easylife app

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jthompsonjr

Thread Starter
Joined
Nov 19, 2006
Messages
108
First of all, many thanks in advance for looking at this.

Symptoms
I have noticed more pop-ups lately (I normally use Firefox and usually don't get a lot of pop-up ads).
On many webpages, random words are showing as hyperlinks and when I put my mouse on the link an advertisement shows up.
When I open internet explorer, my Microsoft Security Essentials shows a FastSave App adware and even though I delete it every time, it keeps coming back. Here is the file:

file:C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3APVGCHT\fs[1].js

I ran a complete scan with Microsoft Security Essentials and Malwarebytes Antimalware with neither finding any issues.


HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:59:33 AM, on 1/20/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Users\john\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files (x86)\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Browse2save - {E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B} - C:\ProgramData\Browse2save\50d245f133d9f.ocx
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN24P5626J05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
O4 - Startup: Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/activex/COPPDetector.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9ede193da3c50) (gupdate1c9ede193da3c50) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14656 bytes


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2008 5:34:35 AM
System Uptime: 1/19/2013 6:44:37 PM (18 hours ago)
.
Motherboard: Hewlett-Packard | | 30F4
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | CPU | 1600/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 141.32 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.873 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: HP Photosmart C4700
Device ID: ROOT\IMAGE\0000
Manufacturer: Hewlett-Packard
Name: HP Photosmart C4700
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CP2025dn
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP2025dn
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 4000 Series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 4050 Series
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4050 Series
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4200
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4200
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4200
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4200
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 6510 series
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: HP
Name: Photosmart 6510 series
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4200
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4200
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
AAC Decoder
Acrobat.com
Adobe After Effects 7.0
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe ExtendScript Toolkit 1.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.0
Adobe Photoshop CS
Adobe Photoshop Elements 6.0
Adobe Reader 9.5.2
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Agere Systems HDA Modem
AIM 6
Air Mouse Server
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
Blackboard IM 4.0.1-C
Bonjour
Browse2save
BufferChm
C4700
CamStudio
Cards_Calendar_OrderGift_DoMorePlugout
CCScore
CleanUp!
Codec Pack - All In 1 6.0.3.0
Color Finesse
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink YouCam
Cycore FX 1.0.1 for After Effects
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DNA
Doxillion Document Converter
eBook: Marketing Education Study Guide
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Facebook Plug-In
FileZilla Client 3.1.6
FirstClass® Client
GIMP 2.6.7
Google Chrome
Google Earth
Google SketchUp 8
Google Update Helper
Google Updater
GPBaseService2
GPL Ghostscript 8.63
H.264 Decoder
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HotPotatoes v 6.3.0.4
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Doc Viewer
HP Help and Support
HP Imaging Device Functions 13.0
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photo Creations
HP Photosmart 6510 series Basic Device Software
HP Photosmart 6510 series Help
HP Photosmart 6510 series Product Improvement Study
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
HP Photosmart Essential 2.5
HP Print Projects 1.0
HP Quick Launch Buttons 6.40 D3
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0103
HP Wireless Assistant
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
hpPrintProjects
HPProductAssistant
HPSSupply
HPTCSSetup
hpWLPGInstaller
IDT Audio
ImTOO DVD Ripper Platinum 5
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Jing
JMicron JMB38X Flash Media Controller
Keylight 1.1v1 for After Effects 7.0
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LabelPrint
LAME v3.98.2 for Audacity
LightScribe System Software 1.12.33.2
LightScribe Template Labeler
Logitech Harmony Remote Software
Logitech Vid HD
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2000 SR-1 Professional
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MKV Splitter
MobileMe Control Panel
Monkey Merge
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 14.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
netbrdg
Network64
Notifier
NVIDIA Drivers
OfotoXMI
OJOsoft Total Video Converter
OpenOffice.org 3.0
Oracle JInitiator 1.3.1.28
PCDADDIN
PCDHELP
PDFCreator
PDFill PDF Editor with FREE PDF Writer and Tools
pdfsam
PhotoNow!
PixiePack Codec Pack
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
PS_AIO_06_C4700_SW_Min
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
SFR
SHASTA
Shop for HP Supplies
SKIN0001
SKINXSDK
Skype Toolbars
Skype™ 5.10
Slingbox Flash Tour
SlingPlayer
SmartWebPrinting
SolutionCenter
staticcr
Status
Synaptics Pointing Device Driver
Teachertube Video Downloader 3.13
Toolbox
tooltips
TrayApp
Tunebite
