1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unable to access certain sites; unable to download various upgrades...

Discussion in 'Virus & Other Malware Removal' started by CheshireProphet, Nov 23, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. CheshireProphet

    CheshireProphet Thread Starter

    Joined:
    Nov 23, 2012
    Messages:
    5
    Hello,

    Recently my computer has been progressively getting worse, or so it seems. At first all that I was limited on was going to a handful of sites that I tried (Facebook, Hotmail, Yahoo, etc...). Currently, I am having difficulties getting on more and more sites, sites that I had been recently able to get on. In my attempts to take care of the problem on my own I downloaded Malwarebytes, IObit Malwarefighter, and ran recovery manager to set my computer back to factory condition. I knew because I did the recovery that it was going to most likely not work so I saved files and documents I wanted to save on a thumb-drive. Malwarebytes and IObit claim to have found nothing but I can't seem to upgrade Malwarebytes as the program crashes when it scans for an update. Since I recovered my computer I cannot watch anything on Netflix (on any browser), and I still can't access any of the websites I was unable to. I went onto Wikihow and tried to reset my "hosts" file but it seems whatever I did could have just been more damaging than helpful, I am not quite sure. I am running Windows 7 as an operating system on an HP computer. I have looked at threads you have done or solved in the past and some of the solutions that worked for other posters did nothing to cure my problem. Thank you for reviewing my issue and if I need to post any more information to get things rolling just let me know.

