Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer locking up -- Virus?


  • This topic is locked This topic is locked
8 replies to this topic

#1 maineearle

maineearle

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:13 AM

Posted 14 May 2013 - 03:12 PM

Keeps locking up for 30 or 40 seconds or and sometimes requiring a reboot.

 

Any help would be appreciated.

 

DDS LOG attached

Attached Files


Thanks everyone

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 AM

Posted 16 May 2013 - 09:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please run the DDS tool and submit the DDS.txt for my review.
You have already submitted the Extra text.

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 maineearle

maineearle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:13 AM

Posted 16 May 2013 - 12:59 PM

Thank you for taking the time to help

 

Checkup.txt:

 Results of screen317's Security Check version 0.99.63 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 
Norton Internet Security  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````

 Out of date HijackThis  installed!
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300 
 HijackThis 1.99.1   
 Java 7 Update 21 
 Adobe Flash Player 11.6.602.180 
 Adobe Reader XI 
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
 
 Norton ccSvcHst.exe
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

AdwCleaner(R1).txt:

# AdwCleaner v2.300 - Logfile created 05/16/2013 at 11:51:41
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ron - RON-HP
# Boot Mode : Normal
# Running from : C:\Users\Ron\Desktop\adwcleaner.exe
# Option [Search]

 

***** [Services] *****

 

***** [Files / Folders] *****

 

File Found : C:\END
Folder Found : C:\Program Files (x86)\IObit Apps Toolbar
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Found : C:\Program Files (x86)\Viewpoint
Folder Found : C:\Program Files\DomaIQ Uninstaller
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Ron\AppData\Local\Supreme Savings
Folder Found : C:\Users\Ron\AppData\Local\SwvUpdater
Folder Found : C:\Users\Ron\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\lmc8zh8p.default\extensions\staged

 

***** [Registry] *****

 

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Supreme Savings
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16576

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

File : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\6893yz50.default-1350989301105\prefs.js

 

Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN46423435[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI[...]
Found : user_pref("smartbar.machineId", "ZOE9YHIAQ3HVUOP9+MLBLOV10GYG+IFYEBXGYQ6V21AXH7UJY8ZWQFPLO0MSHOJAENM[...]

 

File : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\lmc8zh8p.default\prefs.js

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [4009 octets] - [16/05/2013 11:51:41]

 

########## EOF - C:\AdwCleaner[R1].txt - [4069 octets] ##########

 

AdwareCleaner(S1).txt:

# AdwCleaner v2.300 - Logfile created 05/16/2013 at 11:53:02
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ron - RON-HP
# Boot Mode : Normal
# Running from : C:\Users\Ron\Desktop\adwcleaner.exe
# Option [Delete]

 

***** [Services] *****

 

***** [Files / Folders] *****

 

File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Ron\AppData\Local\Supreme Savings
Folder Deleted : C:\Users\Ron\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Ron\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\lmc8zh8p.default\extensions\staged

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Supreme Savings
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16576

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

File : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\6893yz50.default-1350989301105\prefs.js

 

C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\6893yz50.default-1350989301105\user.js ... Deleted !

 

Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN46423435[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI[...]
Deleted : user_pref("smartbar.machineId", "ZOE9YHIAQ3HVUOP9+MLBLOV10GYG+IFYEBXGYQ6V21AXH7UJY8ZWQFPLO0MSHOJAENM[...]

 

File : C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\lmc8zh8p.default\prefs.js

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [4136 octets] - [16/05/2013 11:51:41]
AdwCleaner[S1].txt - [4263 octets] - [16/05/2013 11:53:02]

 

########## EOF - C:\AdwCleaner[S1].txt - [4323 octets] ##########

 

ComboFix.txt:

ComboFix 13-05-16.02 - Ron 05/16/2013  12:40:20.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2261 [GMT -4:00]
Running from: c:\users\Ron\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3a263d592722_c
c:\users\Ron\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Ron\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-16 to 2013-05-16  )))))))))))))))))))))))))))))))
.
.
2013-05-15 03:30 . 2013-04-10 05:24 983912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 03:30 . 2013-04-10 05:24 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 03:30 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 03:30 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 03:30 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 03:30 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 03:30 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 03:30 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 03:30 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 03:30 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 03:30 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-13 22:25 . 2013-05-13 22:25 -------- d-----w- c:\users\Ron\AppData\Local\Adobe
2013-05-08 09:49 . 2013-04-10 06:58 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-05-08 00:20 . 2013-05-12 19:17 -------- d-----w- c:\users\Administrator
2013-05-07 23:32 . 2013-05-07 23:32 -------- d-----w- c:\programdata\vrq_logs
2013-05-07 23:32 . 2013-05-07 23:32 -------- d-----w- c:\programdata\SMR323
2013-05-07 21:44 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-07 16:03 . 2013-05-08 07:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-07 16:03 . 2009-01-25 16:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-05-06 12:54 . 2013-05-06 12:54 -------- d-----w- c:\users\Ron\AppData\Local\Apple
2013-05-02 23:53 . 2013-05-11 11:17 -------- d-----w- c:\users\Ron\AppData\Local\AOL
2013-05-02 22:49 . 2013-05-03 16:00 -------- d-----w- C:\JRT
2013-05-02 22:05 . 2013-05-02 22:05 -------- d-----w- c:\users\Ron\AppData\Local\Apple Computer
2013-05-02 18:11 . 2013-05-12 19:17 -------- d-----w- C:\MGtools
2013-05-02 18:06 . 2013-05-02 18:06 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-05-02 17:44 . 2013-05-02 17:51 -------- d-----w- c:\program files\HitmanPro
2013-05-01 12:13 . 2013-05-02 21:54 -------- d-----w- c:\programdata\Kaspersky Lab
2013-05-01 09:57 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-26 12:49 . 2013-04-26 12:49 -------- d-----w- c:\users\Ron\AppData\Roaming\player
2013-04-26 12:49 . 2013-04-26 12:49 -------- d-----w- c:\program files (x86)\Tuguu SL
2013-04-26 12:27 . 2013-04-26 12:34 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-04-26 12:27 . 2013-04-26 12:34 -------- d-----w- C:\AI_RecycleBin
2013-04-26 12:27 . 2013-04-26 12:34 -------- d-----w- c:\users\Ron\AppData\Roaming\Strongvault
2013-04-24 07:57 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 04:04 . 2012-09-07 20:20 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-12 13:18 . 2013-05-12 13:14 331863 ----a-w- C:\MGlogs.zip
2013-05-07 22:50 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-18 00:20 . 2012-08-28 21:08 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-04-13 05:49 . 2013-05-15 03:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 03:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 03:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 03:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 03:30 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 03:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-11 14:22 . 2011-02-20 04:03 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-04-11 14:22 . 2011-02-19 05:40 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-04-11 10:34 . 2012-09-05 06:41 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-11 10:34 . 2011-10-30 03:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-04 09:36 . 2012-10-18 17:18 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-04 09:35 . 2012-10-18 17:18 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-02 04:01 . 2013-04-02 04:01 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 04:01 . 2013-04-02 04:01 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 04:01 . 2013-04-02 04:01 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 04:01 . 2013-04-02 04:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 04:01 . 2013-04-02 04:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 04:01 . 2013-04-02 04:01 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 04:01 . 2013-04-02 04:01 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 04:01 . 2013-04-02 04:01 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 04:01 . 2013-04-02 04:01 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 04:01 . 2013-04-02 04:01 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 04:01 . 2013-04-02 04:01 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 04:01 . 2013-04-02 04:01 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 04:01 . 2013-04-02 04:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 04:01 . 2013-04-02 04:01 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 04:01 . 2013-04-02 04:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 04:01 . 2013-04-02 04:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 04:01 . 2013-04-02 04:01 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 04:01 . 2013-04-02 04:01 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 04:01 . 2013-04-02 04:01 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 04:01 . 2013-04-02 04:01 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 04:01 . 2013-04-02 04:01 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 04:01 . 2013-04-02 04:01 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 04:01 . 2013-04-02 04:01 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 04:01 . 2013-04-02 04:01 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 04:01 . 2013-04-02 04:01 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 04:01 . 2013-04-02 04:01 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 04:01 . 2013-04-02 04:01 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 04:01 . 2013-04-02 04:01 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 04:01 . 2013-04-02 04:01 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 04:01 . 2013-04-02 04:01 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 04:01 . 2013-04-02 04:01 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 04:01 . 2013-04-02 04:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 04:01 . 2013-04-02 04:01 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 04:01 . 2013-04-02 04:01 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 04:01 . 2013-04-02 04:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 04:01 . 2013-04-02 04:01 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 04:01 . 2013-04-02 04:01 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 04:01 . 2013-04-02 04:01 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 04:01 . 2013-04-02 04:01 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 04:01 . 2013-04-02 04:01 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 04:01 . 2013-04-02 04:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 04:01 . 2013-04-02 04:01 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 04:01 . 2013-04-02 04:01 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 04:01 . 2013-04-02 04:01 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 04:01 . 2013-04-02 04:01 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 04:01 . 2013-04-02 04:01 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 04:01 . 2013-04-02 04:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 04:01 . 2013-04-02 04:01 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 04:01 . 2013-04-02 04:01 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-23 13:00 . 2013-03-23 13:00 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2013-03-19 06:04 . 2013-04-10 09:35 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 09:35 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 09:35 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 09:35 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 09:35 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 09:35 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7\AOL.EXE" [2012-10-15 72312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-05-02 109352]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2013-03-23 21712]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-28 19456]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-09-02 339048]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-28 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-10-28 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-28 1255736]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-09-01 2425960]
R4 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\users\Ron\Desktop\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\users\Ron\Desktop\Tools\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\users\Ron\Desktop\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-04-12 1390680]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys [2012-11-16 168096]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-08-01 41704]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130515.001\IDSvia64.sys [2013-05-10 513184]
S1 SASDIFSV;SASDIFSV;c:\users\Ron\Desktop\Tools\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\users\Ron\Desktop\Tools\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [2013-01-31 432800]
S2 !SASCORE;SAS Core Service;c:\users\Ron\Desktop\Tools\SASCORE64.EXE [2012-07-11 140672]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\users\Ron\Desktop\Tools\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-19 260424]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-09-06 197536]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-10-10 75928]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-20 138912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-26 317440]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-10-12 50856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 10:34]
.
2013-05-05 c:\windows\Tasks\HPCeeScheduleForRon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-26 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-26 392472]
"SysTrayApp"="c:\program files\idt\wdm\sttray64.exe" [2011-09-08 1424896]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-26 416024]
"IntelliType Pro"="c:\program files\microsoft mouse and keyboard center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\microsoft mouse and keyboard center\ipoint.exe" [2012-10-12 2075288]
"HPQuickWebProxy"="c:\program files (x86)\hewlett-packard\hp quickweb\hpqwutils.exe" [2011-10-08 169528]
"HPOSD"="c:\program files (x86)\hewlett-packard\hp on screen display\hposd.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe" [2012-03-05 578944]
"APSDaemon"="c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" [2013-01-28 59720]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
Trusted Zone: yahoo.com\search
TCP: DhcpNameServer = 192.168.0.1 205.152.144.23
FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\6893yz50.default-1350989301105\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|https://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - ExtSQL: 2013-03-23 09:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-04-26 08:38; {650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}; c:\program files (x86)\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\AOL Desktop 9.7\waol.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Common Files\AOL\ACS\AOLacsd.exe
c:\program files (x86)\AOL Desktop 9.7\shellmon.exe
c:\program files (x86)\Common Files\AOL\1351875353\ee\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2013-05-16  12:51:22 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-16 16:51
.
Pre-Run: 426,244,521,984 bytes free
Post-Run: 425,890,451,456 bytes free
.
- - End Of File - - D5F02F36DAAFFDDF867EC813F7F6D5FA