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Vista Codec Package
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.0.3
VPRINTOL
WebEx
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinSCP
WIRELESS
Wisdom-soft ScreenHunter 5.0 Free
Yahoo! Messenger
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_31
Run by john at 12:00:06 on 2013-01-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1417 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Photosmart 6510 series\bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://search.easylifeapp.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files (x86)\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Browse2save Class: {E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B} - C:\ProgramData\Browse2save\50d245f133d9f.ocx
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Aim6] <no file>
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\john\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} - hxxps://drm.bittorrent.com/activex/COPPDetector.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8F5BB565-6DF2-4875-B406-B92AC47A99CE} : DHCPNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
TCP: Interfaces\{F7787392-20A7-48D8-BBE3-5F50AEADFE43} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs=
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?q=
FF - prefs.js: browser.startup.homepage - hxxp://www.charlotteobserver.com/
FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?q=
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPJinit13128.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Users\john\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\john\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\john\Program Files (x86)\DNA\plugins\npbtdna.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2012-12-19 17:55; [email protected]; C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2009-06-23 12:58; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2009-08-26 21:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-7-21 52856]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [2008-6-27 89088]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 28464]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-23 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-1-18 682344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-6-5 341328]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-6-5 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-4-11 125328]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-6-22 24176]
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\System32\drivers\NETw5v64.sys [2008-7-21 4730368]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9ede193da3c50;Google Update Service (gupdate1c9ede193da3c50);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-15 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-13 89920]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-01-09 08:03:27 67599240 ----a-w- C:\Windows\System32\mrt.exe
2013-01-09 04:08:52 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 04:08:52 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-04 13:23:30 5724160 ----a-w- C:\Windows\System32\mshtml.dll
2013-01-04 13:03:12 3620864 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-23 01:54:35 2770432 ----a-w- C:\Windows\System32\win32k.sys
2012-11-22 04:22:38 456192 ----a-w- C:\Windows\System32\shlwapi.dll
2012-11-22 03:54:36 353280 ----a-w- C:\Windows\SysWow64\shlwapi.dll
2012-11-20 04:22:50 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-20 04:21:04 253952 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-10 02:08:38 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-10 01:48:26 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-02 10:47:16 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-02 10:47:16 1794560 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
2012-11-02 10:19:34 1400832 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-02 10:19:33 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
2012-10-27 04:26:19 1032192 ----a-w- C:\Windows\System32\wininet.dll
2012-10-27 04:26:05 1428992 ----a-w- C:\Windows\System32\urlmon.dll
2012-10-27 04:26:05 108544 ----a-w- C:\Windows\System32\url.dll
2012-10-27 04:24:27 1129984 ----a-w- C:\Windows\System32\mstime.dll
2012-10-27 04:24:15 761344 ----a-w- C:\Windows\System32\mshtmled.dll
2012-10-27 04:24:15 623616 ----a-w- C:\Windows\System32\msfeeds.dll
2012-10-27 04:23:44 32256 ----a-w- C:\Windows\System32\jsproxy.dll
2012-10-27 04:23:32 7050752 ----a-w- C:\Windows\System32\ieframe.dll
2012-10-27 04:23:32 375808 ----a-w- C:\Windows\System32\iertutil.dll
2012-10-27 04:23:32 249856 ----a-w- C:\Windows\System32\iepeers.dll
2012-10-27 04:23:32 224768 ----a-w- C:\Windows\System32\ieui.dll
2012-10-27 04:23:31 422400 ----a-w- C:\Windows\System32\ieapfltr.dll
2012-10-27 03:52:52 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-27 03:52:43 1176576 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-10-27 03:52:43 106496 ----a-w- C:\Windows\SysWow64\url.dll
2012-10-27 03:51:30 671232 ----a-w- C:\Windows\SysWow64\mstime.dll
2012-10-27 03:51:18 479232 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-10-27 03:51:17 498688 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-10-27 03:50:53 27648 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-10-27 03:50:41 6118400 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-10-27 03:50:41 380928 ----a-w- C:\Windows\SysWow64\ieapfltr.dll
2012-10-27 03:50:41 270336 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-10-27 03:50:41 193024 ----a-w- C:\Windows\SysWow64\iepeers.dll
2012-10-27 03:50:41 180736 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-10-27 03:00:43 485376 ----a-w- C:\Windows\System32\html.iec
2012-10-27 02:14:21 389632 ----a-w- C:\Windows\SysWow64\html.iec
2003-03-21 17:45:22 250544 ----a-w- C:\Program Files (x86)\Common Files\keyhelp.ocx
.
============= FINISH: 12:00:49.11 ===============


GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-20 18:48:52
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011C 298.09GB
Running: 29fk6m7x.exe; Driver: C:\Users\john\AppData\Local\Temp\kxldypog.sys


---- User code sections - GMER 2.0 ----

.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000771e9475 8 bytes {MOV EDX, 0xb03a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 00000000771e947f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 00000000771e94ed 8 bytes {MOV EDX, 0xb01a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 00000000771e94f7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 00000000771e95f5 8 bytes {MOV EDX, 0xb0168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 00000000771e95ff 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000771e969d 8 bytes {MOV EDX, 0xb03e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 00000000771e96a7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000771e96cd 8 bytes {MOV EDX, 0xb0328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 00000000771e96d7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000771e96e5 8 bytes {MOV EDX, 0xb0128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 00000000771e96ef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000771e96fd 8 bytes {MOV EDX, 0xb04a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 00000000771e9707 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000771e972d 8 bytes {MOV EDX, 0xb04e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 00000000771e9737 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000771e97a5 8 bytes {MOV EDX, 0xb0468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 00000000771e97af 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000771e97bd 8 bytes {MOV EDX, 0xb0428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 00000000771e97c7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000771e9805 8 bytes {MOV EDX, 0xb0068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 00000000771e980f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 00000000771e9865 8 bytes {MOV EDX, 0xb02a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 00000000771e986f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000771e98f5 8 bytes {MOV EDX, 0xb00a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 00000000771e98ff 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 00000000771e9a2d 8 bytes {MOV EDX, 0xb0268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 00000000771e9a37 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771e9b35 8 bytes {MOV EDX, 0xb0028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000771e9b3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 00000000771ea20d 8 bytes {MOV EDX, 0xb0228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 00000000771ea217 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 00000000771ea9fd 8 bytes {MOV EDX, 0xb01e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 00000000771eaa07 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771eaa45 8 bytes {MOV EDX, 0xb0368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000771eaa4f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000771eaabd 8 bytes {MOV EDX, 0xb02e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000771eaac7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000771eacb5 8 bytes {MOV EDX, 0xb00e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000771eacbf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075710c0f 5 bytes JMP 00000001000100b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075710c44 5 bytes JMP 00000001000100f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\kernel32.dll!CreateEventW 0000000075711b2d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\kernel32.dll!OpenEventW 000000007571f0c5 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000076024a48 5 bytes JMP 00000001000c01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000076024c6a 5 bytes JMP 00000001000c03b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000076024d90 5 bytes JMP 00000001000c05f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000076024f32 5 bytes JMP 00000001000c0a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000076024fdd 5 bytes JMP 00000001000c08f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000760252e2 5 bytes JMP 00000001000c0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000076025dfe 5 bytes JMP 00000001000c06b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000076025f04 5 bytes JMP 00000001000c0370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000076026513 5 bytes JMP 00000001000c0570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000760265da 5 bytes JMP 00000001000c0530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000076026700 5 bytes JMP 00000001000c0770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000076026d9c 5 bytes JMP 00000001000c0d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetTextAlign 000000007602705b 5 bytes JMP 00000001000c09f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000760271f5 5 bytes JMP 00000001000c0470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!Rectangle 000000007602746b 5 bytes JMP 00000001000c09b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000760277c7 5 bytes JMP 00000001000c02f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000076027911 5 bytes JMP 00000001000c05b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000076027a2c 1 byte JMP 00000001000c0e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW + 2 0000000076027a2e 3 bytes {JMP 0xffffffff8a099404}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000076027b87 5 bytes JMP 00000001000c03f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076027c12 5 bytes JMP 00000001000c0970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000076028063 5 bytes JMP 00000001000c0330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000760284ff 5 bytes JMP 00000001000c0db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 000000007602984a 5 bytes JMP 00000001000c0d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000076029dcd 5 bytes JMP 00000001000c0c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 000000007602a1f3 5 bytes JMP 00000001000c06f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 000000007602a4dc 5 bytes JMP 00000001000c0670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!LineTo 000000007602aafd 5 bytes JMP 00000001000c0430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 000000007602b122 5 bytes JMP 00000001000c0df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!CreateICW 000000007602dea1 5 bytes JMP 00000001000c0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007602e111 5 bytes JMP 00000001000c00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!CreateDCA 000000007602e1cd 5 bytes JMP 00000001000c00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 