    Nathaniel

    Logs Below:
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:56:16 PM, on 11/23/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16455)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Nathaniel\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8211 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455
    Run by Nathaniel at 12:58:50 on 2012-11-23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1436 [GMT -5:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{A05F6BCE-ED0A-4E3C-AFEA-96B9B0FC00E7} : DHCPNameServer = 192.168.0.1
    SSODL: WebCheck - <orphaned>
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys [2012-11-22 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys [2012-11-22 221304]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-11-6 1384608]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys [2012-11-22 593544]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121122.001\IDSviA64.sys [2012-11-22 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys [2012-11-22 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys [2012-11-22 451704]
    R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-11-20 821592]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-20 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-20 676936]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2012-11-22 126400]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-21 138912]
    R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-11-20 21384]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-20 25928]
    R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-11-20 33224]
    R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-11-20 21904]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-22 1255736]
    .
    =============== Created Last 30 ================
    .
    2012-11-23 06:01:20 -------- d-----w- C:\Users\Nathaniel\AppData\Local\CyberLink
    2012-11-23 06:01:19 -------- d-----w- C:\Users\Nathaniel\AppData\Local\PowerCinema
    2012-11-23 00:53:00 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2012-11-23 00:53:00 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2012-11-23 00:53:00 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2012-11-23 00:53:00 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2012-11-22 20:16:15 593544 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys
    2012-11-22 20:16:15 505392 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtsp64.sys
    2012-11-22 20:16:15 451704 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys
    2012-11-22 20:16:15 433200 ----a-r- C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys
    2012-11-22 20:16:15 32304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtspx64.sys
    2012-11-22 20:16:15 221304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys
    2012-11-22 20:16:15 150064 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys
    2012-11-22 20:16:05 -------- d-----w- C:\Windows\System32\drivers\NISx64\1109000.00C
    2012-11-22 14:41:08 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-11-22 14:41:08 -------- d-----w- C:\Windows\System32\Wat
    2012-11-22 14:12:02 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2012-11-22 14:12:02 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2012-11-22 08:52:44 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-22 08:52:43 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-11-22 08:52:43 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-22 08:52:43 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-22 08:24:10 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2012-11-22 08:24:10 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2012-11-22 08:24:10 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2012-11-22 08:24:10 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2012-11-22 08:24:10 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2012-11-22 08:24:10 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2012-11-22 08:24:10 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2012-11-22 08:24:10 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2012-11-22 08:24:10 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2012-11-22 08:24:10 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2012-11-22 08:10:28 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-22 08:10:28 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-22 08:10:28 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-22 08:10:28 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-22 08:10:27 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2012-11-22 08:10:27 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-22 08:10:27 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2012-11-22 08:06:29 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-11-22 08:06:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-11-22 08:06:29 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-11-22 08:06:29 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-11-22 08:06:29 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-11-22 08:01:06 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2012-11-21 17:54:02 -------- d-----w- C:\Users\Nathaniel\AppData\Roaming\HpUpdate
    2012-11-21 08:41:57 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2012-11-21 08:40:59 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-11-21 08:39:58 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-11-21 08:38:49 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2012-11-21 08:37:58 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2012-11-21 08:36:10 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-11-21 08:36:10 1462784 ----a-w- C:\Windows\System32\crypt32.dll
    2012-11-21 08:36:10 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-11-21 08:36:10 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-11-21 08:36:10 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-11-21 08:36:10 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-11-21 08:35:49 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-11-21 08:35:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-11-21 02:54:26 -------- d-----w- C:\Users\Nathaniel\AppData\Local\Google
    2012-11-21 02:53:59 -------- d-----w- C:\Users\Nathaniel\AppData\Local\Deployment
    2012-11-21 02:53:59 -------- d-----w- C:\Users\Nathaniel\AppData\Local\Apps
    2012-11-21 01:05:59 -------- d-----w- C:\Users\Nathaniel\AppData\Roaming\Malwarebytes
    2012-11-21 01:04:59 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-11-21 01:04:55 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-21 01:04:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-21 00:41:42 -------- d-----w- C:\ProgramData\IObit
    2012-11-21 00:41:41 -------- d-----w- C:\Users\Nathaniel\AppData\Roaming\IObit
    2012-11-21 00:41:37 -------- d-----w- C:\Program Files (x86)\IObit
    2012-11-20 17:36:36 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2012-11-20 17:30:38 139264 ----a-w- C:\Windows\System32\cabview.dll
    2012-11-20 17:30:38 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2012-11-20 17:30:37 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-11-20 17:30:37 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-11-20 17:30:37 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-11-20 17:28:35 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-11-20 17:28:34 -------- d-----w- C:\Program Files\Symantec
    2012-11-20 17:28:34 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2012-11-20 17:27:10 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-11-20 17:27:02 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-11-20 17:26:51 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-11-20 17:26:51 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-11-20 17:26:34 -------- d-----w- C:\Users\Nathaniel\AppData\Local\VirtualStore
    2012-11-20 17:23:44 -------- d-----w- C:\Users\Nathaniel\AppData\Local\Hewlett-Packard
    2012-11-20 12:53:49 -------- d-----w- C:\ProgramData\Recovery
    .
    ==================== Find3M ====================
    .
    2012-10-18 18:18:22 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-09-25 22:39:14 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-09-25 21:55:17 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    .
    ============= FINISH: 12:59:30.87 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/20/2012 12:22:06 PM
    System Uptime: 11/23/2012 3:22:22 AM (9 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | NARRA5
    Processor: AMD Sempron(tm) 140 Processor | Socket AM2 | 2700/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 255.316 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.583 GiB free.
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 11/20/2012 12:26:39 PM - Windows Update
    RP2: 11/20/2012 12:30:39 PM - Windows Update
    RP3: 11/21/2012 10:48:40 AM - Scripted restore
    RP4: 11/22/2012 3:00:14 AM - Windows Update
    RP5: 11/22/2012 10:49:03 PM - Installed Microsoft Fix it 50267
    RP6: 11/23/2012 3:00:13 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    DirectX for Managed Code Update (Summer 2004)
    DVD Menu Pack for HP MediaSmart Video
    Google Chrome
    Google Update Helper
    Hardware Diagnostic Tools
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP MediaSmart/TouchSmart Netflix
    HP Odometer
    HP Remote Solution
    HP Setup
    HP Support Assistant
    HP Support Information
    HP Update
    HPAsset component for HP Active Support Library
    Hulu Desktop
    IObit Malware Fighter
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office Home and Student 60 day trial
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Movie Theme Pack for HP MediaSmart Video
    MSVCRT
    Norton Internet Security
    Norton Online Backup
    NVIDIA Drivers
    PlayReady PC Runtime amd64
    Power2Go
    PowerDirector
    Realtek High Definition Audio Driver
    Recovery Manager
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/23/2012 3:03:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
    11/23/2012 3:03:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).
    11/23/2012 3:03:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).
    11/22/2012 9:50:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
    11/22/2012 9:50:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521).
    11/22/2012 9:47:34 AM, Error: Service Control Manager [7023] -
    11/22/2012 9:43:54 AM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/22/2012 9:43:50 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    11/22/2012 9:43:50 AM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
    11/22/2012 9:43:48 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    11/22/2012 9:43:46 AM, Error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).
    11/22/2012 9:43:01 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The process cannot access the file because it is being used by another process.
    11/22/2012 9:43:00 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The process cannot access the file because it is being used by another process.
    11/22/2012 9:42:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
    11/22/2012 9:42:49 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/22/2012 9:42:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    11/22/2012 9:42:47 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/22/2012 9:42:31 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/22/2012 9:37:50 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
    11/22/2012 10:54:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    11/22/2012 10:53:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
    11/22/2012 10:45:31 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    11/20/2012 6:52:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    11/20/2012 3:30:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    .
    ==== End Of File ===========================
     