DDs.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by Ron at 12:58:59 on 2013-05-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2815 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Users\Ron\Desktop\Tools\Advanced SystemCare 6\ASCService.exe
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Users\Ron\Desktop\Tools\SASCORE64.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
C:\Program Files (x86)\Common Files\AOL\1351875353\ee\aolsoftware.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1 205.152.144.23
TCP: Interfaces\{2498F96C-2791-4458-BF88-8F3F915CDDD7} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{6747E8CB-5CE4-4444-8920-B4C0F27CD19E} : DHCPNameServer = 192.168.0.1 205.152.144.23
TCP: Interfaces\{6747E8CB-5CE4-4444-8920-B4C0F27CD19E}\24750224F6E69647160235072796E67637 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6747E8CB-5CE4-4444-8920-B4C0F27CD19E}\7457563747F5143636563737 : DHCPNameServer = 69.25.1.1 69.25.1.33
TCP: Interfaces\{E6018FAC-FFA1-47A5-BB75-2544CC115EA4} : DHCPNameServer = 172.18.145.103 172.18.145.103
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliType Pro] c:\program files\microsoft mouse and keyboard center\itype.exe
x64-Run: [IntelliPoint] c:\program files\microsoft mouse and keyboard center\ipoint.exe
x64-Run: [HPQuickWebProxy] c:\program files (x86)\hewlett-packard\hp quickweb\hpqwutils.exe
x64-Run: [HPOSD] c:\program files (x86)\hewlett-packard\hp on screen display\hposd.exe
x64-Run: [HP Quick Launch] c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe
x64-Run: [APSDaemon] c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\6893yz50.default-1350989301105\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|https://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-23 09:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-04-26 08:38; {650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}; C:\Program Files (x86)\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-3-9 17720]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1403010.016\symds64.sys [2013-4-15 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1403010.016\symefa64.sys [2013-4-15 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-5-7 1390680]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1403010.016\ccsetx64.sys [2013-4-15 168096]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-8-1 41704]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130515.001\IDSviA64.sys [2013-5-15 513184]
R1 SASDIFSV;SASDIFSV;C:\Users\Ron\Desktop\Tools\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Users\Ron\Desktop\Tools\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1403010.016\ironx64.sys [2013-4-15 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1403010.016\symnets.sys [2013-4-15 432800]
R2 !SASCORE;SAS Core Service;C:\Users\Ron\Desktop\Tools\SASCore64.exe [2012-7-11 140672]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Users\Ron\Desktop\Tools\Advanced SystemCare 6\ASCService.exe [2012-11-17 574272]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-19 260424]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe [2013-4-15 144520]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-5-2 138912]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-26 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-12-12 1860672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-12 565352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-5-2 109352]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-3-23 21712]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-28 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-12 339048]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-28 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-28 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-28 1255736]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-12 13592]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-12 2425960]
S4 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
S4 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Users\Ron\Desktop\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-5-7 1103392]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Users\Ron\Desktop\Tools\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-5-7 1369624]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Users\Ron\Desktop\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-5-7 168384]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-12 2656280]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-16 16:47:21 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-16 16:39:25 98816 ----a-w- C:\Windows\sed.exe
2013-05-16 16:39:25 256000 ----a-w- C:\Windows\PEV.exe
2013-05-16 16:39:25 208896 ----a-w- C:\Windows\MBR.exe
2013-05-15 03:30:23 983912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 03:30:23 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 03:30:12 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 03:30:11 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 03:30:11 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 03:30:10 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 03:30:06 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 03:30:06 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-15 03:30:06 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-13 22:25:11 -------- d-----w- C:\Users\Ron\AppData\Local\Adobe
2013-05-08 09:49:00 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-05-07 23:32:46 -------- d-----w- C:\ProgramData\vrq_logs
2013-05-07 23:32:32 -------- d-----w- C:\ProgramData\SMR323
2013-05-07 21:44:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-07 16:03:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-05-07 16:03:15 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-05-06 12:54:00 -------- d-----w- C:\Users\Ron\AppData\Local\Apple
2013-05-02 23:53:23 -------- d-----w- C:\Users\Ron\AppData\Local\AOL
2013-05-02 22:49:21 -------- d-----w- C:\JRT
2013-05-02 22:05:49 -------- d-----w- C:\Users\Ron\AppData\Local\Apple Computer
2013-05-02 18:11:25 -------- d-----w- C:\MGtools
2013-05-02 18:06:47 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-05-02 17:44:40 -------- d-----w- C:\Program Files\HitmanPro
2013-05-01 12:13:25 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-05-01 09:57:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-26 12:49:07 -------- d-----w- C:\Users\Ron\AppData\Roaming\player
2013-04-26 12:49:06 -------- d-----w- C:\Program Files (x86)\Tuguu SL
2013-04-26 12:27:31 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-04-26 12:27:24 -------- d-----w- C:\AI_RecycleBin
2013-04-26 12:27:21 -------- d-----w- C:\Users\Ron\AppData\Roaming\Strongvault
2013-04-24 07:57:39 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-04-18 00:20:34 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-11 14:22:56 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-04-11 10:34:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 10:34:19 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 09:36:01 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-04 09:35:52 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-23 13:00:06 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 12:59:49.10 ===============

