Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

reg edit won't open. Malware?


Recommended Posts

Posted

Hi, I would appreciate it if someone can help me. I downloaded IE 9 yesterday and discovered I could not pin to the task bar. I checked out a fix for this that involved doing something in reg edit but I couldn't open reg edit. It flashes for less than a second and disappears. I have a DDS log and a highjackthis report which I will post below. There is another DDS log if needed. Thank You

< Email address deleted > by wozofoz

You should not post your email address on any forums, it allows harvesting bots to grab it and then spam you.

 

dds

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by chris at 20:47:25.60 on 18/04/2011

Internet Explorer: 9.0.8112.16421

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1253.30.1033.18.1978.539 [GMT 1:00]

.

AV: COMODO Antivirus *Enabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Security 360 *Enabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Virgin Media\HUB\ServicepointService.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Program Files\AVG\AVG10\avgscanx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\chris\Downloads\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gr&c=91&bd=Presario&pf=cnnb

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gr&c=91&bd=Presario&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gr&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} -

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} -

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -

TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File

EB: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - Hotbar Information Window

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553538400} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-1-27 15672]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-9-11 17256]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-11 236600]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]

R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2010-5-20 1737464]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-4-18 312152]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-11-21 365952]

R2 ServicepointService;ServicepointService;c:\program files\virgin media\hub\ServicepointService.exe [2010-3-9 668912]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-12-3 193640]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9d48a100fdc20;Υπηρεσία Google Update (gupdate1c9d48a100fdc20);c:\program files\google\update\GoogleUpdate.exe [2009-5-14 133104]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-21 193840]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-5-20 9216]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-04-16 04:51:51 -------- d-----w- c:\program files\Luxor 3

2011-04-16 04:50:38 -------- d-----w- c:\progra~2\Big Fish Games

2011-04-16 04:11:59 766976 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2011-04-16 04:11:59 149504 ----a-w- c:\program files\internet explorer\jsprofilerui.dll

2011-04-16 04:11:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-16 04:11:58 386560 ----a-w- c:\program files\internet explorer\jsdbgui.dll

2011-04-16 04:11:58 22016 ----a-w- c:\program files\internet explorer\ExtExport.exe

2011-04-14 21:36:35 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-04-14 21:36:33 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-04-07 22:23:00 -------- d-----w- c:\program files\Cactus Bruce and the Corporate Monkeys

2011-04-07 07:35:36 -------- d-----w- c:\users\chris\appdata\roaming\OpenCandy

2011-04-07 07:20:27 -------- d-----w- c:\users\chris\appdata\roaming\MumboJumbo

2011-04-06 21:51:03 -------- d-----w- c:\users\chris\appdata\roaming\Oberon Media

2011-04-06 21:50:38 -------- d-----w- c:\program files\Yahoo! Games

2011-03-23 21:45:53 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-23 21:45:53 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-23 21:45:52 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

.

==================== Find3M ====================

.

2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys

2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll

.

============= FINISH: 20:51:12.68 ===============

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 20:42:32, on 2011-4-18

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Virgin Media\HUB\ServicepointService.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Program Files\AVG\AVG10\avgscanx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}SWCtl.SWCtl.11 - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10}Microsoft.wlsc.WrapperAX.2 - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}MsnPhotoUpload.PhotoUploadCtl.1 - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}ExentCtl.ExentInf.1 -

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}TheFacebook.FacebookPhotoUploader5.5.1 - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}SRLDetection_Intel.SysInfo.1 - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147}Windows Live Hotmail Photo Upload Tool - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7}PCPitstop2.Exam.1 - http://utilities.pcpitstop.com/da2/PCPitStop2.cab

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: BecHelperService (BecHelperService) - Unknown - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Com4QLBEx (Com4QLBEx) - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -

O23 - Service: Diagnostic Policy Service (DPS) - Unknown -

O23 - Service: Group Policy Client (gpsvc) - Unknown -

O23 - Service: Υπηρεσία Google Update (gupdate1c9d48a100fdc20) (gupdate1c9d48a100fdc20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service (HP Health Check Service) - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex (hpqwmiex) - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Recovery Service for Windows (Recovery Service for Windows) - Unknown - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -

O23 - Service: Security Accounts Manager (SamSs) - Unknown -

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: ServicepointService (ServicepointService) - Radialpoint Inc. - C:\Program Files\Virgin Media\HUB\ServicepointService.exe

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -

O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -

O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -

O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

O23 - Service: XAudioService (XAudioService) - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

***********************************************

You should never mess around in the Registry unless you know exactly what you're doing.

 

The DDS log show you have two AV programs running you your computer which is a no-no. Either COMODO Antivirus or AVG Anti-Virus Free Edition 2011 will have to un-enable/Uninstalled. I would recommend that you uninstall AVG because it will interfere with some scans I want to do later.

