1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help--ComboFix Log Report

Discussion in 'Virus & Other Malware Removal' started by Logical2100, Dec 20, 2012.

Thread Status:
Not open for further replies.
  1. Logical2100

    Logical2100 Thread Starter

    Joined:
    Dec 20, 2012
    Messages:
    1
    Hi,

    I recently received a few notifications from McAfee stating that they detected a Trojan call Zeroaccess.hi and it continuously prompted me to restart, and after doing so, it didn't do anything. It constantly gave me the message. I found a thread on the site and it told to turn off McAfee and to download a scan called ComboFix and to let it run. I'd like to know what this all means and what's going on. Here's the log report:

    ----------------------------------------------------------------------------------------------------

    ComboFix 12-12-20.02 - Admin 12/20/2012 19:58:45.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2056 [GMT -6:00]
    Running from: c:\users\Admin\Downloads\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\Admin\AppData\Roaming\OneTab\OnETab.dll
    c:\users\Admin\Documents\~WRL0003.tmp
    c:\windows\amcdr.dll
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\assembly\temp\cfg.ini
    c:\windows\es.exe
    c:\windows\pthreadGC2.dll
    c:\windows\system32\consrv.dll
    c:\windows\System64
    c:\windows\vmdcr.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-21 02:14 . 2012-12-21 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-20 01:10 . 2012-05-28 16:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    2012-12-16 19:22 . 2012-11-09 12:37 177680 ----a-w- c:\windows\system32\mfevtps.exe
    2012-12-16 19:22 . 2012-11-09 12:37 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-12-16 19:22 . 2012-11-09 12:35 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-12-16 19:19 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-12-16 19:19 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-12-16 17:46 . 2012-12-16 19:25 -------- d-----w- c:\program files (x86)\SiteAdvisor
    2012-12-16 17:43 . 2012-12-20 01:09 -------- d-----w- c:\program files (x86)\Common Files\McAfee
    2012-12-16 17:43 . 2012-12-20 02:50 -------- d-----w- c:\program files\Common Files\McAfee
    2012-12-16 17:43 . 2012-12-21 01:49 -------- d-----w- c:\program files\McAfee
    2012-12-16 17:43 . 2012-12-17 13:08 -------- d-----w- c:\program files (x86)\McAfee
    2012-12-14 01:03 . 2012-12-14 01:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-12-13 10:28 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-12-13 10:28 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2012-12-13 10:28 . 2012-09-06 17:38 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2012-12-07 06:09 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFD8AE88-079A-4F85-A504-7DAA4BCA7B53}\mpengine.dll
    2012-12-06 03:26 . 2012-12-06 06:56 -------- d-----w- c:\program files (x86)\hpmonitor
    2012-12-06 03:25 . 2012-12-06 03:25 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2012-12-06 03:25 . 2012-12-06 03:25 -------- d-----w- c:\program files (x86)\TGF Interactive
    2012-12-06 03:24 . 2012-12-06 03:26 -------- d-----w- c:\program files (x86)\proXPN
    2012-12-03 05:14 . 2012-12-03 05:14 -------- d-----w- c:\users\Admin\AppData\Roaming\MultiClockPackages
    2012-11-29 05:24 . 2012-12-14 00:37 -------- d-----w- c:\program files (x86)\TornTV.com
    2012-11-29 03:51 . 2012-12-16 20:54 -------- d-----w- c:\programdata\McAfee Security Scan
    2012-11-29 03:50 . 2012-12-05 04:01 -------- d-----w- c:\program files (x86)\McAfee Security Scan
    2012-11-26 03:33 . 2012-11-26 03:33 -------- d-----w- C:\Programs
    2012-11-26 03:32 . 2012-11-26 03:32 -------- d-----w- C:\O
    2012-11-23 21:01 . 2012-11-23 21:01 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-11-23 21:00 . 2012-11-23 21:00 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-23 03:33 . 2012-11-23 03:33 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-21 02:18 . 2012-12-21 02:18 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFD8AE88-079A-4F85-A504-7DAA4BCA7B53}\offreg.dll
    2012-12-16 22:04 . 2011-05-04 20:07 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-12-13 10:50 . 2012-04-10 19:56 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-13 10:50 . 2011-06-09 12:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-23 21:00 . 2011-04-28 04:33 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-09 12:40 . 2012-11-09 12:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-11-09 12:34 . 2012-11-09 12:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-11-09 12:34 . 2012-11-09 12:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-11-09 12:33 . 2012-11-09 12:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-11-02 07:46 . 2012-11-02 07:46 97208 ----a-w- c:\windows\system32\drivers\mfencrk.sys
    2012-11-02 07:46 . 2012-11-02 07:46 328976 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
    2012-11-02 07:46 . 2012-11-02 07:46 10544 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
    2012-10-31 21:10 . 2012-10-31 21:10 829264 ----a-w- c:\windows\system32\msvcr100.dll
    2012-10-31 21:10 . 2012-10-31 21:10 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
    2012-10-31 21:10 . 2012-10-31 21:10 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
    2012-10-31 21:10 . 2012-10-31 21:10 158536 ----a-w- c:\windows\system32\atl100.dll
    2012-10-31 21:10 . 2012-10-31 21:10 138056 ----a-w- c:\windows\SysWow64\atl100.dll
    2012-10-26 06:42 . 2012-10-26 06:42 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2012-10-18 18:18 . 2012-11-16 01:05 3147264 ----a-w- c:\windows\system32\win32k(24).sys
    2012-10-16 21:20 . 2012-11-28 01:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 21:20 . 2012-11-28 01:11 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 20:34 . 2012-11-28 01:11 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-04 16:45 . 2012-12-13 10:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-09-25 22:39 . 2012-11-16 01:04 95744 ----a-w- c:\windows\system32\synceng.dll
    2012-09-25 21:55 . 2012-11-16 01:04 78336 ----a-w- c:\windows\SysWow64\synceng.dll
    2012-09-24 20:32 . 2012-08-28 00:38 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-09-12 20:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{709F3BE5-C718-4B6D-843C-95E8BE0E5E4A}]
    2012-09-21 22:11 42944 ----a-w- c:\program files (x86)\TGF Interactive\Genius Box\TGFInteractive.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-09 00:45 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9c34083-b7e7-4b13-ac98-a96cdd1c70c4}]
    2010-09-12 20:02 3863136 ----a-w- c:\program files (x86)\Hand_Immersion_Blender\tbHand.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
    "{e9c34083-b7e7-4b13-ac98-a96cdd1c70c4}"= "c:\program files (x86)\Hand_Immersion_Blender\tbHand.dll" [2010-09-12 3863136]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{e9c34083-b7e7-4b13-ac98-a96cdd1c70c4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
    "download beast"="c:\program files (x86)\Download Beast\DownloadBeast.exe" [2012-06-21 3891712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-02-06 296056]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320]
    "ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-10-26 1020512]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]
    "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    R2 0034291356054585mcinstcleanup;McAfee Application Installer Cleanup (0034291356054585);c:\windows\TEMP\003429~1.EXE [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-17 40448]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
    R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1255736]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-10-26 30568]
    S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 20056]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-03-03 89600]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-10-26 711112]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
    S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-02-01 7675392]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - CFWIDS
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 10:50]
    .
    2012-12-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1405520328-3872466781-694628743-1000Core.job
    - c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 15:35]
    .
    2012-12-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1405520328-3872466781-694628743-1000UA.job
    - c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 15:35]
    .
    2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 10:49]
    .
    2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 10:49]
    .
    2012-12-20 c:\windows\Tasks\ReclaimerUpdateFiles_Admin.job
    - c:\users\Admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-20 00:33]
    .
    2012-12-20 c:\windows\Tasks\ReclaimerUpdateXML_Admin.job
    - c:\users\Admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-20 00:33]
    .
    2012-12-21 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Admin.job
    - c:\users\Admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-20 00:33]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-17 323072]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-01 487424]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=2f1637a9-6e57-4437-bf2d-af1d3dee8de5&searchtype=hp
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=2f1637a9-6e57-4437-bf2d-af1d3dee8de5&searchtype=ds&q={searchTerms}
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - c:\users\Admin\AppData\Roaming\OneTab\OneTab.dll
    Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-1ClickDownload - c:\program files (x86)\TornTV.com\uninst.exe
    AddRemove-{EFDD7063-89FC-42E5-8C2E-817DDB04DCB0}}_is1 - c:\program files (x86)\Download Beast\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\SysWOW64\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-12-20 20:24:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-21 02:24
    .
    Pre-Run: 303,697,907,712 bytes free
    Post-Run: 315,447,418,880 bytes free
    .
    - - End Of File - - 0C0E5C780E4F6570598B8AE3DCE15768
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1081785

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice