Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

over 2000 items on hidden Avira registry


  • This topic is locked This topic is locked
7 replies to this topic

#1 meg lisa83

meg lisa83

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 20 March 2013 - 01:34 PM

Hello,

 

I have noticed I have over 2000 items on my Avira hidden object. I ran hijackthis and saw few things that didn't look right. Here is a copy of my two DDS.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/8/2010 6:31:41 PM
System Uptime: 3/20/2013 2:55:54 PM (1 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: AMD Athlon™ II P320 Dual-Core Processor | Socket S1G4 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 229.017 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP476: 3/14/2013 12:00:02 AM - Scheduled Checkpoint
RP477: 3/14/2013 9:12:12 AM - Windows Modules Installer
RP478: 3/14/2013 12:08:11 PM - Removed Java 7 Update 13
RP479: 3/14/2013 7:00:12 PM - Installed Java 7 Update 17
RP480: 3/17/2013 6:25:24 PM - Removed QuickTime
RP481: 3/20/2013 1:28:08 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Advanced SystemCare 6
Amazon Kindle
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
ATI Catalyst Install Manager
Avira Free Antivirus
Bonjour
calibre
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Corel Paint Shop Pro Photo X2
Coupon Printer for Windows
Defraggler
Feedback Tool
Free RAR Extract Frog
Google Chrome
Google Update Helper
HiJackThis
ieSpell
IObit Malware Fighter
iTunes
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
K-Lite Mega Codec Pack 7.1.0
Label@Once 1.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Reader
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
OpenOffice.org 3.3
PlayReady PC Runtime amd64
Quickbooks Financial Center
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Launcher
Smart Defrag 2
SmoothDraw 3.2.11
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
TI Connect 1.6
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
XMind 2012 (v3.3.1)
ZenWriter
.
==== Event Viewer Messages From Past Week ========
.
3/20/2013 2:57:33 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
3/20/2013 2:57:03 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/20/2013 2:56:43 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
3/17/2013 1:08:00 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
3/17/2013 1:07:36 AM, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.
3/17/2013 1:07:25 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80021c6660, 0xfffff80000b9c510). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 031713-96065-01.
3/14/2013 11:35:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
3/13/2013 2:22:43 PM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
3/13/2013 2:22:05 PM, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort0.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.17.2
Run by Megan at 15:13:18 on 2013-03-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.1498 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://search.coupons.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - <orphaned>
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{01AC6F69-5007-4662-A869-A5CAD09DA4B0} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{01AC6F69-5007-4662-A869-A5CAD09DA4B0} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FFE4C7F3-66C4-4B64-A42C-D84884108065} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FFE4C7F3-66C4-4B64-A42C-D84884108065}\25D42343931323 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{FFE4C7F3-66C4-4B64-A42C-D84884108065}\469637E65697769627C6 : DHCPNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{FFE4C7F3-66C4-4B64-A42C-D84884108065}\5393151533 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FFE4C7F3-66C4-4B64-A42C-D84884108065}\6626D677 : DHCPNameServer = 192.168.1.1 198.6.1.142 198.6.1.122
TCP: Interfaces\{FFE4C7F3-66C4-4B64-A42C-D84884108065}\C696E6B6379737 : DHCPNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{FFE4C7F3-66C4-4B64-A42C-D84884108065}\E4544574541425D223E24374F5E6F5745756374713 : DHCPNameServer = 192.168.0.1
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\uf4ud2bb.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN31025381622391464&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-11 20:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\uf4ud2bb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-11 20:15; {023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}; C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\uf4ud2bb.default\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\System32\drivers\SmartDefragDriver.sys [2013-2-13 17720]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-11-13 21136]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-1-5 984144]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-1-5 370288]
R1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2013-2-11 27800]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-1-4 465216]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-10-6 202752]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-11 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-11 110816]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-1-5 25232]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-1-5 71600]