000000007602f1d6 5 bytes JMP 00000001000c0cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007602f4e2 5 bytes JMP 00000001000c0930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 000000007602fb42 5 bytes JMP 00000001000c0630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000076031551 5 bytes JMP 00000001000c02b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!Escape 0000000076031c25 5 bytes JMP 00000001000c0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000760321ca 5 bytes JMP 00000001000c0ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!EndPage 0000000076032825 5 bytes JMP 00000001000c0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000076035212 5 bytes JMP 00000001000c0b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000760353e0 5 bytes JMP 00000001000c0b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 0000000076049bcf 5 bytes JMP 00000001000c0cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 000000007604c02b 5 bytes JMP 00000001000c0bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007604c432 5 bytes JMP 00000001000c0bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 000000007604c8c9 5 bytes JMP 00000001000c0c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076052501 5 bytes JMP 00000001000c0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!EndDoc 000000007605291b 5 bytes JMP 00000001000c01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!StartPage 0000000076052a0c 5 bytes JMP 00000001000c0730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076053536 5 bytes JMP 00000001000c07f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!BeginPath 0000000076053ced 5 bytes JMP 00000001000c0830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076053d44 5 bytes JMP 00000001000c0af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!CloseFigure 0000000076053d9f 5 bytes JMP 00000001000c0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076053df6 5 bytes JMP 00000001000c0a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007605402e 5 bytes JMP 00000001000c07b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!FillPath 00000000760540c0 5 bytes JMP 00000001000c0870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!PolylineTo 000000007605452d 5 bytes JMP 00000001000c04f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000760545bd 5 bytes JMP 00000001000c04b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\GDI32.dll!PolyDraw 000000007605466e 5 bytes JMP 00000001000c08b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClientRect 000000007596840d 7 bytes JMP 00000001000d05b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007596920b 7 bytes JMP 00000001000d0670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000075969434 7 bytes JMP 00000001000d06b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetTopWindow 000000007596973b 7 bytes JMP 00000001000d0730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075969c90 5 bytes JMP 00000001000d05f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 000000007596a2a0 5 bytes JMP 00000001000d02f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 000000007596a71a 5 bytes JMP 00000001000d02b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetParent 000000007596bebb 7 bytes JMP 00000001000d06f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!SetCursor 000000007596c153 5 bytes JMP 00000001000d0530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!MapWindowPoints 000000007596c657 5 bytes JMP 00000001000d0570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007596ec54 5 bytes JMP 00000001000d04b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007596eca3 5 bytes JMP 00000001000d0430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 000000007596f09d 7 bytes JMP 00000001000d0630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000075972152 5 bytes JMP 00000001000d00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 000000007597216f 5 bytes JMP 00000001000d0330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000759722f3 5 bytes JMP 00000001000d00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!OpenClipboard 000000007597230e 5 bytes JMP 00000001000d0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007597254d 5 bytes JMP 00000001000d03f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000075972568 5 bytes JMP 00000001000d01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000075972583 5 bytes JMP 00000001000d01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000075972620 5 bytes JMP 00000001000d0370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000075972776 5 bytes JMP 00000001000d0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!EmptyClipboard 000000007598727e 5 bytes JMP 00000001000d0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075987299 5 bytes JMP 00000001000d0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 000000007598741f 5 bytes JMP 00000001000d0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000759874bc 5 bytes JMP 00000001000d0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000759a2a58 5 bytes JMP 00000001000d0770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000759c5c8c 5 bytes JMP 00000001000d04f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000759c5f95 5 bytes JMP 00000001000d0470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000759c610c 5 bytes JMP 00000001000d03b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!FreeContextBuffer 0000000075331a93 5 bytes JMP 00000001000e00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!DeleteSecurityContext 0000000075331c28 5 bytes JMP 00000001000e0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!FreeCredentialsHandle 00000000753322ea 5 bytes JMP 00000001000e0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!EncryptMessage 000000007533333b 5 bytes JMP 00000001000e01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!DecryptMessage 0000000075333409 5 bytes JMP 00000001000e0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!InitializeSecurityContextA 0000000075335f09 5 bytes JMP 00000001000e0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!AcquireCredentialsHandleA 0000000075336021 5 bytes JMP 00000001000e0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!QueryContextAttributesA 00000000753363d9 5 bytes JMP 00000001000e0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!ApplyControlToken 000000007533ddc0 5 bytes JMP 00000001000e01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\Secur32.dll!QueryCredentialsAttributesA 000000007533dfc3 5 bytes JMP 00000001000e00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000075b174c9 5 bytes JMP 00000001001000b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075b411e3 5 bytes JMP 0000000100100030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3344] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000075b4a8f9 5 bytes JMP 0000000100100070

