Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusual corruption after clean up


  • This topic is locked This topic is locked
22 replies to this topic

#1 sh4rkbyt3

sh4rkbyt3

  • Members
  • 419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 30 June 2013 - 07:40 PM

Using some of the methods I've learned on here I managed to clean-up an infected computer fairly well I believe. What I'm experiencing now are corrupted files within the system and I have no where to turn to for advice on how to fix the remnants.

 

Upon using Defraggler I continue to have the last part of the drive turning into what appears to be a lot of fragmented system files, despite no evidence to show in groupings that they're indeed actual infections.
 

As a last ditch effort I managed to install Avast AV program using a USB Thumb Drive since the system will not allow downloads from the 'net. Upon doing a boot scan using the "high" setting I found the following and would like some advice on what course to take next to get the system back to a useable state. Attached is a photo I took of the results since I wasn't sure if in Boot Mode Avast would capture the readout:

_DSC0002.jpg



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 05 July 2013 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/499737 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 06 July 2013 - 12:04 PM

Here is the dds logfile:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16490
Run by Diana at 12:20:13 on 2013-07-06
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.916 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2E461573-2D81-4682-83B9-B57E615292D5} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{65EBEBF8-CCE9-45C4-82D5-C2E5A3D6BBF2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8D16C2BF-6882-47D3-B317-0DB333FE7A72} : DHCPNameServer = 10.177.0.34 10.168.179.116
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-30 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-30 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-30 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-30 369584]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-30 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-30 46808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-4-4 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-6-18 394712]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-6-19 777728]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-25 111104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-5 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-3-15 10112]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-06-30 21:27:16 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-30 21:27:16 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-30 21:27:15 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-30 21:27:13 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-30 21:26:20 41664 ----a-w- c:\windows\avastSS.scr
2013-06-30 21:25:53 -------- d-----w- c:\program files\AVAST Software
2013-06-30 21:25:43 -------- d-----w- c:\programdata\AVAST Software
2013-06-30 06:27:45 -------- d-sh--w- C:\$RECYCLE.BIN
2013-06-28 19:53:48 -------- d-----w- c:\users\diana\appdata\roaming\SUPERAntiSpyware.com
2013-06-28 17:20:58 -------- d-----w- c:\program files\VS Revo Group
2013-06-28 15:49:55 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ad91ab33-c979-4cd6-8c50-fd85c867c775}\mpengine.dll
2013-06-19 00:55:24 7068072 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2013-06-13 13:23:15 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 13:23:12 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 13:23:11 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-13 13:23:02 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 13:23:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 13:23:02 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 13:23:02 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 13:23:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 13:22:58 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 13:22:58 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-13 13:22:49 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 00:24:26 -------- d-----w- c:\program files\iPod
2013-06-12 00:24:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-12 00:24:23 -------- d-----w- c:\program files\iTunes
.
==================== Find3M  ====================
.
2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-03 01:00:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-03 01:00:04 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-03 01:00:04 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 07:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:20:27.81 ===============
 



#4 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 08 July 2013 - 02:20 PM

I do not have the original system disk and the system appears to be extremely slow on start up with a long pause on the black screen between startup and desktop transition.



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 10 July 2013 - 07:50 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#6 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:38 PM

Posted 10 July 2013 - 10:04 PM

This topic has been re-opened at the request of the person who originally posted.

#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:38 AM

Posted 14 July 2013 - 07:23 AM

Hello sh4rkbyt3,
 
First, I'd like to extend my sincerest apologies for the delay in response to your topic! The forum can get busy at times, and occasionally a topic can be overlooked. Again, you have my apologies.

==========
 
My name is bloopie and I'll be helping you with your problems as best I can!

A few things to keep in mind while we are working together:
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below, I will review your topic an do my best to resolve your issues.
==========
 
Now, about the Avast boot scan findings you've shown in your attachment, I would not worry too much about those. The first is related to ehome, the next two are in your system restore, and the last is your Itunes backup. While one or more of those may be important to you, they do not seem to be related to malware.

Step :step1:
 
Since we're going to be checking the system for malware, I'd like to get another log...but first, could you please tell me what steps you've taken to remove the infection you had, or post some of the logs from the tools you may have used?
 
==========

Step :step2:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You need 32-bit.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
bloopie

Edited by bloopie, 14 July 2013 - 01:43 PM.


#8 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 15 July 2013 - 12:35 PM

Your time is volunteered so no apology necessary.

 

The only logfile I still have from the initial cleanup is from ComboFix which I'll include here. Other tools used were Malwarebytes, Eset Online Scanner, aswMBR, but those logfiles were wipe, my apology.

Since you didn't ask for the Addition file I won't include it here from Farbar but if you need it I've saved it to thumbdrive. Could reach bleepingcomputer through hardwired conneciton but was unable to download the file to same (infected?) machine so I copy and pasted from thumb drive to run on system from another computer.
 

 