R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2013-2-11 99912]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-2-13 821592]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-2-13 21384]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-10-6 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-2-13 33224]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-2-13 21904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-1-4 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-10-6 232992]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-1-4 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-11-9 1255736]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-6 51512]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\windows\SysWow64\NOTEPAD.EXE %1
FileExt: .vbe: VBEFile=C:\windows\SysWow64\WScript.exe "%1" %*
FileExt: .vbs: VBSFile=C:\windows\SysWow64\WScript.exe "%1" %*
FileExt: .js: JSFile=C:\windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-03-20 17:28:43    388096    ----a-r-    C:\Users\Megan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-20 17:28:43    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-03-14 23:01:18    861088    ----a-w-    C:\windows\SysWow64\npDeployJava1.dll
2013-03-14 23:00:55    95648    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-14 13:12:45    19968    ----a-w-    C:\windows\System32\drivers\usb8023.sys
2013-03-13 07:01:20    --------    d-sh--w-    C:\windows\System32\%APPDATA%
2013-03-13 07:01:00    --------    d-sh--w-    C:\windows\SysWow64\%APPDATA%
2013-02-18 20:31:27    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-02-18 20:31:27    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-02-18 20:31:27    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-02-18 20:31:27    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-02-18 20:31:27    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-02-18 20:31:27    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-02-18 20:31:27    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2013-03-20 02:41:35    693976    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-03-20 02:41:34    73432    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 23:00:44    782240    ----a-w-    C:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45:24    135168    ----a-w-    C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\windows\apppatch\AcGenral.dll
2013-02-11 20:35:19    27800    ----a-w-    C:\windows\System32\drivers\avkmgr.sys
2013-02-11 20:35:18    99912    ----a-w-    C:\windows\System32\drivers\avgntflt.sys
2013-02-02 06:57:02    2312704    ----a-w-    C:\windows\System32\jscript9.dll
2013-02-02 06:47:24    1494528    ----a-w-    C:\windows\System32\inetcpl.cpl
2013-02-02 06:47:19    1392128    ----a-w-    C:\windows\System32\wininet.dll
2013-02-02 06:42:18    173056    ----a-w-    C:\windows\System32\ieUnatt.exe
2013-02-02 06:41:51    599040    ----a-w-    C:\windows\System32\vbscript.dll
2013-02-02 06:38:01    2382848    ----a-w-    C:\windows\System32\mshtml.tlb
2013-02-02 03:38:35    1800704    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-02-02 03:30:32    1427968    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21    1129472    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-02-02 03:26:47    142848    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21    420864    ----a-w-    C:\windows\SysWow64\vbscript.dll
2013-02-02 03:23:28    2382848    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-01-15 23:49:06    26432    ----a-w-    C:\windows\System32\RegistryDefragBootTime.exe
2013-01-05 05:53:43    5553512    ----a-w-    C:\windows\System32\ntoskrnl.exe
2013-01-05 05:00:15    3967848    ----a-w-    C:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11    3913064    ----a-w-    C:\windows\SysWow64\ntoskrnl.exe
2013-01-05 00:57:32    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2013-01-05 00:57:32    458712    ----a-w-    C:\windows\System32\drivers\cng.sys
2013-01-05 00:57:32    340992    ----a-w-    C:\windows\System32\schannel.dll
2013-01-05 00:57:32    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2013-01-05 00:57:32    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2013-01-05 00:57:32    154480    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2013-01-05 00:57:32    1448448    ----a-w-    C:\windows\System32\lsasrv.dll
2013-01-05 00:56:48    514560    ----a-w-    C:\windows\SysWow64\qdvd.dll
2013-01-05 00:56:48    366592    ----a-w-    C:\windows\System32\qdvd.dll
2013-01-04 05:46:09    215040    ----a-w-    C:\windows\System32\winsrv.dll
2013-01-04 04:51:16    5120    ----a-w-    C:\windows\SysWow64\wow32.dll
2013-01-04 04:43:21    44032    ----a-w-    C:\windows\apppatch\acwow64.dll
2013-01-04 03:26:48    3153408    ----a-w-    C:\windows\System32\win32k.sys
2013-01-04 02:47:35    25600    ----a-w-    C:\windows\SysWow64\setup16.exe
2013-01-04 02:47:34    7680    ----a-w-    C:\windows\SysWow64\instnm.exe
2013-01-04 02:47:34    2048    ----a-w-    C:\windows\SysWow64\user.exe
2013-01-04 02:47:33    14336    ----a-w-    C:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54    1913192    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42    288088    ----a-w-    C:\windows\System32\drivers\FWPKCLNT.SYS
2013-01-01 05:57:05    959976    ----a-w-    C:\windows\System32\deployJava1.dll
2013-01-01 05:57:05    1081320    ----a-w-    C:\windows\System32\npDeployJava1.dll
2012-12-21 13:51:07    952    --sha-w-    C:\ProgramData\KGyGaAvL.sys
.
============= FINISH: 15:13:55.15 ===============


 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank you for your help


Edited by meg lisa83, 20 March 2013 - 02:17 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 PM

Posted 21 March 2013 - 09:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner
by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • Please post the logs for my review. Let me know what problem persists.


#3 meg lisa83

meg lisa83
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 21 March 2013 - 12:16 PM

Thank you nasdaq for all your help.

 

ComboFix 13-03-21.01 - Megan 03/21/2013  11:47:49.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.1793 [GMT -4:00]
Running from: c:\users\Megan\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\ir41_qc.dll.new00
c:\windows\SysWow64\ir41_qcx.dll.new00
c:\windows\SysWow64\ir50_qc.dll.new00
c:\windows\SysWow64\ir50_qcx.dll.new00
.
---- Previous Run -------
.
c:\programfiles\Corel\Corel Paint Shop Pro X\elephant.pspimage
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Beach balls.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Billiard Balls.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Billiard Balls2.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\boat.pspimage
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Bobbers.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Bobbers2.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\cannibal.pspimage
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Crawlers.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Crawlers2.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Fishing Lures.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Fishing Lures2.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Garden Veggies.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Garden Veggies2.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Old Glory.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Old Glory2.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Sand.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Star fish.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Summer Leaves.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Summer Leaves2.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Summer Trees.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Summer Trees2.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Topical water.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Watermelon.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\Picture Tubes\Watermelon2.tub
c:\programfiles\Corel\Corel Paint Shop Pro X\SALING1.bmp
c:\users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\kjbnz91a.default\searchplugins\bing-zugo.xml
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-21 to 2013-03-21  )))))))))))))))))))))))))))))))
.
.
2013-03-21 15:57 . 2013-01-15 07:45    9161176    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC36FA82-9A55-41DF-9AE0-DAC404DEC77D}\mpengine.dll
2013-03-21 15:57 . 2013-01-15 07:45    9161176    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E999287-F0B3-487D-A138-F09EDDD2F9B1}\mpengine.dll
2013-03-21 15:55 . 2013-03-21 15:55    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-03-21 15:55 . 2013-03-21 15:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-21 15:55 . 2013-03-21 15:55    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-03-20 17:28 . 2013-03-20 17:28    388096    ----a-r-    c:\users\Megan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-20 17:28 . 2013-03-20 17:28    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-03-15 15:02 . 2013-03-15 15:02    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-03-14 23:01 . 2013-03-14 23:01    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-03-14 23:01 . 2013-03-14 23:00    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-14 23:00 . 2013-03-14 23:00    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-14 13:12 . 2013-03-14 13:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-13 07:01 . 2013-03-13 07:01    --------    d-sh--w-    c:\windows\system32\%APPDATA%
2013-03-13 07:01 . 2013-03-13 07:01    --------    d-sh--w-    c:\windows\SysWow64\%APPDATA%
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-20 02:41 . 2013-01-05 10:35    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-20 02:41 . 2013-01-05 10:35    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 23:00 . 2010-12-27 21:59    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-13 07:03 . 2010-11-09 14:41    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 04:06    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 04:06    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 04:06    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 04:06    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 04:06    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 04:06    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-11 20:35 . 2013-02-11 20:38    27800    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2013-02-11 20:35 . 2013-02-11 20:38    129216    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2013-02-11 20:35 . 2013-02-11 20:38    99912    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2013-01-15 23:49 . 2013-01-05 00:55    26432    ----a-w-    c:\windows\system32\RegistryDefragBootTime.exe
2013-01-05 05:53 . 2013-02-13 11:03    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 11:03    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 11:03    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-01-05 00:58 . 2013-01-05 00:58    62976    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2013-01-05 00:58 . 2013-01-05 00:58    57856    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2013-01-05 00:58 . 2013-01-05 00:58    5773824    ----a-w-    c:\windows\system32\mstscax.dll
2013-01-05 00:58 . 2013-01-05 00:58    54272    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
2013-01-05 00:58 . 2013-01-05 00:58    4916224    ----a-w-    c:\windows\SysWow64\mstscax.dll
2013-01-05 00:58 . 2013-01-05 00:58    46592    ----a-w-    c:\windows\SysWow64\MsRdpWebAccess.dll