  2. CheshireProphet

    CheshireProphet Thread Starter

    Joined:
    Nov 23, 2012
    Messages:
    5
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Uninstall this program from your system, IObit Malware Fighter

    Run the following scan and post its log:

    Download RogueKiller from here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save direct to your Desktop.

    • Quit all programs
    • Start RogueKiller.exe [​IMG]
    • Wait until Prescan has finished ...
    • You will see the following EULA, select Accept to continue:
      [​IMG]
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete.Copy/paste the content of the report and paste to next reply....

    [​IMG]

    Kevin....
     
  4. CheshireProphet

    CheshireProphet Thread Starter

    Joined:
    Nov 23, 2012
    Messages:
    5
    Thanks for your reply.
    Here is what the report had to say:


    RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Nathaniel [Admin rights]
    Mode : Scan -- Date : 11/24/2012 18:39:35

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HD321HJ SCSI Disk Device +++++
    --- User ---
    [MBR] 3746e0ccb9f8f0f22cb3fceac253db53
    [BSP] 7462a8ccb12779447ac769d2e8b0768d : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 294000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 602318848 | Size: 11143 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_11242012_02d1839.txt >>
    RKreport[1]_S_11242012_02d1839.txt
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    Combofix

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  6. CheshireProphet

    CheshireProphet Thread Starter

    Joined:
    Nov 23, 2012
    Messages:
    5
    Here is the log:

    ComboFix 12-11-24.02 - Nathaniel 11/24/2012 19:47:43.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1418 [GMT -5:00]
    Running from: c:\users\Nathaniel\Downloads\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-25 00:57 . 2012-11-25 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-24 08:00 . 2012-11-24 08:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-11-23 21:52 . 2012-11-23 21:52 -------- d-----w- c:\windows\en
    2012-11-23 21:46 . 2012-11-23 21:46 -------- dc----w- c:\windows\system32\DRVSTORE
    2012-11-23 21:46 . 2012-03-08 23:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2012-11-23 21:45 . 2012-11-23 21:46 -------- d-----w- c:\program files\Windows Live
    2012-11-23 21:44 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
    2012-11-23 21:44 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
    2012-11-23 21:44 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
    2012-11-23 21:44 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
    2012-11-23 21:41 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
    2012-11-23 21:41 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2012-11-23 21:41 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
    2012-11-23 21:41 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
    2012-11-23 21:37 . 2012-11-23 21:37 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab4841101cdc9c238\MeshBetaRemover.exe
    2012-11-23 21:35 . 2012-11-23 21:35 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7a83aa601cdc9c22a\DSETUP.dll
    2012-11-23 21:35 . 2012-11-23 21:35 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7a83aa601cdc9c22a\DXSETUP.exe
    2012-11-23 21:35 . 2012-11-23 21:35 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7a83aa601cdc9c22a\dsetup32.dll
    2012-11-23 21:35 . 2012-11-23 21:35 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\777001c01cdc9c229\DXSETUP.exe
    2012-11-23 21:35 . 2012-11-23 21:35 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\777001c01cdc9c229\dsetup32.dll
    2012-11-23 21:35 . 2012-11-23 21:35 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\777001c01cdc9c229\DSETUP.dll
    2012-11-23 00:53 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2012-11-23 00:53 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2012-11-23 00:53 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
    2012-11-23 00:53 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2012-11-22 20:16 . 2012-11-23 03:51 -------- d-----w- c:\windows\system32\drivers\NISx64\1109000.00C
    2012-11-22 14:41 . 2012-11-22 14:41 -------- d-----w- c:\windows\SysWow64\Wat
    2012-11-22 14:41 . 2012-11-22 14:41 -------- d-----w- c:\windows\system32\Wat
    2012-11-22 14:12 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2012-11-22 14:12 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2012-11-22 08:52 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-22 08:52 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-22 08:52 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-22 08:52 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-22 08:24 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
    2012-11-22 08:24 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
    2012-11-22 08:24 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
    2012-11-22 08:24 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
    2012-11-22 08:24 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
    2012-11-22 08:24 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2012-11-22 08:24 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2012-11-22 08:24 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
    2012-11-22 08:24 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
    2012-11-22 08:24 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2012-11-22 08:10 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-22 08:10 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-22 08:10 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-22 08:10 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-22 08:10 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-22 08:10 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-22 08:10 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-22 08:06 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-11-22 08:06 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
    2012-11-22 08:06 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-11-22 08:06 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-11-22 08:06 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-11-22 08:01 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
    2012-11-21 08:41 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
    2012-11-21 08:40 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-11-21 08:39 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-11-21 08:38 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
    2012-11-21 08:37 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
    2012-11-21 08:36 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-11-21 08:36 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
    2012-11-21 08:36 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-11-21 08:36 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-11-21 08:36 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-11-21 08:36 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-11-21 08:35 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
    2012-11-21 08:35 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-11-21 02:54 . 2012-11-21 02:54 -------- d-----w- c:\program files (x86)\Google
    2012-11-21 01:04 . 2012-11-21 01:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-21 01:04 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-21 01:04 . 2012-11-21 01:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-11-21 00:41 . 2012-11-21 00:41 -------- d-----w- c:\programdata\IObit
    2012-11-21 00:41 . 2012-11-21 00:41 -------- d-----w- c:\program files (x86)\IObit
    2012-11-20 23:57 . 2012-11-20 23:57 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-11-20 23:57 . 2012-11-20 23:57 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2012-11-20 17:36 . 2012-11-20 17:36 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2012-11-20 17:30 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
    2012-11-20 17:30 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
    2012-11-20 17:30 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-11-20 17:30 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-11-20 17:30 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-11-20 17:28 . 2012-11-20 17:28 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-11-20 17:28 . 2012-11-20 17:28 -------- d-----w- c:\program files\Symantec
    2012-11-20 17:28 . 2012-11-20 17:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-11-20 17:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-11-20 17:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-11-20 17:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-11-20 17:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-11-20 17:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-11-20 17:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-11-20 17:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-11-20 17:26 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-11-20 17:26 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-11-20 17:23 . 2012-11-20 17:23 -------- d-----w- c:\users\Public\Symantec
    2012-11-20 17:22 . 2012-11-23 21:54 -------- d-----w- c:\users\Nathaniel
    2012-11-20 12:53 . 2012-11-20 12:53 -------- d-----w- c:\programdata\Recovery
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-23 21:45 . 2011-03-28 23:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-22 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-08-30 433200]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-11-07 1384608]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20121123.001\IDSvia64.sys [2012-11-20 513184]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-20 138912]
    S4 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - UrlFilter
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21 02:54]
    .
    2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21 02:54]
    .
    2012-11-22 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
    "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2701182818-1818322628-522375376-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2701182818-1818322628-522375376-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-24 20:11:25
    ComboFix-quarantined-files.txt 2012-11-25 01:11
    .
    Pre-Run: 270,263,603,200 bytes free
    Post-Run: 270,173,405,184 bytes free
    .
    - - End Of File - - 4C816D668FC60D9ECCA08A47CF369AD8
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Thanks for the CF log, still not seeing a great deal wrong, same as RogueKiller. What exactly happened just prior to the issue with your Browser not reaching sites etc. I do see references to Windows live being created 233d Nov, Did you install Windows Live then?

    OK, lets remove the remnants from IOBit and finally run an online AV scan....

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    Killall::
    Folder::
    c:\programdata\IObit
    c:\program files (x86)\IObit
    Driver::
    RegFilter
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Post those two logs...

    Kevin
     
  8. CheshireProphet

    CheshireProphet Thread Starter

    Joined:
    Nov 23, 2012
    Messages:
    5
    I tried to to download the ESET Smart Installer but when I click on the link my computer doesn't actually download it.
    That's something else I have noticed recently; my computer doesn't allow certain online downloads to actually to go through.
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Possibly your security will intefere with the ESET d/l and run, turn it off and try again, did Combofix complete OK?
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1077968

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice