2012-12-19 22:47    120232    ----a-w-    c:\windows\system32\drivers\VBoxUSBMon.sys
2013-01-15 23:34 . 2013-01-15 23:34    --------    d-----w-    C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 03:49 . 2012-10-31 17:53    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-02-10 03:49 . 2012-10-31 17:53    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-02-04 23:46 . 2012-11-01 04:12    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2013-01-17 09:28 . 2012-10-31 23:14    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-10 18:20 . 2012-11-01 00:26    67599240    ----a-w-    c:\windows\system32\MRT.exe
2013-01-10 00:29 . 2013-01-10 00:29    0    ----a-w-    c:\windows\SysWow64\shoD941.tmp
2013-01-09 17:09 . 2013-01-09 17:09    0    ----a-w-    c:\windows\SysWow64\sho5F5A.tmp
2012-12-19 22:47 . 2012-12-19 22:47    204200    ----a-w-    c:\windows\system32\VBoxNetFltNobj.dll
2012-12-19 22:47 . 2012-12-19 22:47    146856    ----a-w-    c:\windows\system32\drivers\VBoxNetFlt.sys
2012-12-19 22:47 . 2012-12-19 22:47    132008    ----a-w-    c:\windows\system32\drivers\VBoxNetAdp.sys
2012-12-12 20:15 . 2012-12-12 20:15    92304    ----a-r-    c:\users\Kirk's\AppData\Roaming\Microsoft\Installer\{12F69331-DCBB-46D5-B475-6BFD0F9048B3}\NewShortcut4_B630B1A86AD94BD5A2B1F54EE8756E5C.exe
2012-12-12 20:15 . 2012-12-12 20:15    92304    ----a-r-    c:\users\Kirk's\AppData\Roaming\Microsoft\Installer\{12F69331-DCBB-46D5-B475-6BFD0F9048B3}\NewShortcut1_12F69331DCBB46D5B4756BFD0F9048B3.exe
2012-12-12 20:15 . 2012-12-12 20:15    92304    ----a-r-    c:\users\Kirk's\AppData\Roaming\Microsoft\Installer\{12F69331-DCBB-46D5-B475-6BFD0F9048B3}\BeeDesktop_5C6F385F2A254D1793F9DD0A0A1228D4.exe
2012-12-12 20:15 . 2012-12-12 20:15    51344    ----a-r-    c:\users\Kirk's\AppData\Roaming\Microsoft\Installer\{12F69331-DCBB-46D5-B475-6BFD0F9048B3}\NewShortcut2_3E37D18D94E744DC8256F5F97A9E5CF9.exe
2012-12-12 20:15 . 2012-12-12 20:15    108688    ----a-r-    c:\users\Kirk's\AppData\Roaming\Microsoft\Installer\{12F69331-DCBB-46D5-B475-6BFD0F9048B3}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Kirk's\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-01-31 3011184]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2013-2-1 14794312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"StopDefragment"=Install\StopDefragment.exe
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-01 40712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-01 1255736]
S0 assd;assd; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 OrbisClient.Services;LabSim Configuration and Security;c:\program files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2009-03-23 13824]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-01-27 27760]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-26 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-26 298144]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-26 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-26 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-26 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-26 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-24 283136]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-01-27 2153072]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 21:57    1607120    ----a-w-    c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-07 02:50]
.
2013-02-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-01 23:50]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-31 21:56]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-31 21:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50    133400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536]
"AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-21 1832760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://searchab.com/?aff=7&uid=01374483-73eb-11e2-b423-e0b9a59b77fc
mStart Page = hxxp://searchab.com/?aff=7&uid=01374483-73eb-11e2-b423-e0b9a59b77fc
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title =
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://searchab.com/?aff=7&uid=01374483-73eb-11e2-b423-e0b9a59b77fc&q=
FF - ExtSQL: 2013-01-31 20:16; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-01-31 23:13; newtabgoogle@graememcc.co.uk; c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\extensions\newtabgoogle@graememcc.co.uk.xpi
FF - ExtSQL: 2013-01-31 23:13; adblockpopups@jessehakanen.net; c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-01-31 23:17; zoompage@DW-dev; c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\extensions\zoompage@DW-dev.xpi
FF - ExtSQL: 2013-02-01 23:07; aka.andya@gmail.com; c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\extensions\aka.andya@gmail.com.xpi
FF - ExtSQL: 2013-02-01 23:10; thumbnailZoom@dadler.github.com; c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\extensions\thumbnailZoom@dadler.github.com.xpi
FF - ExtSQL: 2013-02-01 23:43; support@lastpass.com; c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\extensions\support@lastpass.com
FF - ExtSQL: 2013-02-02 19:44; jid0-lqtsBMO4PkjAOFcCt6zDcWsAXCU@jetpack; c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\extensions\jid0-lqtsBMO4PkjAOFcCt6zDcWsAXCU@jetpack.xpi
FF - ExtSQL: 2013-02-08 14:00; donottrackplus@abine.com; c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\extensions\donottrackplus@abine.com
FF - ExtSQL: 2013-02-10 18:33; 5118589604f1c@5118589604f55.com; c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\extensions\5118589604f1c@5118589604f55.com
FF - ExtSQL: 2013-02-10 18:51; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - ExtSQL: 2013-02-10 19:19; 5118633882c8b@5118633882cc4.com; c:\users\Kirk's\AppData\Roaming\Mozilla\Firefox\Profiles\pjn6d6vl.default-1359699022068\extensions\5118633882c8b@5118633882cc4.com
FF - ExtSQL: !HIDDEN! 2012-12-05 13:19; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-13  14:23:40
ComboFix-quarantined-files.txt  2013-02-13 22:23
ComboFix2.txt  2013-02-13 06:50
ComboFix3.txt  2013-02-12 05:03
ComboFix4.txt  2013-02-11 07:05
ComboFix5.txt  2013-02-13 21:41
.
Pre-Run: 403,000,909,824 bytes free
Post-Run: 402,909,536,256 bytes free
.
- - End Of File - - E57B5077E03F64E4A7BC900A1B979CDB
 



BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Members
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:18 AM

Posted 13 February 2013 - 05:48 PM

You already have a properly posted log topic here: http://www.bleepingcomputer.com/forums/t/485274/my-logfile-is-there-anything-else-i-need-to-manually-revove-thanks-in-advance/

Please be patient and you will be helped as soon as possible by one of our volunteer Malware Removal specialists. Please do not continue to repost in other parts of the forum as it will only confuse those trying to help you or cause delays in you being assisted. Thank you for your understanding. I have deleted your other duplicate topics. This topic is closed to avoid confusion.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users