2013-01-05 00:58 . 2013-01-05 00:58    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2013-01-05 00:58 . 2013-01-05 00:58    43520    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2013-01-05 00:58 . 2013-01-05 00:58    384000    ----a-w-    c:\windows\system32\wksprt.exe
2013-01-05 00:58 . 2013-01-05 00:58    37376    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2013-01-05 00:58 . 2013-01-05 00:58    322560    ----a-w-    c:\windows\system32\aaclient.dll
2013-01-05 00:58 . 2013-01-05 00:58    3174912    ----a-w-    c:\windows\system32\rdpcorets.dll
2013-01-05 00:58 . 2013-01-05 00:58    269312    ----a-w-    c:\windows\SysWow64\aaclient.dll
2013-01-05 00:58 . 2013-01-05 00:58    243200    ----a-w-    c:\windows\system32\rdpudd.dll
2013-01-05 00:58 . 2013-01-05 00:58    228864    ----a-w-    c:\windows\system32\rdpendp_winip.dll
2013-01-05 00:58 . 2013-01-05 00:58    19456    ----a-w-    c:\windows\system32\drivers\rdpvideominiport.sys
2013-01-05 00:58 . 2013-01-05 00:58    192000    ----a-w-    c:\windows\SysWow64\rdpendp_winip.dll
2013-01-05 00:58 . 2013-01-05 00:58    18432    ----a-w-    c:\windows\system32\wksprtPS.dll
2013-01-05 00:58 . 2013-01-05 00:58    16896    ----a-w-    c:\windows\SysWow64\wksprtPS.dll
2013-01-05 00:58 . 2013-01-05 00:58    15360    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2013-01-05 00:58 . 2013-01-05 00:58    13312    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-05 00:58 . 2013-01-05 00:58    13312    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-05 00:58 . 2013-01-05 00:58    1123840    ----a-w-    c:\windows\system32\mstsc.exe
2013-01-05 00:58 . 2013-01-05 00:58    1048064    ----a-w-    c:\windows\SysWow64\mstsc.exe
2013-01-05 00:57 . 2013-01-05 00:57    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2013-01-05 00:57 . 2013-01-05 00:57    458712    ----a-w-    c:\windows\system32\drivers\cng.sys
2013-01-05 00:57 . 2013-01-05 00:57    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-01-05 00:57 . 2013-01-05 00:57    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2013-01-05 00:57 . 2013-01-05 00:57    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2013-01-05 00:57 . 2013-01-05 00:57    154480    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-01-05 00:57 . 2013-01-05 00:57    1448448    ----a-w-    c:\windows\system32\lsasrv.dll
2013-01-05 00:56 . 2013-01-05 00:56    514560    ----a-w-    c:\windows\SysWow64\qdvd.dll
2013-01-05 00:56 . 2013-01-05 00:56    366592    ----a-w-    c:\windows\system32\qdvd.dll
2013-01-04 05:46 . 2013-02-13 11:02    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 11:02    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 11:02    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 11:02    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 11:02    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 11:02    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 11:02    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 11:02    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 11:02    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 11:02    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-01 05:57 . 2013-01-01 05:57    959976    ----a-w-    c:\windows\system32\deployJava1.dll
2013-01-01 05:57 . 2013-01-01 05:57    1081320    ----a-w-    c:\windows\system32\npDeployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-01-05 19456]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-01-05 57856]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-09 1255736]
R3 X6va005;X6va005;c:\users\Megan\AppData\Local\Temp\0051197.tmp [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-26 140672]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-11 27800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-12 86752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-05 75816]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 17:18    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 02:41]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 23:41]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 23:41]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://search.coupons.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: adobe.com
Trusted Zone: akamai.com
Trusted Zone: macromedia.com
Trusted Zone: platoweb.com
Trusted Zone: platoweb.com\*.ple
Trusted Zone: platoweb01.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{01AC6F69-5007-4662-A869-A5CAD09DA4B0}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\uf4ud2bb.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN31025381622391464&q=
FF - ExtSQL: 2013-02-11 20:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\uf4ud2bb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-11 20:15; {023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}; c:\users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\uf4ud2bb.default\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E50824FB-26D1-4BE3-9CFE-002CA0991C3D} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-NortonPCCheckup - c:\program files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.3.198\InstStub.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Megan\AppData\Local\Temp\0051197.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
   f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:be,38,f0,86,36,6e,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,3f,8d,7d,0f,05,0c,45,86,f5,2b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,3f,8d,7d,0f,05,0c,45,86,f5,2b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
.
**************************************************************************
.
Completion time: 2013-03-21  12:02:54 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-21 16:02
ComboFix2.txt  2011-08-23 23:14
.
Pre-Run: 245,058,326,528 bytes free
Post-Run: 256,053,190,656 bytes free
.
- - End Of File - - 1A78B247569A9A42303CDB9DF27235A9
 

````````````````````````` Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (19.0.2)
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.172  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 IObit IObit Malware Fighter IMFsrv.exe  
 IObit IObit Malware Fighter IMF.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