********************************************************

I strongly recommend that you remove Ask from your computer because it;

 

•Promotes its toolbars on sites targeted to kids.

 

•Promotes its toolbars through ads that appear to be part of other companies' sites.

 

•Promotes its toolbars through other companies' spyware.

 

•Installs without any disclosure whatsoever and without any consent whatsoever.

 

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

 

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

 

See Here for more info.

 

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

 

AskBarDis or anything related to Ask

 

Then please find and delete this folder in bold (if present):

C:\Program Files\AskBarDis. or anything related to Ask.

****************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*******************************************

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Posted

reg edit won't open, malware/

 

SoSUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/19/2011 at 12:53 PM

 

Application Version : 4.50.1002

 

Core Rules Database Version : 6868

Trace Rules Database Version: 4680

 

Scan type : Complete Scan

Total Scan Time : 02:26:52

 

Memory items scanned : 630

Memory threats detected : 0

Registry items scanned : 7537

Registry threats detected : 234

File items scanned : 178274

File threats detected : 173

 

Adware.Zango/ShoppingReport

HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}

HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}#AppID

HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\InprocServer32

HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\InprocServer32#ThreadingModel

HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\ProgID

HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\Programmable

HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\TypeLib

HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\VersionIndependentProgID

HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}

HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\InprocServer32

HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\InprocServer32#ThreadingModel

HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\ProgID

HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\Programmable

HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\TypeLib

HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\VersionIndependentProgID

HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}

HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\Control

HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\InprocServer32

HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\InprocServer32#ThreadingModel

HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\MiscStatus

HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\MiscStatus\1

HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\ProgID

HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\Programmable

HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\TypeLib

HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\Version

HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\VersionIndependentProgID

HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}

HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\InprocServer32

HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\InprocServer32#ThreadingModel

HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\ProgID

HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\Programmable

HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\TypeLib

HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\VersionIndependentProgID

HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}

HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\InprocServer32

HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\InprocServer32#ThreadingModel

HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\ProgID

HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\TypeLib

HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\VersionIndependentProgID

HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}

HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\Control

HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\InprocServer32

HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\InprocServer32#ThreadingModel

HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\ProgID

HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\Programmable

HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\TypeLib

HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\VersionIndependentProgID

HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}

HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}#AppID

HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\InprocServer32

HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\InprocServer32#ThreadingModel

HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\ProgID

HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\Programmable

HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\TypeLib

HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\VersionIndependentProgID

HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}

HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\InprocServer32

HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\InprocServer32#ThreadingModel

HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\ProgID

HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\Programmable

HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\TypeLib

HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\VersionIndependentProgID

HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}

HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\InprocServer32

HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\InprocServer32#ThreadingModel

HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\ProgID

HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\Programmable

HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\TypeLib

HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\VersionIndependentProgID

HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}

HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0

HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\FLAGS

HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}

HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0

HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0\FLAGS

HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}

HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0

HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0\FLAGS

HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}

HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0

HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\FLAGS

HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}

HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0

HKCR\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0\FLAGS

HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}

HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\ProxyStubClsid

HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\ProxyStubClsid32

HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\TypeLib

HKCR\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\TypeLib#Version

HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}

HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\ProxyStubClsid

HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\ProxyStubClsid32

HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\TypeLib

HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\TypeLib#Version

HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}

HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\ProxyStubClsid

HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\ProxyStubClsid32

HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\TypeLib

HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\TypeLib#Version

HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}

HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid

HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid32

HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib

HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib#Version

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid32

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib#Version

HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}

HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\ProxyStubClsid

HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\ProxyStubClsid32

HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\TypeLib

HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\TypeLib#Version

HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}

HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\ProxyStubClsid

HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\ProxyStubClsid32

HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\TypeLib

HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\TypeLib#Version

HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}

HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\ProxyStubClsid

HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\ProxyStubClsid32

HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\TypeLib

HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\TypeLib#Version

HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}

HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\ProxyStubClsid

HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\ProxyStubClsid32

HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\TypeLib

HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\TypeLib#Version

HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}

HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\ProxyStubClsid

HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\ProxyStubClsid32

HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\TypeLib

HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\TypeLib#Version

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid32

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib

HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib#Version

HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}

HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid

HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid32

HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib

HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib#Version

HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}

HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\ProxyStubClsid

HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\ProxyStubClsid32

HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\TypeLib

HKCR\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\TypeLib#Version

HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}

HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\ProxyStubClsid

HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\ProxyStubClsid32

HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\TypeLib

HKCR\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\TypeLib#Version

HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}

HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\ProxyStubClsid

HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\ProxyStubClsid32

HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\TypeLib

HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\TypeLib#Version

HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}

HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\ProxyStubClsid

HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\ProxyStubClsid32

HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\TypeLib

HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\TypeLib#Version

HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}

HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\ProxyStubClsid

HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\ProxyStubClsid32

HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\TypeLib

HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\TypeLib#Version

HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}

HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\ProxyStubClsid

HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\ProxyStubClsid32

HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\TypeLib

HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\TypeLib#Version

HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}

HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\ProxyStubClsid

HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\ProxyStubClsid32

HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\TypeLib

HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\TypeLib#Version

HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}

HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\ProxyStubClsid

HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\ProxyStubClsid32

HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\TypeLib

HKCR\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\TypeLib#Version

HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}

HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\ProxyStubClsid

HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\ProxyStubClsid32

HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\TypeLib

HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\TypeLib#Version

HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}

HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\ProxyStubClsid

HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\ProxyStubClsid32

HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\TypeLib

HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\TypeLib#Version

HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}

HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\ProxyStubClsid

HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\ProxyStubClsid32

HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\TypeLib

HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\TypeLib#Version

HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}

HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\ProxyStubClsid

HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\ProxyStubClsid32

HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\TypeLib

HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\TypeLib#Version

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid32

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib

HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib#Version

HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}

HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\ProxyStubClsid

HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\ProxyStubClsid32

HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\TypeLib

HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\TypeLib#Version

HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}

HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid

HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid32

HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib

HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib#Version

HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}

HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\ProxyStubClsid

HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\ProxyStubClsid32

HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\TypeLib

HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\TypeLib#Version

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid32

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib

HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib#Version

HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}

HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\ProxyStubClsid

HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\ProxyStubClsid32

HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\TypeLib

HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\TypeLib#Version

 

Adware.Tracking Cookie

.doubleclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.highbeam.122.2o7.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.imrworldwide.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.imrworldwide.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.apmebf.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adviva.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.xiti.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

http://www.googleadservices.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.videoegg.adbureau.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ru4.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ru4.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.tribalfusion.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.kontera.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.bs.serving-sys.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.weborama.fr [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.vdwp.solution.weborama.fr [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.vdwp.solution.weborama.fr [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.vdwp.solution.weborama.fr [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.vdwp.solution.weborama.fr [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.server.cpmstar.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

http://www.googleadservices.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

statse.webtrendslive.com [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.divx.112.2o7.net [ C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@2o7[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@ad.yieldmanager[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@adecn[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@ads.broadband-finder.co[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@adserver.adtechus[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@adserver1.mokono[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@allyours.virginmedia[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@broadband-finder.co[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@cadburyschweppesplc.112.2o7[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@collective-media[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@content.yieldmanager[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@content.yieldmanager[3].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@dmtracker[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@e-2dj6aekiqjcjseo.stats.esomniture[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@e-2dj6aekykgcjmcp.stats.esomniture[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@e-2dj6wdmiuicjego.stats.esomniture[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@e-2dj6wflogicjmao.stats.esomniture[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@e-2dj6wfmywjcpkbp.stats.esomniture[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@e-2dj6wgkiupcpkap.stats.esomniture[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@e-2dj6wmmyamcpccq.stats.esomniture[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@healthgrades.112.2o7[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@himedia.individuad[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@interclick[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@invitemedia[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@kanoodle[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@media6degrees[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@msnbc.112.2o7[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@msnportal.112.2o7[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@server.lon.liveperson[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@server.lon.liveperson[3].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@statcounter[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@tripod[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@virginmedia.112.2o7[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@virginmediabusiness.co[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@virginmedia[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@www.broadband-finder.co[1].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@www.googleadservices[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@www.googleadservices[3].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@www.googleadservices[4].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@www.virginmedia[2].txt

C:\Users\chris\AppData\Local\Temp\Low\Cookies\chris@yieldmanager[1].txt

247realmedia.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

broadcast.piximedia.fr [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

cdn.insights.gravity.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

cdn.media.abc.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

cloud.video.unrulymedia.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

content.oddcast.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

content.video.imedia.ro [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

countdownpage.createyourcountdown.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

ds.serving-sys.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

gw.callingbanners.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

ia.media-imdb.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

ihealthmedia.co.nz.s3.amazonaws.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

input.insights.gravity.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

interclick.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

m1.2mdn.net [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

m1.emea.2mdn.net [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

media-ut.pictela.net [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

media.alot.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

media.ign.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

media.jambocast.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

media.mtvnservices.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

media.podaddies.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

media.scanscout.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

media1.break.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

mediapartner.bigpoint.net [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

msnbcmedia.msn.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

msntest.serving-sys.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

objects.tremormedia.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

oddcast.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

secure-uk.imrworldwide.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

secure-us.imrworldwide.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

serving-sys.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

spe.atdmt.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

stat.easydate.biz [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

static.discoverymedia.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

track.webgains.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

tracking.onefeed.co.uk [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

virginmedia.a.mms.mavenapps.net [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

http://www.gvsmedia.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

http://www.virginmedia.com [ C:\Users\chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\55QNNE2S ]

