Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"not sure if its clean/still slow."


  • Please log in to reply
21 replies to this topic

#1 dshah

dshah

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 02 October 2013 - 06:24 AM

Hey, I got my computer looked at recently by you guys but my doesn't seem clean and kind of running slow. You can look at my other post titled- "computer running slow" to see exactly what was done in that post. I am including DDS log and attaching Attach.txt file in this post.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by b at 7:17:31 on 2013-10-02
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3035.1298 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_229f3aff50320689\aestsrv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\SecureW2\sw2_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Users\b\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\Eap3Host.exe
C:\Program Files\Pharos\bin\popnet.exe
C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ie
mURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [HP Officejet 6500 E710a-f (NET)] "c:\program files\hp\hp officejet 6500 e710a-f\bin\ScanToPCActivationApp.exe" -deviceID "CN14C223Z705JZ:NW" -scfn "HP Officejet 6500 E710a-f (NET)" -AutoStart 1
uRun: [Google Update] "c:\users\b\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SecureW2 Tray] c:\program files\securew2\sw2_tray.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\b\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\b\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\b\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6E2131603 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6E2330303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\2656C6B696E6E2634656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{EA537DF5-F2B6-484A-8405-327330026C82}\8797A7 : DHCPNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\b\appdata\roaming\mozilla\firefox\profiles\pebbyxtb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\b\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\b\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\b\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-3-19 64800]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_229f3aff50320689\AEstSrv.exe [2011-2-21 73728]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-3 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-3 701512]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-26 136304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-25 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-27 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-27 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-10-13 1343400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 AMPingService;AMPingService;c:\users\b\appdata\local\temp\amping.exe --> c:\users\b\appdata\local\temp\AMPing.exe [?]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-2-28 227896]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2011-2-21 24652]
.
=============== Created Last 30 ================
.
2013-10-01 20:17:33    7328304    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{b3745184-d5f9-4b8f-b69b-cf60de849ef1}\mpengine.dll
2013-09-07 01:18:08    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-09-05 14:04:02    209272    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
2013-09-03 04:05:55    --------    d-----w-    c:\users\b\appdata\local\Programs
2013-09-02 13:59:41    --------    d-----w-    C:\AdwCleaner
.
==================== Find3M  ====================
.
2013-09-19 17:27:09    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 17:27:09    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-07 01:17:37    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-09-07 01:17:37    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-08-10 03:59:10    1767936    ----a-w-    c:\windows\system32\wininet.dll
2013-08-10 03:58:09    2876928    ----a-w-    c:\windows\system32\jscript9.dll
2013-08-10 03:58:06    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-08-10 03:58:06    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-08-10 03:07:50    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-08-10 02:17:19    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-08-08 01:03:07    2348544    ----a-w-    c:\windows\system32\win32k.sys
2013-08-07 08:22:04    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-08-05 01:56:47    133056    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50:36    169984    ----a-w-    c:\windows\system32\winsrv.dll
2013-08-02 01:49:19    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57    271360    ----a-w-    c:\windows\system32\conhost.exe
2013-08-02 00:43:05    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41:01    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-09 05:03:34    3968960    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53:46    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-07-09 04:52:10    175104    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-09 04:50:42    652800    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-07-09 04:46:31    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    c:\windows\system32\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-07-06 05:05:35    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys
.
============= FINISH:  7:18:45.24 ===============
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 04 October 2013 - 09:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 10 October 2013 - 08:33 AM

RogueKiller V8.7.2 [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : b [Admin rights]
Mode : Remove -- Date : 10/10/2013 09:33:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xCB14333C)
[Inline] EAT @explorer.exe (?ms_GlobalPointersInitializationSemaphore@GCUtilDLL@@2VGCReentrantSemaphore@@A) : GrooveUtil.DLL -> HOOKED (Unknown @ 0x6A17DD96)
[Inline] EAT @firefox.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xCB14333C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - SAMSUNG HM160HI ATA Device +++++
--- User ---
[MBR] 90ecae1f022c3ffbddbb0906f6307d2c
[BSP] 9fe3cd165adb0c3bf2237e011806ee68 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 142047 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290914304 | Size: 10576 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10102013_093312.txt >>
RKreport[0]_S_10102013_093039.txt


 



#4 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 10 October 2013 - 08:45 AM

# AdwCleaner v3.007 - Report created 10/10/2013 at 09:43:43
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : b - B-PC
# Running from : C:\Users\b\Downloads\adwcleaner(1).exe
# Option : Scan

***** [ Services ] *****

Service Found : Viewpoint Manager Service

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\pebbyxtb.default\searchplugins\Askcom.xml
File Found : C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\pebbyxtb.default\user.js
Folder Found : C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\pebbyxtb.default\Extensions\toolbar@ask.com
Folder Found C:\Program Files\Ask.com
Folder Found C:\Program Files\Common Files\Software Update Utility
Folder Found C:\Program Files\Common Files\spigot
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\ConduitEngine
Folder Found C:\Program Files\uTorrentBar
Folder Found C:\Program Files\Viewpoint
Folder Found C:\ProgramData\Viewpoint
Folder Found C:\ProgramData\WeCareReminder
Folder Found C:\Users\b\AppData\Local\Temp\AskSearch
Folder Found C:\Users\b\AppData\LocalLow\AskToolbar
Folder Found C:\Users\b\AppData\LocalLow\Conduit
Folder Found C:\Users\b\AppData\LocalLow\ConduitEngine
Folder Found C:\Users\b\AppData\LocalLow\PriceGong
Folder Found C:\Users\b\AppData\LocalLow\uTorrentBar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96F9F118-558E-49CD-A204-DC407D06B7E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96F9F118-558E-49CD-A204-DC407D06B7E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{661EC041-E4E9-4C02-BF7F-DE693E2AFED0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96F9F118-558E-49CD-A204-DC407D06B7E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\uTorrentBar
Key Found : HKLM\Software\Viewpoint
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\pebbyxtb.default\prefs.js ]

Line Found : user_pref("extentions.y2layers.installId", "EA2DAB98-6746-B7D6-9431-E38811A9BDA5");
Line Found : user_pref("extentions.y2layers.installId_backup", "EA2DAB98-6746-B7D6-9431-E38811A9BDA5");
Line Found : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v

[ File : C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10548 octets] - [02/09/2013 09:59:46]
AdwCleaner[R1].txt - [9061 octets] - [10/10/2013 09:35:10]
AdwCleaner[R2].txt - [8981 octets] - [10/10/2013 09:43:43]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [9041 octets] ##########
 



#5 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 10 October 2013 - 08:50 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by b on Thu 10/10/2013 at  9:45:53.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] viewpoint manager service
Successfully deleted: [Service] viewpoint manager service



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\utorrentbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminder
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminder.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.xpt"
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\b\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\b\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Users\b\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\b\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\b\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\b\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\b\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduitengine"
Successfully deleted: [Folder] "C:\Program Files\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"



~~~ FireFox

Successfully deleted: [File] C:\Users\b\AppData\Roaming\mozilla\firefox\profiles\pebbyxtb.default\user.js
Successfully deleted: [File] C:\Users\b\AppData\Roaming\mozilla\firefox\profiles\pebbyxtb.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\b\AppData\Roaming\mozilla\firefox\profiles\pebbyxtb.default\extensions\toolbar@ask.com
Emptied folder: C:\Users\b\AppData\Roaming\mozilla\firefox\profiles\pebbyxtb.default\minidumps [50 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/10/2013 at  9:49:17.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 10 October 2013 - 09:15 AM

ComboFix 13-10-09.01 - b 10/10/2013   9:55.3.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3035.2105 [GMT -4:00]
Running from: c:\users\b\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SecureW2
c:\program files\SecureW2\sw2_rsaproxy.exe
c:\program files\SecureW2\sw2_tray.exe
c:\program files\SecureW2\Uninstall.exe
c:\users\b\AppData\Local\.#
c:\users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\windows\system32\drivers\etc\lmhosts
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-10 to 2013-10-10  )))))))))))))))))))))))))))))))
.
.
2013-10-10 13:45 . 2013-10-10 13:45    --------    d-----w-    c:\windows\ERUNT
2013-10-10 13:27 . 2013-10-10 13:27    60872    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3140884-DE7F-46AA-8D3A-1CDEA3283BC6}\offreg.dll
2013-10-10 07:07 . 2013-09-21 03:30    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-09 12:03 . 2013-07-04 11:50    530432    ----a-w-    c:\windows\system32\comctl32.dll
2013-10-09 12:02 . 2013-08-29 01:51    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-10-09 12:02 . 2013-08-29 01:51    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-10-09 12:02 . 2013-08-29 01:50    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-10-09 12:02 . 2013-08-29 01:50    619520    ----a-w-    c:\windows\system32\tdh.dll
2013-10-09 12:02 . 2013-08-29 01:48    640512    ----a-w-    c:\windows\system32\advapi32.dll
2013-10-08 09:05 . 2013-09-05 05:02    7328304    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3140884-DE7F-46AA-8D3A-1CDEA3283BC6}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 18:27 . 2013-03-19 00:42    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-09 18:27 . 2012-01-18 23:08    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-07 01:17 . 2013-09-07 01:18    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-09-07 01:17 . 2012-05-28 03:04    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-09-07 01:17 . 2011-03-11 03:47    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-08-07 08:22 . 2011-02-22 04:12    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-14 13:19    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 13:18    2048    ----a-w-    c:\windows\system32\tzres.dll
2012-03-28 07:04 . 2013-10-01 02:02    124864    ----a-w-    c:\program files\mozilla firefox\plugins\CCMSDK.dll
2012-03-28 07:47 . 2013-10-01 02:02    13760    ----a-w-    c:\program files\mozilla firefox\plugins\cgpcfg.dll
2012-03-28 07:06 . 2013-10-01 02:02    71104    ----a-w-    c:\program files\mozilla firefox\plugins\CgpCore.dll
2012-03-28 07:05 . 2013-10-01 02:02    92096    ----a-w-    c:\program files\mozilla firefox\plugins\confmgr.dll
2012-03-28 07:05 . 2013-10-01 02:02    22976    ----a-w-    c:\program files\mozilla firefox\plugins\ctxlogging.dll
2012-03-28 07:03 . 2013-10-01 02:02    255936    ----a-w-    c:\program files\mozilla firefox\plugins\ctxmui.dll
2012-03-28 07:05 . 2013-10-01 02:02    32192    ----a-w-    c:\program files\mozilla firefox\plugins\icafile.dll
2012-03-28 07:05 . 2013-10-01 02:02    40896    ----a-w-    c:\program files\mozilla firefox\plugins\icalogon.dll
2012-03-19 14:21 . 2013-10-01 02:02    903096    ----a-w-    c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2012-03-28 07:06 . 2013-10-01 02:02    24512    ----a-w-    c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\b\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\b\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\b\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\b\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6500 E710a-f (NET)"="c:\program files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-01 296056]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\b\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
Monitor Ink Alerts - HP Officejet 6500 E710a-f (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6500 E710a-f\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN14C223Z705JZ;CONNECTION=NW;MONITOR=1; [2009-7-13 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^b^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-01-21 17:09    217088    ----a-w-    c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2012-11-28 21:37    59280    ----a-w-    c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 19:13    59280    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
2013-10-03 06:03    844752    ----a-w-    c:\users\b\AppData\Local\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-22 01:59    136176    ----atw-    c:\users\b\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36    30040    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-06-03 17:45    171288    ----a-w-    c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42    70912    ----a-w-    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31    80896    ----a-w-    c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51    488752    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-06-03 17:45    138008    ----a-w-    c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN]