```````````````````````````````````````````````````

 

# AdwCleaner v2.115 - Logfile created 03/21/2013 at 13:09:13
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Megan - MEGAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Megan\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Megan\AppData\Local\Conduit
Folder Deleted : C:\Users\Megan\AppData\Local\Smartbar
Folder Deleted : C:\Users\Megan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Megan\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\uf4ud2bb.default\prefs.js

Deleted : user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("ct2260173.UserID", "UN31025381622391464");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.machineId", "CIMCLHN2CU7WR+L/QR6OKI7JNIYWFGQWQ20VLKS08ZWYGJPMUDBNDU2QVC5NQHU7WNM[...]

*************************

AdwCleaner[R1].txt - [3645 octets] - [21/03/2013 13:07:32]
AdwCleaner[S1].txt - [3668 octets] - [21/03/2013 13:09:13]

########## EOF - C:\AdwCleaner[S1].txt - [3728 octets] ##########
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 PM

Posted 21 March 2013 - 01:17 PM

Your logs are clean.

Are you missing the Corel Paint Shop Pro X files that were deleted?

 

Let me know of any other issues.



#5 meg lisa83

meg lisa83
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 21 March 2013 - 02:37 PM

Thank you nasdaq. I haven't checked but I do have a backup of the corel paint shop x pro files if necessary.

 

I removed combofix by putting combofix /uninstall on the start search button and removed all the other programs we used for this session. When I just ran the ccleaner, I see wget and swearware obselete software keys on registry cleaner. Should I remove them as they are associated with combofix?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 PM

Posted 22 March 2013 - 07:23 AM

ComboFix could have restored these files. But now that you have removed it they are gone.

 

As for running CCleaner we do not recommend removing any registry items.

If you do use it at you own risk.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 PM

Posted 28 March 2013 - 08:01 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
  • ===

    To remove AdwCleaner.

    Please double click on AdwCleaner.exe to run the tool.
    Click on Uninstall.
    Confirm with Yes.

    If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

    Delete the other tools we used.
    You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

    Surf Safely, and Think Prevention!
    ===



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:19 PM

Posted 28 March 2013 - 08:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users