---- Threads - GMER 2.0 ----

Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4860] 000000006a5e6314
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:1088] 000000006a5e539b
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2500] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3132] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:5052] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4912] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4124] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3656] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2972] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2964] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2776] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4524] 0000000075493402
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4904] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4240] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3272] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3516] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4648] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4676] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2616] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4536] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3472] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3164] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4740] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4692] 00000000771ddd19
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3992] 000000007726810d
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3796] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4584] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:552] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4116] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4444] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2488] 0000000074ba13dd
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:3336] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:5004] 0000000075146488
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:2440] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:508] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4852] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4272] 000000006d48c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4580] 0000000075493402
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5084:4420] 0000000075ae57e9
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:1516] 000000006a5e539b
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:3916] 000000006e53eb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:3464] 000000006e53eb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:3100] 00000000771ddd19
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:2152] 000000007726810d
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:1092] 000000006e53eb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [3828:3276] 000000006e53eb50

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021862eae76
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0021862eae76 (not active ControlSet)

---- Disk sectors - GMER 2.0 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.0 ----
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Please download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept


  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan


  • When the scan completes select Report, copy and paste that to your reply.


  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Post thos two logs...

Kevin
 

jthompsonjr

Thread Starter
Joined
Nov 19, 2006
Messages
108
Thanks Kevin.

I ran the ADWcleaner and have posted the scan below.

I tried to run RougeKiller and it ran the prescan ok, but after checking the appropriate boxes and trying to run the scan, it stopped immediately closed out with a "a problem caused the program to stop working correctly" windows error. I tried reinstalling it twice, same error both times I tried to run it.

Here is the AdwCleaner log. Let me know what I can try next, and thanks again.

# AdwCleaner v2.109 - Logfile created 01/30/2013 at 18:39:07
# Updated 26/01/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : john - JOHN-PC
# Boot Mode : Normal
# Running from : C:\Users\john\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\clickpotatolite
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}
Deleted on reboot : C:\Program Files (x86)\QuestBrwSearch
Deleted on reboot : C:\Program Files (x86)\ShopperReports3
Deleted on reboot : C:\ProgramData\Browse2save
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports
Deleted on reboot : C:\ProgramData\QuestBrwSearch
Deleted on reboot : C:\ProgramData\Viewpoint
Deleted on reboot : C:\Users\john\AppData\Local\Ilivid Player
Deleted on reboot : C:\Users\john\AppData\LocalLow\Billeo
Deleted on reboot : C:\Users\john\AppData\LocalLow\Browse2save
Deleted on reboot : C:\Users\john\AppData\Roaming\clickpotatolite
Deleted on reboot : C:\Users\john\AppData\Roaming\ShopperReports3
Deleted on reboot : C:\Users\john\Documents\Billeo
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ShopperReports3
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\clickpotatolitesa
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\prefs.js

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extensions.50d245f133cc8.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v24.0.1312.56

File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6696 octets] - [30/01/2013 18:39:07]

########## EOF - C:\AdwCleaner[S1].txt - [6756 octets] ##########
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
OK, run the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
 

jthompsonjr

Thread Starter
Joined
Nov 19, 2006
Messages
108
Here you go-- thanks!