ComboFix 13-06-28.02 - Diana 06/30/2013   2:18.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.924 [GMT -4:00]
Running from: c:\users\Diana\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-28 to 2013-06-30  )))))))))))))))))))))))))))))))
.
.
2013-06-30 06:26 . 2013-06-30 06:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-06-30 06:26 . 2013-06-30 06:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-30 06:26 . 2013-06-30 06:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-28 19:53 . 2013-06-28 19:53 -------- d-----w- c:\users\Diana\AppData\Roaming\SUPERAntiSpyware.com
2013-06-28 17:20 . 2013-06-28 17:20 -------- d-----w- c:\program files\VS Revo Group
2013-06-28 15:49 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD91AB33-C979-4CD6-8C50-FD85C867C775}\mpengine.dll
2013-06-13 13:23 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 13:23 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 13:23 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-13 13:23 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 13:23 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 13:23 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 13:23 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 13:23 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 13:22 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 13:22 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-13 13:22 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 00:24 . 2013-06-12 00:24 -------- d-----w- c:\program files\iPod
2013-06-12 00:24 . 2013-06-12 00:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-12 00:24 . 2013-06-12 00:25 -------- d-----w- c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-10 16:26 . 2010-06-24 15:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-03 01:00 . 2013-05-03 01:02 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-03 01:00 . 2013-05-03 01:02 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-03 01:00 . 2010-07-07 20:38 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-02 06:06 . 2010-03-25 22:43 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-15 14:20 . 2013-05-16 01:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-16 01:04 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-16 01:04 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2013-05-26 14:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Constant Guard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
backup=c:\windows\pss\Constant Guard.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ultrawideband Control Center.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ultrawideband Control Center.lnk
backup=c:\windows\pss\Ultrawideband Control Center.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Diana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^T-Mobile Download Manager.lnk]
path=c:\users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Mobile Download Manager.lnk
backup=c:\windows\pss\T-Mobile Download Manager.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2013-04-05 16:58 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-12-08 18:34 3444736 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks.daemon]
2013-04-05 16:58 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-08-19 17:25 1589208 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2009-04-11 06:27 69120 ----a-w- c:\windows\System32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 06:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2011-06-16 21:53 2510848 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-13 12:24 154136 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2013-04-05 16:59 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-13 12:24 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 15:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 15:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 15:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 21:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-13 12:24 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 15:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systray]
2007-06-23 18:28 331851 ----a-w- c:\program files\Dell\Dell Mobile Broadband\systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-08-28 11:41 247768 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
MSConfigStartUp-PCMService - c:\program files\Dell\MediaDirect\PCMService.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-30 02:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}"=hex:51,66,7a,6c,4c,1d,38,12,ba,59,1b,
   96,b8,ba,63,00,c2,85,f1,cc,c2,81,23,da
"{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}"=hex:51,66,7a,6c,4c,1d,38,12,86,cf,88,
   4f,39,e9,44,05,d8,f7,98,d6,86,40,a6,7b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}"=hex:51,66,7a,6c,4c,1d,38,12,7b,eb,cb,
   26,6c,04,95,08,fb,48,e9,f6,47,59,b1,a9
"{40C78C4E-5AE5-4762-9B7D-D2DE31B03B77}"=hex:51,66,7a,6c,4c,1d,38,12,20,8f,d4,
   44,d7,14,0c,02,e4,6b,91,9e,34,ee,7f,63
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{BB46BE07-13EB-4C49-B0F0-FC78B9EA4983}"=hex:51,66,7a,6c,4c,1d,38,12,69,bd,55,
   bf,d9,5d,27,09,cf,e6,bf,38,bc,b4,0d,97
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5a,c7,72,9e,55,3c,ce,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-06-30  02:28:36
ComboFix-quarantined-files.txt  2013-06-30 06:28
ComboFix2.txt  2013-06-28 18:15
ComboFix3.txt  2013-05-26 18:01
.
Pre-Run: 26,161,131,520 bytes free
Post-Run: 26,249,920,512 bytes free
.
- - End Of File - - E4455DBA1AC1F3866D1FE2612DED1598
239841E1AE8E4843C0676F3681A7D6BE
 

 

And the farbar scan result (minus the Addition.txt):

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by Diana (administrator) on 15-07-2013 13:18:02
Running from C:\Users\Diana\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.EXE
(Farbar) C:\Users\Diana\Desktop\FRST32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Conime] - %windir%\system32\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=aolrt-ie&s_qt=sb&tb_uuid=4421A3144E7C4952940F57EC49A3B342&tb_oid=26-03-2013&tb_mrud=26-03-2013
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

========================== Services (Whitelisted) =================

R2 AntiSpywareService; C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [394712 2012-06-18] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [777728 2012-06-19] (Eastman Kodak Company)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-08] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-30] ()
S3 mr7910; C:\Windows\System32\DRIVERS\mr7910.sys [46848 2007-03-20] (Mars Semiconductor Corp.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2007-05-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [x]
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\Diana\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 keycrypt; system32\DRIVERS\KeyCrypt32.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\FRST
2013-07-15 13:16 - 2013-07-15 13:15 - 01218214 _____ (Farbar) C:\Users\Diana\Desktop\FRST32.exe
2013-07-15 13:04 - 2012-10-02 10:23 - 00650870 _____ C:\Users\Diana\Desktop\comintrep.exe
2013-07-15 13:01 - 2013-07-15 13:01 - 00015024 _____ C:\Users\Diana\Desktop\ComboFix.txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00013529 _____ C:\Users\Diana\Desktop\dattach.txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00011540 _____ C:\Users\Diana\Desktop\Ddds.txt
2013-07-06 12:11 - 2013-03-29 21:45 - 00688992 ____R (Swearware) C:\Users\Diana\Desktop\dds.scr
2013-06-30 17:27 - 2013-06-30 17:27 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-06-30 17:27 - 2013-06-30 17:27 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-06-30 17:27 - 2013-06-30 17:27 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-06-30 17:27 - 2013-06-30 17:27 - 00001789 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-06-30 17:27 - 2013-06-30 17:27 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-30 17:27 - 2013-06-30 17:27 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-30 17:27 - 2013-06-30 17:27 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-30 17:27 - 2013-05-09 04:59 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-06-30 17:27 - 2013-05-09 04:59 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-06-30 17:27 - 2013-05-09 04:59 - 00049760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-06-30 17:27 - 2013-05-09 04:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-06-30 17:27 - 2013-05-09 04:59 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-06-30 17:27 - 2013-05-09 04:58 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-06-30 17:26 - 2013-05-09 04:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-06-30 17:25 - 2013-06-30 17:25 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-30 17:25 - 2013-06-30 17:25 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-30 02:28 - 2013-06-30 02:28 - 00015024 _____ C:\ComboFix.txt
2013-06-29 17:00 - 2013-06-28 13:25 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.20130629-170003.backup
2013-06-29 16:38 - 2013-07-15 13:05 - 00081682 _____ C:\Windows\WindowsUpdate.log
2013-06-29 12:17 - 2012-11-28 23:57 - 04732416 _____ (AVAST Software) C:\Users\Diana\Desktop\aswMBR (1).exe
2013-06-28 15:53 - 2013-06-28 15:53 - 00000000 ____D C:\Users\Diana\AppData\Roaming\SUPERAntiSpyware.com
2013-06-28 13:54 - 2013-06-28 13:54 - 05084379 ____R (Swearware) C:\Users\Diana\Desktop\ComboFix.exe
2013-06-28 13:51 - 2013-06-28 13:52 - 00002686 _____ C:\Users\Diana\Desktop\Rkill.txt
2013-06-28 13:23 - 2012-05-27 02:40 - 00000000 ____D C:\Users\Diana\Desktop\Complete Internet Repair
2013-06-28 13:20 - 2013-06-28 13:20 - 00001017 _____ C:\Users\Diana\Desktop\Revo Uninstaller.lnk
2013-06-28 13:20 - 2013-06-28 13:20 - 00000000 ____D C:\Program Files\VS Revo Group

==================== One Month Modified Files and Folders =======

2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\FRST
2013-07-15 13:16 - 2010-03-24 20:52 - 00000000 ___RD C:\Users\Diana\Desktop
2013-07-15 13:15 - 2013-07-15 13:16 - 01218214 _____ (Farbar) C:\Users\Diana\Desktop\FRST32.exe
2013-07-15 13:10 - 2013-06-29 16:38 - 00081682 _____ C:\Windows\WindowsUpdate.log
2013-07-15 13:07 - 2011-02-24 17:21 - 00000000 ____D C:\ProgramData\Kodak
2013-07-15 13:06 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 13:06 - 2006-11-02 08:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 13:06 - 2006-11-02 08:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 13:05 - 2006-11-02 09:01 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-15 13:01 - 2013-07-15 13:01 - 00015024 _____ C:\Users\Diana\Desktop\ComboFix.txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00013529 _____ C:\Users\Diana\Desktop\dattach.txt
2013-07-06 12:20 - 2013-07-06 12:20 - 00011540 _____ C:\Users\Diana\Desktop\Ddds.txt
2013-06-30 17:27 - 2013-06-30 17:27 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-06-30 17:27 - 2013-06-30 17:27 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-06-30 17:27 - 2013-06-30 17:27 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-06-30 17:27 - 2013-06-30 17:27 - 00001789 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-06-30 17:27 - 2013-06-30 17:27 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-30 17:27 - 2013-06-30 17:27 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-30 17:27 - 2013-06-30 17:27 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-30 17:27 - 2006-11-02 07:18 - 00000000 ___RD C:\Users\Public\Desktop
2013-06-30 17:27 - 2006-11-02 06:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-06-30 17:26 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-06-30 17:25 - 2013-06-30 17:25 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-30 17:25 - 2013-06-30 17:25 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-30 02:28 - 2013-06-30 02:28 - 00015024 _____ C:\ComboFix.txt
2013-06-30 02:28 - 2013-05-26 13:35 - 00000000 ____D C:\Qoobox
2013-06-30 02:26 - 2006-11-02 06:23 - 00000215 _____ C:\Windows\system.ini
2013-06-30 02:17 - 2013-05-26 13:34 - 00000000 ____D C:\Windows\erdnt
2013-06-30 02:08 - 2010-03-24 21:09 - 00000000 ____D C:\Users\Diana\AppData\Local\MediaDirect
2013-06-30 02:08 - 2010-03-24 21:09 - 00000000 ____D C:\ProgramData\CyberLink
2013-06-30 02:08 - 2010-03-24 21:08 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2013-06-30 02:08 - 2010-03-24 21:08 - 00000000 ____D C:\Program Files\CyberLink
2013-06-30 02:08 - 2010-03-24 21:00 - 00000000 ____D C:\Program Files\Dell
2013-06-30 02:05 - 2010-04-06 07:31 - 00000000 ____D C:\Program Files\Adobe
2013-06-30 02:00 - 2011-08-18 19:05 - 00000000 ____D C:\Program Files\ComcastUI
2013-06-29 14:04 - 2013-05-26 14:06 - 00001662 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-06-29 14:04 - 2013-05-26 14:06 - 00000000 ____D C:\Program Files\Defraggler
2013-06-29 14:03 - 2013-05-26 10:30 - 00000764 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-06-29 14:03 - 2013-05-26 10:30 - 00000000 ____D C:\Program Files\CCleaner
2013-06-29 13:53 - 2011-09-20 20:58 - 00000000 ____D C:\Users\Diana\AppData\Local\CrashDumps
2013-06-29 12:05 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-29 11:50 - 2006-11-02 06:33 - 00718604 _____ C:\Windows\system32\PerfStringBackup.INI
2013-06-28 22:25 - 2006-11-02 07:18 - 00000000 ___RD C:\Users\Public
2013-06-28 22:02 - 2006-11-02 07:18 - 00000000 ___RD C:\Users\Default
2013-06-28 21:57 - 2012-01-02 23:34 - 00000000 ____D C:\Users\Diana\AppData\Roaming\Nokia
2013-06-28 21:40 - 2010-03-24 20:52 - 00000000 ____D C:\Users\Diana
2013-06-28 20:41 - 2013-03-08 23:00 - 00000000 ____D C:\Windows\BuzzSocialPointsChecker
2013-06-28 15:53 - 2013-06-28 15:53 - 00000000 ____D C:\Users\Diana\AppData\Roaming\SUPERAntiSpyware.com
2013-06-28 14:25 - 2011-06-20 15:06 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-28 14:25 - 2010-04-06 07:30 - 00000000 ____D C:\ProgramData\Adobe
2013-06-28 14:24 - 2011-06-22 00:04 - 00000000 ____D C:\Users\Diana\AppData\Local\ID Vault
2013-06-28 14:24 - 2011-06-22 00:02 - 00000000 ____D C:\Users\Diana\AppData\Roaming\ID Vault
2013-06-28 13:54 - 2013-06-28 13:54 - 05084379 ____R (Swearware) C:\Users\Diana\Desktop\ComboFix.exe
2013-06-28 13:52 - 2013-06-28 13:51 - 00002686 _____ C:\Users\Diana\Desktop\Rkill.txt
2013-06-28 13:33 - 2013-04-20 19:08 - 00000000 ____D C:\ID Vault
2013-06-28 13:25 - 2013-06-29 17:00 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts.20130629-170003.backup
2013-06-28 13:20 - 2013-06-28 13:20 - 00001017 _____ C:\Users\Diana\Desktop\Revo Uninstaller.lnk
2013-06-28 13:20 - 2013-06-28 13:20 - 00000000 ____D C:\Program Files\VS Revo Group

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-15 13:14

==================== End Of Log ============================

 

 



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:38 AM

Posted 15 July 2013 - 06:24 PM

Hello again,

There is not too much showing in your logs that need attention, but I'd like to unlock a registry key to remove a line from it. This may take more than one run of Combofix, but we'll start with unlocking the key, and then get another log for a better view.

==========
 

Since you didn't ask for the Addition file I won't include it here from Farbar but if you need it I've saved it to thumbdrive.

Yes, I asked for the Addition.txt to be attached:
 

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

==========

After doing that, I'd like to get the contents of the Combofix Quarantine file. Since you posted the log from the 3rd run of Combofix, I need to also see what it removed in previous runs:

Step :step1:

Please navigate to the file at: C:\QooBox\ComboFix-quarantined-files.txt

Then copy and paste the contents of that file in your next reply.

==========

Step :step2:

Run a Combofix Script


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy the text in the codebox below, then paste it into the empty notepad:
 
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

ClearJavaCache::
Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Step :step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
==========

In your next reply, please include the following:
  • The contents of the C:\QooBox\ComboFix-quarantined-files.txt file
  • The latest Combofix log
  • Attach the Addition.txt file
bloopie

#10 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 16 July 2013 - 01:16 AM

Sorry about that. I'll include the Addition.txt here and then add the previous ComboFix quarantined list to this and then do the fresh run of Combo on another reply.

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-07-2013
Ran by Diana at 2013-07-15 13:18:58
Running from C:\Users\Diana\Desktop
Boot Mode: Normal
==========================================================

32 Bit HP CIO Components Installer (Version: 1.0.0)
AIO_Scan (Version: 90.0.222.000)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 6.2.3.10)
aioscnnr (Version: 7.3.4.0)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Amazon MP3 Uploader (Version: 1.0.6)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1489.0)
Bonjour (Version: 3.0.0.10)
C4USelfUpdater (Version: 1.00.0000)
CCleaner (Version: 4.03)
center (Version: 6.2.5.0)
D3DX10 (Version: 15.4.2368.0902)
Defraggler (Version: 2.14)
Dell Mobile Broadband Card Utility (Version: 2.06.03.050)
Dell Resource CD (Version: 1.00.0000)
Dell Wireless WLAN Card (Version: 4.170.25.12)
Dell WUSB (Version: 1.3.98.8)
DesignPro 5 (Version: 5.5.708)
essentials (Version: 6.0.14.0)
ffdshow [rev 2936] [2009-05-03] (Version: 1.0)
iCloud (Version: 2.1.2.8)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software (Version: 11.01.0000)
iTunes (Version: 11.0.4.4)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Kodak AIO Printer (Version: 7.5.0.0)
KODAK AiO Software (Version: 7.5.9.60)
ksDIP (Version: 3.20.0000.0000)
Laptop Integrated Webcam Driver (1.04.01.1011) 
LG USB Modem driver
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
mCore (Version: 9.24.0000)
mDriver (Version: 9.24.0000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
mHelp (Version: 9.24.0000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
mMHouse (Version: 9.24.0000)
MobileMe Control Panel (Version: 3.1.8.0)
mPfMgr (Version: 9.24.0000)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
mWMI (Version: 9.24.0000)
ocr (Version: 6.2.3.50)
OutlookAddinSetup (Version: 1.0.0)
PC Connectivity Solution (Version: 11.5.13.0)
Photo Viewer (Version: 1.00.0000)
PreReq (Version: 6.2.4.0)
QuickTime (Version: 7.74.80.86)
Revo Uninstaller 1.94 (Version: 1.94)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.117)
Roxio Update Manager (Version: 3.0.0)
Segoe UI (Version: 15.4.2271.0615)
Sonic Activation Module (Version: 1.0)
TomTom HOME (Version: 2.9.2)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 90.0.146.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WordPerfect Office 12 (Version: 12.0.0.238)
 

==================== Restore Points  =========================

==================== Hosts content: ==========================

2006-11-02 06:23 - 2013-07-15 13:05 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2A178DC0-F473-49E2-9B63-D5E846234688} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {33F1A7EA-038E-488C-A90D-D48281F5BE11} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files\Norton Security Suite\Engine\20.3.1.22\SymErr.exe No File
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {489C1FCF-2B46-4034-843D-C595227EABA5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {4FA49A66-B572-401B-90A9-FD3CBF5B69C1} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {5E74D894-E5D7-4EEB-8B05-CD8FC7337BE6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-116562051-287198144-205346468-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File
Task: {6C0422A4-4C35-4FF2-8EE4-37DE9BDF30C7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {726CF07D-3EAD-4D6B-B586-4ACBEB10CDF0} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security Suite\Engine\20.3.1.22\WSCStub.exe No File
Task: {76265D60-FCE4-483D-8185-D3766A635A91} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {806B927B-4F74-4353-BF3E-33BC0B9C9D54} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe No File
Task: {80AD4D41-C20D-451F-9200-1A24DBC9132E} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {9127B9B1-61C4-4005-B525-81CA0CFDB704} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-116562051-287198144-205346468-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {AC9606F8-71E1-4D05-BEAE-C3FCA5375652} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {B8E4CFE3-6734-4C5E-B2BE-D45377BCF486} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files\Norton Security Suite\Engine\20.3.1.22\SymErr.exe No File
Task: {C436246B-6B3E-41A9-8FF4-2F9B58B8F50A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CCA92A06-984D-4E47-960C-33B28364ED13} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2010-03-26] ()
Task: {E7336E95-6EB9-4016-8DEB-9F2D44C1AECD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {F97DC608-0AC4-48A3-B3A3-41CD130E436E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PATRIOT
Description: Patriot Memory 
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer:        
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2013 01:06:46 PM) (Source: AntiSpywareService) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (07/15/2013 01:05:36 PM) (Source: AntiSpywareService) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (07/15/2013 01:01:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2013 00:57:40 PM) (Source: AntiSpywareService) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (07/06/2013 01:10:13 PM) (Source: AntiSpywareService) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (07/06/2013 00:10:34 PM) (Source: AntiSpywareService) (User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (06/30/2013 08:47:53 PM) (Source: AntiSpywareService) (User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (06/30/2013 08:47:48 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/30/2013 08:08:51 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 33.2.168.192.in-addr.arpa. PTR Diana-PC.local.

Error: (06/30/2013 08:08:51 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.33:5353   18 33.2.168.192.in-addr.arpa. PTR Diana-PC-2.local.

System errors:
=============
Error: (07/15/2013 01:10:14 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.33 for the Network Card with network address 00219BF5B953 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/15/2013 01:07:35 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (07/15/2013 01:07:35 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (07/15/2013 01:07:35 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (07/15/2013 01:07:35 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (07/15/2013 01:07:35 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/15/2013 00:58:30 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (07/15/2013 00:58:30 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (07/15/2013 00:58:29 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (07/15/2013 00:58:28 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Microsoft Office Sessions:
=========================
Error: (07/15/2013 01:06:46 PM) (Source: AntiSpywareService)(User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (07/15/2013 01:05:36 PM) (Source: AntiSpywareService)(User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (07/15/2013 01:01:59 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"F:\HitmanPro_x64.exe

Error: (07/15/2013 00:57:40 PM) (Source: AntiSpywareService)(User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (07/06/2013 01:10:13 PM) (Source: AntiSpywareService)(User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (07/06/2013 00:10:34 PM) (Source: AntiSpywareService)(User: )
Description: Service failed on stop: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (06/30/2013 08:47:53 PM) (Source: AntiSpywareService)(User: )
Description: Service failed on shutdown: Access violation at address 0047E52D in module 'ComcastAntiSpyService.exe'. Read of address 0000000C

Error: (06/30/2013 08:47:48 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/30/2013 08:08:51 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 33.2.168.192.in-addr.arpa. PTR Diana-PC.local.

Error: (06/30/2013 08:08:51 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.33:5353   18 33.2.168.192.in-addr.arpa. PTR Diana-PC-2.local.

CodeIntegrity Errors:
===================================
  Date: 2013-06-29 15:52:00.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 15:51:59.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 15:51:59.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 15:51:59.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 15:51:59.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 15:51:58.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 15:51:58.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 15:51:58.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 15:51:58.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 15:51:57.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 80%
Total physical RAM: 2037.31 MB
Available physical RAM: 394.67 MB
Total Pagefile: 1974.59 MB
Available Pagefile: 387.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:131.49 GB) (Free:24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:9.35 GB) NTFS
Drive f: (PATRIOT) (Removable) (Total:14.91 GB) (Free:13.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 48000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=131 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

 

 

 

ComboFix:

 

2013-06-30 06:27:40 . 2013-06-30 06:27:40              960 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SunJavaUpdateSched.reg.dat
2013-06-30 06:27:40 . 2013-06-30 06:27:40              906 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PCMService.reg.dat
2013-06-30 06:27:38 . 2013-06-30 06:27:38              990 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Reader Speed Launcher.reg.dat
2013-06-30 06:27:38 . 2013-06-30 06:27:38              922 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe ARM.reg.dat
2013-06-30 06:27:36 . 2013-06-30 06:27:36              916 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}.reg.dat
2013-06-28 17:59:37 . 2013-06-30 06:18:58              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-05-26 18:00:12 . 2013-05-26 18:00:12            1,118 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-eMusic Download Manager.reg.dat
2013-05-26 18:00:12 . 2013-05-26 18:00:12            1,380 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Coupon Printer for Windows5.0.0.1.reg.dat
2013-05-26 18:00:01 . 2013-05-26 18:00:01              970 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-sp.reg.dat
2013-05-26 18:00:01 . 2013-05-26 18:00:01              928 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-NokiaSuite.reg.dat
2013-05-26 18:00:01 . 2013-05-26 18:00:01              906 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Monitor.reg.dat
2013-05-26 18:00:01 . 2013-05-26 18:00:01              946 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MobileDocuments.reg.dat
2013-05-26 17:59:59 . 2013-05-26 17:59:59              534 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
2013-05-26 17:59:59 . 2013-05-26 17:59:59              534 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat
2013-05-26 17:59:59 . 2013-05-26 17:59:59              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-86276597.sys.reg.dat
2013-05-26 17:59:51 . 2013-05-26 17:59:51              201 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKU-Default-RunOnce-FlashPlayerUpdate.reg.dat
2013-05-26 17:48:36 . 2013-06-30 06:24:38            8,607 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-05-26 17:37:24 . 2013-06-30 06:18:59              206 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-03-26 12:24:48 . 2013-03-26 12:24:48          137,728 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\yeALt.dll.vir
2010-04-17 02:25:33 . 2010-04-24 18:16:44              234 ----a-w-  C:\Qoobox\Quarantine\C\Users\Diana\AppData\Roaming\Roaming\Nevosoft\Vampireville\settings.txt.vir
2010-03-25 01:59:41 . 2010-03-25 01:59:41              163 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\Roaming\Intel\Wireless\Settings\Settings.ini.vir



#11 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 16 July 2013 - 01:54 AM

Fresh run of ComboFix with the script inserted:
 

ComboFix 13-06-28.02 - Diana 07/16/2013   2:26.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.721 [GMT -4:00]
Running from: c:\users\Diana\Desktop\ComboFix.exe
Command switches used :: c:\users\Diana\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-16 to 2013-07-16  )))))))))))))))))))))))))))))))
.
.
2013-07-16 06:37 . 2013-07-16 06:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-07-16 06:37 . 2013-07-16 06:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-16 06:37 . 2013-07-16 06:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-15 17:31 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3129033-67EB-4321-B2A4-3672718DEE85}\mpengine.dll
2013-07-15 17:17 . 2013-07-15 17:17 -------- d-----w- C:\FRST
2013-06-30 21:27 . 2013-06-30 21:27 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-30 21:27 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-06-30 21:27 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-06-30 21:27 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-06-30 21:27 . 2013-06-30 21:27 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-30 21:27 . 2013-06-30 21:27 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-30 21:27 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-30 21:27 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-30 21:27 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-30 21:26 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-30 21:25 . 2013-06-30 21:25 -------- d-----w- c:\program files\AVAST Software
2013-06-30 21:25 . 2013-06-30 21:25 -------- d-----w- c:\programdata\AVAST Software
2013-06-28 19:53 . 2013-06-28 19:53 -------- d-----w- c:\users\Diana\AppData\Roaming\SUPERAntiSpyware.com
2013-06-28 17:20 . 2013-06-28 17:20 -------- d-----w- c:\program files\VS Revo Group
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 22:39 . 2013-06-13 14:27 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-16 22:28 . 2013-06-13 14:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 22:27 . 2013-06-13 14:27 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-16 22:21 . 2013-06-13 14:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-16 22:20 . 2013-06-13 14:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-16 22:16 . 2013-06-13 14:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-10 16:26 . 2010-06-24 15:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 04:37 . 2013-06-13 13:23 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-03 01:00 . 2013-05-03 01:02 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-03 01:00 . 2013-05-03 01:02 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-03 01:00 . 2010-07-07 20:38 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-02 22:03 . 2013-06-13 13:23 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03 . 2013-06-13 13:23 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 06:06 . 2010-03-25 22:43 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-02 04:04 . 2013-06-13 13:22 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:03 . 2013-06-13 13:22 37376 ----a-w- c:\windows\system32\printcom.dll
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-24 04:00 . 2013-06-13 13:23 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-04-24 04:00 . 2013-06-13 13:23 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-04-24 04:00 . 2013-06-13 13:23 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-24 04:00 . 2013-06-13 13:23 41984 ----a-w- c:\windows\system32\certenc.dll
2013-04-24 01:46 . 2013-06-13 13:23 812544 ----a-w- c:\windows\system32\certutil.exe
2013-04-17 12:30 . 2013-06-13 13:22 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Constant Guard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
backup=c:\windows\pss\Constant Guard.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ultrawideband Control Center.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ultrawideband Control Center.lnk
backup=c:\windows\pss\Ultrawideband Control Center.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Diana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^T-Mobile Download Manager.lnk]
path=c:\users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Mobile Download Manager.lnk
backup=c:\windows\pss\T-Mobile Download Manager.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2013-04-05 16:58 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-12-08 18:34 3444736 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks.daemon]
2013-04-05 16:58 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-08-19 17:25 1589208 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2009-04-11 06:27 69120 ----a-w- c:\windows\System32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 06:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2011-06-16 21:53 2510848 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-13 12:24 154136 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2013-04-05 16:59 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-13 12:24 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 15:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 15:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 15:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 21:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-13 12:24 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 15:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systray]
2007-06-23 18:28 331851 ----a-w- c:\program files\Dell\Dell Mobile Broadband\systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-08-28 11:41 247768 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-16 02:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5a,c7,72,9e,55,3c,ce,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-07-16  02:40:54
ComboFix-quarantined-files.txt  2013-07-16 06:40
ComboFix2.txt  2013-06-30 06:28
ComboFix3.txt  2013-06-28 18:15
ComboFix4.txt  2013-05-26 18:01
.
Pre-Run: 25,499,394,048 bytes free
Post-Run: 25,466,748,928 bytes free
.
- - End Of File - - F46970AD0689CC47D7E0643363EB5A99
239841E1AE8E4843C0676F3681A7D6BE

 

 

Now the FSS scan:
 

Farbar Service Scanner Version: 13-07-2013
Ran by Diana (administrator) on 16-07-2013 at 02:45:21
Running from "C:\Users\Diana\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-13 09:23] - [2013-04-24 00:00] - 0133120 ____A (Microsoft Corporation) 3EDE4C1F9672C972479201544969ADCB

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

 

 



#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:38 AM

Posted 16 July 2013 - 01:59 PM

Hello again,
 
That's looking a bit better, but I still see a lot of issues with Comcast Antispyware. Could you please check and see if it's present in your add/remove programs list? If it's preset, please remove it and reboot.
 
If it's not there then try to navigate to the folder: C:\Program Files\comcasttb and see if there is an uninstaller in there for you to run. If so, run that and then reboot the machine. Let me know how the machine is running after this.
 
==========
 
If this doesn't help, then please run a scan with OTL and we'll see if we can yank them manually:

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the runscan.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
bloopie

#13 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 16 July 2013 - 10:59 PM

Wasn't available in the add/remove programs section and I wasn't sure if simply deleting it form the folder would get it all so I scanned with OTL Here are the results:

 

OTL logfile created on: 7/16/2013 11:25:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Diana\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.48% Memory free
1.93 Gb Paging File | 0.93 Gb Available in Paging File | 48.23% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.49 Gb Total Space | 23.36 Gb Free Space | 17.77% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.35 Gb Free Space | 62.35% Space Free | Partition Type: NTFS
 
Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/07 20:12:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe
PRC - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/06/16 17:53:22 | 002,510,848 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/16 22:29:19 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/04/13 15:38:22 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/10/27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\KeyCrypt32.sys -- (keycrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Diana\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013/06/30 17:27:31 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/30 17:27:31 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/30 17:27:31 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/03/15 01:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/01 13:57:18 | 000,178,176 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/05/30 16:50:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/03/26 16:18:24 | 000,111,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2007/03/20 07:21:18 | 000,046,848 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mr7910.sys -- (mr7910)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=aolrt-ie&s_qt=sb&tb_uuid=4421A3144E7C4952940F57EC49A3B342&tb_oid=26-03-2013&tb_mrud=26-03-2013
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-116562051-287198144-205346468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Diana\Downloads
IE - HKU\S-1-5-21-116562051-287198144-205346468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-116562051-287198144-205346468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-116562051-287198144-205346468-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-116562051-287198144-205346468-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-116562051-287198144-205346468-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Diana\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins
 
[2011/10/31 12:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diana\AppData\Roaming\Mozilla\Extensions
[2011/07/21 13:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diana\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
 
O1 HOSTS File: ([2013/07/15 13:05:28 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-116562051-287198144-205346468-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-116562051-287198144-205346468-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-116562051-287198144-205346468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E461573-2D81-4682-83B9-B57E615292D5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65EBEBF8-CCE9-45C4-82D5-C2E5A3D6BBF2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D16C2BF-6882-47D3-B317-0DB333FE7A72}: DhcpNameServer = 10.177.0.34 10.168.179.116
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/16 23:24:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe
[2013/07/16 03:04:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/16 03:04:47 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/16 03:04:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/16 03:04:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/16 03:04:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/16 03:04:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/16 03:04:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/16 03:04:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/16 02:58:07 | 000,000,000 | ---D | C] -- C:\d087c9d0675caad859
[2013/07/16 02:44:42 | 000,357,077 | ---- | C] (Farbar) -- C:\Users\Diana\Desktop\FSS.exe
[2013/07/16 02:40:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/16 02:39:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/15 13:27:42 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/15 13:27:24 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/15 13:27:23 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/07/15 13:27:23 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/07/15 13:27:23 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/07/15 13:27:23 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/07/15 13:27:22 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/07/15 13:27:22 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/07/15 13:27:22 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/07/15 13:27:20 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/15 13:27:19 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/15 13:17:26 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/15 13:16:35 | 001,218,214 | ---- | C] (Farbar) -- C:\Users\Diana\Desktop\FRST32.exe
[2013/07/06 12:11:30 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Diana\Desktop\dds.scr
[2013/06/30 17:27:20 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/30 17:27:20 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/06/30 17:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/06/30 17:27:18 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/06/30 17:27:18 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/06/30 17:27:16 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/30 17:27:13 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/06/30 17:27:12 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/06/30 17:26:20 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/06/30 17:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/30 17:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/06/29 12:17:26 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Diana\Desktop\aswMBR (1).exe
[2013/06/28 15:53:48 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Roaming\SUPERAntiSpyware.com
[2013/06/28 13:54:11 | 005,084,379 | R--- | C] (Swearware) -- C:\Users\Diana\Desktop\ComboFix.exe
[2013/06/28 13:23:50 | 000,000,000 | ---D | C] -- C:\Users\Diana\Desktop\Complete Internet Repair
[2013/06/28 13:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/06/28 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/16 22:28:40 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 22:28:37 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 22:27:02 | 000,525,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/16 22:26:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/16 03:09:40 | 000,604,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/16 03:09:40 | 000,104,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/16 02:30:08 | 000,357,077 | ---- | M] (Farbar) -- C:\Users\Diana\Desktop\FSS.exe
[2013/07/15 13:15:20 | 001,218,214 | ---- | M] (Farbar) -- C:\Users\Diana\Desktop\FRST32.exe
[2013/07/15 13:05:28 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/06/30 17:27:31 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/30 17:27:31 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/30 17:27:31 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/30 17:27:31 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/30 17:27:31 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/30 17:27:31 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/30 17:27:21 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/30 17:27:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/06/29 14:04:37 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/06/29 14:03:01 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/28 13:54:11 | 005,084,379 | R--- | M] (Swearware) -- C:\Users\Diana\Desktop\ComboFix.exe
[2013/06/28 13:25:16 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130629-170003.backup
[2013/06/28 13:20:59 | 000,001,017 | ---- | M] () -- C:\Users\Diana\Desktop\Revo Uninstaller.lnk
 
========== Files Created - No Company Name ==========
 
[2013/07/15 13:04:08 | 000,650,870 | ---- | C] () -- C:\Users\Diana\Desktop\comintrep.exe
[2013/06/30 17:27:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/30 17:27:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/30 17:27:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/30 17:27:21 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/30 17:27:16 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/30 17:27:15 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/06/28 13:20:59 | 000,001,017 | ---- | C] () -- C:\Users\Diana\Desktop\Revo Uninstaller.lnk
[2013/05/26 13:37:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/26 13:37:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/26 13:37:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/26 13:37:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/26 13:37:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/22 09:17:41 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/12/07 01:11:47 | 000,001,001 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/08/18 15:39:00 | 000,000,000 | ---- | C] () -- C:\Users\Diana\AppData\Local\{1C2D71AE-7ED9-4B06-A18A-DDEC7095FB3C}
[2011/05/12 15:23:57 | 000,001,940 | ---- | C] () -- C:\Users\Diana\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/03/25 20:54:42 | 000,007,680 | ---- | C] () -- C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/25 20:05:21 | 000,000,552 | ---- | C] () -- C:\Users\Diana\AppData\Local\d3d8caps.dat
[2010/03/24 20:52:37 | 000,001,356 | ---- | C] () -- C:\Users\Diana\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

 

OTL Extras logfile created on: 7/16/2013 11:25:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Diana\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.48% Memory free
1.93 Gb Paging File | 0.93 Gb Available in Paging File | 48.23% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.49 Gb Total Space | 23.36 Gb Free Space | 17.77% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.35 Gb Free Space | 62.35% Space Free | Partition Type: NTFS
 
Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7548B60A-906F-4A58-9F59-2F950F2E4AB2}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{EEB88C79-5E38-45D9-A7A5-7C2C8C40CE31}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{067F36D7-A47F-15A9-6163-425ACC2F59F3}" = Amazon MP3 Uploader
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4160A344-5848-4332-919F-0CB063822AA3}" = Dell Mobile Broadband Card Utility
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86B5E5AF-3D50-4979-9C81-687C1B3C586D}" = Dell WUSB
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"com.amazon.music.uploader" = Amazon MP3 Uploader
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) 
"Defraggler" = Defraggler
"ffdshow_is1" = ffdshow [rev 2936] [2009-05-03]
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel® PROSet/Wireless Software
"Revo Uninstaller" = Revo Uninstaller 1.94
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-116562051-287198144-205346468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/30/2013 8:08:51 PM | Computer Name = Diana-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   16 33.2.168.192.in-addr.arpa.
 PTR Diana-PC.local.
 
Error - 6/30/2013 8:47:48 PM | Computer Name = Diana-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 6/30/2013 8:47:53 PM | Computer Name = Diana-PC | Source = AntiSpywareService | ID = 0
Description =
 
Error - 7/6/2013 12:10:34 PM | Computer Name = Diana-PC | Source = AntiSpywareService | ID = 0
Description =
 
Error - 7/6/2013 1:10:13 PM | Computer Name = Diana-PC | Source = AntiSpywareService | ID = 0
Description =
 
Error - 7/15/2013 12:57:40 PM | Computer Name = Diana-PC | Source = AntiSpywareService | ID = 0
Description =
 
Error - 7/15/2013 1:01:59 PM | Computer Name = Diana-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "F:\HitmanPro_x64.exe".  Dependent
 Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 7/15/2013 1:05:36 PM | Computer Name = Diana-PC | Source = AntiSpywareService | ID = 0
Description =
 
Error - 7/15/2013 1:06:46 PM | Computer Name = Diana-PC | Source = AntiSpywareService | ID = 0
Description =
 
Error - 7/16/2013 2:08:25 AM | Computer Name = Diana-PC | Source = AntiSpywareService | ID = 0
Description =
 
Error - 7/16/2013 10:27:32 PM | Computer Name = Diana-PC | Source = AntiSpywareService | ID = 0
Description =
 
[ Broadcom Wireless LAN Events ]
Error - 4/27/2013 1:06:51 PM | Computer Name = Diana-PC | Source = WLAN-Tray | ID = 0
Description = 13:06:51, Sat, Apr 27, 13 Error - Unable to gain access to user store

 
Error - 4/29/2013 11:05:09 AM | Computer Name = Diana-PC | Source = WLAN-Tray | ID = 0
Description = 11:05:09, Mon, Apr 29, 13 Error - Unable to gain access to user store

 
Error - 4/29/2013 11:57:31 AM | Computer Name = Diana-PC | Source = WLAN-Tray | ID = 0
Description = 11:57:31, Mon, Apr 29, 13 Error - Unable to gain access to user store

 
Error - 4/30/2013 6:52:56 PM | Computer Name = Diana-PC | Source = WLAN-Tray | ID = 0
Description = 18:52:55, Tue, Apr 30, 13 Error - Unable to gain access to user store

 
Error - 5/1/2013 11:20:59 AM | Computer Name = Diana-PC | Source = WLAN-Tray | ID = 0
Description = 11:20:59, Wed, May 01, 13 Error - Unable to gain access to user store

 
Error - 5/1/2013 11:16:28 PM | Computer Name = Diana-PC | Source = WLAN-Tray | ID = 0
Description = 23:16:27, Wed, May 01, 13 Error - Unable to gain access to user store

 
Error - 5/2/2013 8:35:27 PM | Computer Name = Diana-PC | Source = WLAN-Tray | ID = 0
Description = 20:35:27, Thu, May 02, 13 Error - Unable to gain access to user store

 
Error - 5/13/2013 9:30:39 PM | Computer Name = Diana-PC | Source = WLAN-Tray | ID = 0
Description = 21:30:39, Mon, May 13, 13 Error - Unable to gain access to user store

 
Error - 5/14/2013 12:33:01 PM | Computer Name = Diana-PC | Source = WLAN-Tray | ID = 0
Description = 12:33:01, Tue, May 14, 13 Error - Unable to gain access to user store

 
Error - 5/20/2013 6:30:36 PM | Computer Name = Diana-PC | Source = WLAN-Tray | ID = 0
Description = 18:30:36, Mon, May 20, 13 Error - Unable to gain access to user store

 
[ Media Center Events ]
Error - 3/25/2011 2:58:06 PM | Computer Name = Diana-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package NetTV.
 
[ System Events ]
Error - 7/16/2013 2:09:32 AM | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 7/16/2013 2:25:44 AM | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 7/16/2013 2:25:48 AM | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 7/16/2013 2:33:33 AM | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 7/16/2013 2:37:57 AM | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 7/16/2013 10:28:24 PM | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 7/16/2013 10:28:24 PM | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 7/16/2013 10:28:28 PM | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 7/16/2013 10:38:55 PM | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 7/16/2013 10:38:56 PM | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >



#14 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 16 July 2013 - 11:01 PM

AOL redirect and Java are showing up but I thought I'd removed them?


Edited by sh4rkbyt3, 16 July 2013 - 11:01 PM.


#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:38 AM

Posted 17 July 2013 - 06:23 PM

Hello again,
 

AOL redirect and Java are showing up but I thought I'd removed them?

I'm not sure I understand what you mean here. Do you mean you are still having redirects with AOL? And what do you mean about Java?
 
==========

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :Processes
    KILLALLPROCESSES
    
    :Services
    AntiSpywareService
    
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\KeyCrypt32.sys -- (keycrypt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Diana\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\AntiLog32.sys -- (AntiLog32)
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-116562051-287198144-205346468-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    
    :Files
    C:\Program Files\comcasttb
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    
  • Click runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

==========

Please let me know how the machine is running after this fix! Is it still running slowly as you mentioned earlier?

 

Also after posting the fix report from the above, please run a fresh scan with OTL making no changes to the settings of the program...just click the "Scan" button and post the new log for my review.

 

Thank you!

 

bloopie






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users