 

 


Thanks everyone

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 AM

Posted 17 May 2013 - 07:19 AM

Remove the old version of HijackThis 1.99.1 using the Add/Remove programs list.

The DDS tool should now be used from now on.
===

Open notepad and copy/paste the text in the quote box below into it:

Folder::
C:\Program Files (x86)\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}

ClearJavaCache::

Firefox::
FF - ExtSQL: 2013-04-26 08:38; {650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}; C:\Program Files (x86)\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

#5 maineearle

maineearle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:13 AM

Posted 20 May 2013 - 05:01 AM

Thanks again I have waited to see what happens.everyting seemed ok accept for Aol. software.I have to appoligized I uninstall/reinstalled Aol.When i use AOL the screen dims and i can't do anything in Aol. I do notice that my mouse seems less responsive. 


Thanks everyone

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 AM

Posted 20 May 2013 - 08:24 AM

Download Revo Uninstaller and remove all reference to AOL.
http://majorgeeks.com/Revo_Uninstaller_d5706.html

When Done restart the computer.

Reinstall AOL.

How is it now?

#7 maineearle

maineearle
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:13 AM

Posted 22 May 2013 - 05:10 AM

Everything seems fine.

 

Thanks again :bananas:


Thanks everyone

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 AM

Posted 22 May 2013 - 07:59 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 AM

Posted 28 May 2013 - 07:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users