ComboFix 13-02-01.04 - john 02/01/2013 17:26:14.1.2 - x64
Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.4093.1901 [GMT -5:00]
Running from: c:\users\john\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\ClickPotatoLite
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
c:\program files (x86)\QuestBrwSearch
c:\program files (x86)\ShopperReports3
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports
c:\programdata\QuestBrwSearch
c:\users\john\Desktop\Malware Protection.lnk
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-01 to 2013-02-01 )))))))))))))))))))))))))))))))
.
.
2013-02-01 22:38 . 2013-02-01 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-30 23:45 . 2013-01-30 23:45 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DDC1344-2362-4FDB-823D-E6563DD46DDE}\offreg.dll
2013-01-30 23:39 . 2013-01-30 23:39 1065 ----a-w- c:\windows\DeleteOnReboot.bat
2013-01-30 04:22 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DDC1344-2362-4FDB-823D-E6563DD46DDE}\mpengine.dll
2013-01-27 13:43 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-15 00:11 . 2013-01-04 13:23 5724160 ----a-w- c:\windows\system32\mshtml.dll
2013-01-09 03:52 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 03:52 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 03:52 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 03:52 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 03:52 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 03:52 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 03:52 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 03:52 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 08:03 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2013-01-09 04:08 . 2012-07-18 17:24 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 04:08 . 2011-09-25 18:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 13:31 . 2012-12-21 08:01 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-21 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-21 08:01 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-21 08:01 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-14 21:49 . 2010-06-22 11:05 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-29 04:49 . 2012-11-29 04:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89924997-F60F-46B9-909B-F606D5A1379C}\gapaengine.dll
2012-11-23 03:04 . 2010-06-24 16:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-13 01:45 . 2012-12-12 03:54 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 03:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-10 02:08 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-10 01:48 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
2003-03-21 17:45 . 2012-08-08 01:39 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B}]
2012-12-19 22:55 129024 ----a-w- c:\programdata\Browse2save\50d245f133d9f.ocx
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 46592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [2008-06-28 89088]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 20:45 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 19:04 8192 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 04:08]
.
2013-01-20 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2013-01-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 16:33]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
.
2013-02-01 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-02-01 c:\windows\Tasks\User_Feed_Synchronization-{8DD6215D-887E-4C98-B8E5-1354DABD8D26}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-15 444416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 15844384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 82464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://search.easylifeapp.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} - hxxps://drm.bittorrent.com/activex/COPPDetector.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?q=
FF - prefs.js: browser.startup.homepage - hxxp://www.charlotteobserver.com/
FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?q=
FF - ExtSQL: 2012-12-19 17:55; [email protected]; c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2009-06-23 12:58; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2009-08-26 21:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Aim6 - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-HijackThis - c:\program files (x86)\Trend Micro\HijackThis\HijackThis.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0010)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-02-01 17:41:23
ComboFix-quarantined-files.txt 2013-02-01 22:41
.
Pre-Run: 149,281,456,128 bytes free
Post-Run: 149,971,009,536 bytes free
.
- - End Of File - - EA9C02886478E491791FC6D20ACF85F9
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
ClearJavaCache::
Folder::
c:\programdata\Browse2save
Files::
c:\program files (x86)\Common Files\keyhelp.ocx
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B}]
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program
copy and paste the report here

Next,

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those logs, let me know if there are any remaining issues or concerns...

Kevin...
 

jthompsonjr

Thread Starter
Joined
Nov 19, 2006
Messages
108
Thanks!