2011-02-25 01:08    1770400    ----a-w-    c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-11-29 05:49    151952    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 18:50    532040    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2013-04-04 18:50    887432    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-02 02:42    554288    ----a-w-    c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-06-03 17:45    172824    ----a-w-    c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2010-02-25 20:19    323640    ----a-w-    c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-24 06:51    468264    ----a-w-    c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 08:12    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17    1174016    ----a-w-    c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-03-23 19:53    495708    ----a-w-    c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-02-01 02:18    296056    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 23:55    222504    ----a-w-    c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2010-11-20 12:20    859648    ----a-w-    c:\windows\System32\OobeFldr.dll
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-13 1343400]
R4 AMPingService;AMPingService;c:\users\b\AppData\Local\Temp\AMPing.exe [x]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-03-19 64800]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_229f3aff50320689\aestsrv.exe [2008-02-12 73728]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-26 136304]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-11-20 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - mchInjDrv
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx    REG_MULTI_SZ       scan sysagent
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 18:27]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 00:53]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 00:53]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000Core.job
- c:\users\b\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 01:59]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610875902-3989697745-2319974957-1000UA.job
- c:\users\b\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 01:59]
.
2013-09-20 c:\windows\Tasks\HPCeeScheduleForb.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]
.
2013-10-09 c:\windows\Tasks\Norton Security Scan for b.job
- c:\progra~1\NORTON~2\Engine\312~1.9\Nss.exe [2011-06-03 07:42]
.
2013-10-10 c:\windows\Tasks\ReclaimerUpdateFiles_b.job
- c:\users\b\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-17 14:33]
.
2013-10-10 c:\windows\Tasks\ReclaimerUpdateXML_b.job
- c:\users\b\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-17 14:33]
.
2013-10-10 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_b.job
- c:\users\b\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-17 14:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.1.2.30 10.1.2.31
FF - ProfilePath - c:\users\b\AppData\Roaming\Mozilla\Firefox\Profiles\pebbyxtb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SecureW2 Tray - c:\program files\SecureW2\sw2_tray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
MSConfigStartUp-Aim - c:\program files\AIM\aim.exe
MSConfigStartUp-cdloader - c:\users\b\AppData\Roaming\mjusbsp\cdloader2.exe
MSConfigStartUp-Facebook Update - c:\users\b\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-Google Updater - c:\program files\Google\Google Updater\GoogleUpdater.exe
MSConfigStartUp-googletalk - c:\users\b\AppData\Roaming\Google\Google Talk\googletalk.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-PC Cleaners - c:\program files\PC Cleaners\PCCleaners.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
AddRemove-SecureW2 Enterprise Client - c:\program files\SecureW2\Uninstall.exe
AddRemove-SoftwareUpdUtility - c:\program files\Common Files\Software Update Utility\uninstall.exe
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-10  10:12:21
ComboFix-quarantined-files.txt  2013-10-10 14:12
.
Pre-Run: 57,346,195,456 bytes free
Post-Run: 59,821,023,232 bytes free
.
- - End Of File - - 840C6BC5C681A68F2F0A1CBEE5A5C037
A36C5E4F47E84449FF07ED3517B43A31
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 10 October 2013 - 09:37 AM


Looking better, please let me know what problem remains.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#8 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 10 October 2013 - 10:01 AM

It says UNSUPPORTED OPERATING SYSTEM! ABORTED!
 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 10 October 2013 - 12:47 PM

Restart the computer normally. It should then work.

#10 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 10 October 2013 - 02:40 PM

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.0    
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
 Google Chrome 29.0.1547.76  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#11 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 10 October 2013 - 02:42 PM

My computer fan is running all the time at high noise and heat up quickly too.

 

When I am opening like a word document or just mozilla- it takes forever to load things up

 

Next, when I go to certain website it I get a popup saying that If is should continue to run script or not. I have to hit stop script in order to run website

 

Lastly, I get a lot of pop-up when I am surfing internet on mozilla. I don't like using google chrome because there are alot of websites I visit don't work on that browser.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 11 October 2013 - 08:31 AM


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u40 was released on Sept 10. 2013.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Old versions....

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If the problem persist with Mozilla I suggest you remove the application using the Add/Remove programs.

Restart the computer normally.

Reinstall the application.

Before you delete the application you should save you Bookmarks.
https://support.mozilla.org/en-US/kb/restore-bookmarks-from-backup-or-move-them

Keep me posted.

#13 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 15 October 2013 - 03:14 PM

I did update the Java to update 45. I did disable Java in Firefox but I don't understand the purpose of doing it because when I visit certain website they don't open up because it requires Java plug in. Also, certain website that I run I get error saying script may be busy even with my Java disable on my Firefox. 7ZeSU.png

I don't understand what is the purpose of disabling Java plug in if I can't view certain websites that I need to be able to do my work. If you can explain to me what is the purpose and solution around disabled Java plug in that would be really helpful.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 16 October 2013 - 08:27 AM

You should enable Java if you know that what you are doing is safe.

In situation where you have doubt then disable it. I keep it active even when I do research to find some solutions. I hope my Norton 360 will protect me.

This is part of my closing speech.
I'm posting it so that you may decide what is good for you.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#15 dshah

dshah
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 16 October 2013 - 09:05 AM

I downloaded WOT and Noscript. Since I have these two add-ons in Firefox, I enabled my Javascript. Is that fine? Also, what do you want me to save to my desktop and post contents. I don't know which program you want me to download.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users