C:\Qoobox\Quarantine\C\ProgramData\Browse2save\50d245f133d9f.ocx.vir Win32/Adware.MultiPlug.D application
C:\Qoobox\Quarantine\C\ProgramData\Browse2save\50d245f133dd7.html.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\ProgramData\Browse2save\fbdgppmpckoccnmiokeealgedplkpkii.crx.vir Win32/Adware.MultiPlug.H application
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdgppmpckoccnmiokeealgedplkpkii\3.8_0\50d245f133b859.25718434.js Win32/Adware.MultiPlug.H application
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application






Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.70.0.1100
HijackThis 2.0.2
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (18.0.1)
Mozilla Thunderbird 14.0. Thunderbird out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 

jthompsonjr

Thread Starter
Joined
Nov 19, 2006
Messages
108
I've still got random hyperlinks showing up on any web page I view. A little popup window comes up when you mouse over it, and if you click it takes you to some type of spam page like "pricedazzler" or something like that.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Where is Combofix log? Also can you post a screen shot of the following as it happens:

I've still got random hyperlinks showing up on any web page I view. A little popup window comes up when you mouse over it, and if you click it takes you to some type of spam page like "pricedazzler" or something like that.
 

jthompsonjr

Thread Starter
Joined
Nov 19, 2006
Messages
108
ComboFix 13-02-01.04 - john 02/02/2013 10:55:29.2.2 - x64
Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.4093.2057 [GMT -5:00]
Running from: c:\users\john\Desktop\ComboFix.exe
Command switches used :: c:\users\john\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Browse2save
c:\programdata\Browse2save\50d245f133d9f.ocx
c:\programdata\Browse2save\50d245f133dd7.html
c:\programdata\Browse2save\50d245f133e10.js
c:\programdata\Browse2save\fbdgppmpckoccnmiokeealgedplkpkii.crx
c:\programdata\Browse2save\settings.ini
c:\programdata\Browse2save\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-02 16:05 . 2013-02-02 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-02 04:19 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22240227-A262-490E-ADDA-F6076F8D9F99}\mpengine.dll
2013-02-01 22:43 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-30 23:39 . 2013-01-30 23:39 1065 ----a-w- c:\windows\DeleteOnReboot.bat
2013-01-15 00:11 . 2013-01-04 13:23 5724160 ----a-w- c:\windows\system32\mshtml.dll
2013-01-09 03:52 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 03:52 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 03:52 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 03:52 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 03:52 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 03:52 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 03:52 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 03:52 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2009-10-03 11:14 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 08:03 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2013-01-09 04:08 . 2012-07-18 17:24 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 04:08 . 2011-09-25 18:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 13:31 . 2012-12-21 08:01 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-21 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-21 08:01 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-21 08:01 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-14 21:49 . 2010-06-22 11:05 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-29 04:49 . 2012-11-29 04:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89924997-F60F-46B9-909B-F606D5A1379C}\gapaengine.dll
2012-11-23 03:04 . 2010-06-24 16:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-13 01:45 . 2012-12-12 03:54 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 03:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-10 02:08 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-10 01:48 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
2003-03-21 17:45 . 2012-08-08 01:39 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 46592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [2008-06-28 89088]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 04:07 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 19:04 8192 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 04:08]
.
2013-01-20 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2013-01-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 16:33]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
.
2013-02-02 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-02-01 c:\windows\Tasks\User_Feed_Synchronization-{8DD6215D-887E-4C98-B8E5-1354DABD8D26}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-15 444416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 15844384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 82464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://search.easylifeapp.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} - hxxps://drm.bittorrent.com/activex/COPPDetector.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?q=
FF - prefs.js: browser.startup.homepage - hxxp://www.charlotteobserver.com/
FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?q=
FF - ExtSQL: 2012-12-19 17:55; [email protected]; c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2009-06-23 12:58; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2009-08-26 21:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B} - c:\programdata\Browse2save\50d245f133d9f.ocx
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-HijackThis - c:\program files (x86)\Trend Micro\HijackThis\HijackThis.exe
AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browse2save\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0010)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-02-02 11:07:58
ComboFix-quarantined-files.txt 2013-02-02 16:07
ComboFix2.txt 2013-02-01 22:41
.
Pre-Run: 149,322,416,128 bytes free
Post-Run: 149,316,870,144 bytes free
.
- - End Of File - - E61672E2A1A5DB528E8688D4E7B379CF
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Run the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
ClearJavaCache::
File::
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdgppmpckoccnmiokeealgedplkpkii\3.8_0\50d245f133b8 59.25718434.js
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]\content\bg.js 
DDS::
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://search.easylifeapp.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} - hxxps://drm.bittorrent.com/activex/COPPDetector.cab
Firefox::
FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?q=
FF - prefs.js: browser.startup.homepage - hxxp://www.charlotteobserver.com/
FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?q=
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from one of the following links and save it to your desktop.:


http://www.malwarebytes.org/mbam.php
http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post both logs, give update on current issues/concerns..

Kevin
 

jthompsonjr

Thread Starter
Joined
Nov 19, 2006
Messages
108
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.03.11

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
john :: JOHN-PC [administrator]

Protection: Disabled

2/3/2013 6:37:38 PM
mbam-log-2013-02-03 (18-37-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220946
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ComboFix 13-02-01.04 - john 02/03/2013 18:12:51.3.2 - x64
Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.4093.1643 [GMT -5:00]
Running from: c:\users\john\Desktop\ComboFix.exe
Command switches used :: c:\users\john\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdgppmpckoccnmiokeealgedplkpkii\3.8_0\50d245f133b8 59.25718434.js"
"c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]\content\bg.js"
.
.
((((((((((((((((((((((((( Files Created from 2013-01-03 to 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-03 23:21 . 2013-02-03 23:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 19:44 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E15BD103-5E1B-4AB6-8577-C377E6431F0F}\mpengine.dll
2013-02-02 22:10 . 2013-02-02 22:10 -------- d-----w- c:\program files (x86)\ESET
2013-02-02 04:19 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-30 23:39 . 2013-01-30 23:39 1065 ----a-w- c:\windows\DeleteOnReboot.bat
2013-01-15 00:11 . 2013-01-04 13:23 5724160 ----a-w- c:\windows\system32\mshtml.dll
2013-01-09 03:52 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 03:52 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 03:52 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 03:52 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 03:52 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 03:52 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 03:52 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 03:52 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2009-10-03 11:14 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 08:03 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2013-01-09 04:08 . 2012-07-18 17:24 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 04:08 . 2011-09-25 18:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 13:31 . 2012-12-21 08:01 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-21 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-21 08:01 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-21 08:01 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-14 21:49 . 2010-06-22 11:05 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-29 04:49 . 2012-11-29 04:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89924997-F60F-46B9-909B-F606D5A1379C}\gapaengine.dll
2012-11-23 03:04 . 2010-06-24 16:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-13 01:45 . 2012-12-12 03:54 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 03:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-10 02:08 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-10 01:48 . 2012-12-12 03:55 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
2003-03-21 17:45 . 2012-08-08 01:39 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E7EAECB9-E20E-A5A5-15EE-183F6BB71D4B}]
c:\programdata\Browse2save\50d245f133d9f.ocx [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 46592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [2008-06-28 89088]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 04:07 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 19:04 8192 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 04:08]
.
2013-02-03 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2013-02-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 16:33]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 17:48]
.
2013-02-03 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-02-02 c:\windows\Tasks\User_Feed_Synchronization-{8DD6215D-887E-4C98-B8E5-1354DABD8D26}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-15 444416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 15844384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 82464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.easylifeapp.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} - hxxps://drm.bittorrent.com/activex/COPPDetector.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\
FF - ExtSQL: 2012-12-19 17:55; [email protected]; c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\b0fcbvx8.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2009-06-23 12:58; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2009-08-26 21:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-HijackThis - c:\program files (x86)\Trend Micro\HijackThis\HijackThis.exe
AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browse2save\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0010)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-02-03 18:24:41
ComboFix-quarantined-files.txt 2013-02-03 23:24
ComboFix2.txt 2013-02-02 16:08
ComboFix3.txt 2013-02-01 22:41
.
Pre-Run: 151,037,857,792 bytes free
Post-Run: 150,993,289,216 bytes free
.
- - End Of File - - 2F380BD63406D98D2A4B7106DAE13F84
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top