C:\Users\chris\AppData\Roaming\Microsoft\Windows\Cookies\Low\chris@adverts.minimins[2].txt

C:\Users\chris\AppData\Roaming\Microsoft\Windows\Cookies\Low\chris@at.atwola[2].txt

C:\Users\chris\AppData\Roaming\Microsoft\Windows\Cookies\Low\chris@tacoda.at.atwola[1].txt far so good Dave,

 

here is the Surerspyware log, on with malwarebytes now. Thankk you

Posted

last 2 logs

 

Hi Dave,

 

I have finished all the steps you sent me. Here are the last 2 logs. No problems I think. What should I do now? Comodo doesn't seem to like Security check. Shall I delete it?

 

Thank you

 

1 Security check logResults of screen317's Security Check version 0.99.10

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

McAfee Security Scan Plus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 22

Out of date Java installed!

Adobe Flash Player

Adobe Reader 9.4.3

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

``````````End of Log````````````

 

2 Malwarebytes log

 

Malwarebytes' Anti-Malware 1.46

http://www.malwarebytes.org

 

Database version: 4052

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

 

19/04/2011 15:41:32

mbam-log-2011-04-19 (15-41-32).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 290759

Time elapsed: 2 hour(s), 16 minute(s), 16 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Posted
Comodo doesn't seem to like Security check. Shall I delete it?

All good firewalls act like this. They don't like anything new. They're just trying to protect you. Do not uninstall it. It's a good firewall. You also also have the Windows Firewall enabled. If you're running Comodo, the Windows firewall should be disabled.

 

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

4. Run CCleaner.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

***********************************************

Please download the newest version of Adobe Acrobat Reader from Adobe.com

 

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.

Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).

Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

 

Once old versions are gone, please install the newest version.

*********************************************************

Re-run MBAM:

 

Code:

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..

*****************************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copy and pasting it into the reply.

Posted

Java no good

 

I deleted old versions of java and then downloaded new one. it seemed to go ok but now i can't find it. If I use start, run, it flashes up and then disappears (just like reg edit did). I tried to delete it and start again, but it won't let me uninstall or delete.

 

Part of problem is I'm not sure how to direct downloads to where I want them.

Posted
ok, Ive found it, its in windows/system32. But I still can't get it to open

Please forget about Java for the moment and run the DDS scan and post the logs.

Posted

DDS logs

 

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by chris at 21:31:15.08 on 20/04/2011

Internet Explorer: 9.0.8112.16421

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1253.30.1033.18.1978.752 [GMT 1:00]

.

AV: COMODO Antivirus *Enabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}

SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Security 360 *Enabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Virgin Media\HUB\ServicepointService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\chris\Downloads\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gr&c=91&bd=Presario&pf=cnnb

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gr&c=91&bd=Presario&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gr&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} -

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} -

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -

TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File

EB: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - Hotbar Information Window

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDcyNTM2NDg4LVhMKzEtVDQtRlA5Mis2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUYxME0xMEMrMS1MSUMrNw"&"prod=90"&"ver=10.0.1204

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/stg_drm.ocx

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553538400} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-1-27 15672]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-9-11 17256]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-11 236600]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-12-3 193640]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-5-20 9216]

.

=============== Created Last 30 ================

.

2011-04-19 18:57:41 -------- d-----w- c:\program files\Amazing Adventures The Forgotten Dynasty

2011-04-19 15:54:48 -------- d-----w- c:\program files\MSN Toolbar

2011-04-19 09:20:52 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5ff6e07b-623d-41b5-a409-43085f008ad5}\mpengine.dll

2011-04-19 09:17:20 -------- d-----w- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com

2011-04-19 09:17:20 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com

2011-04-19 09:17:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-04-19 06:09:23 -------- d-----w- c:\progra~2\SpinTop Games

2011-04-19 06:08:47 -------- d-----w- c:\program files\Plants vs. Zombies - Game of the Year Edition

2011-04-16 04:50:38 -------- d-----w- c:\progra~2\Big Fish Games

2011-04-16 04:11:59 766976 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2011-04-16 04:11:59 149504 ----a-w- c:\program files\internet explorer\jsprofilerui.dll

2011-04-16 04:11:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-16 04:11:58 386560 ----a-w- c:\program files\internet explorer\jsdbgui.dll

2011-04-16 04:11:58 22016 ----a-w- c:\program files\internet explorer\ExtExport.exe

2011-04-14 21:36:35 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-04-14 21:36:33 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-04-07 07:35:36 -------- d-----w- c:\users\chris\appdata\roaming\OpenCandy

2011-04-07 07:20:27 -------- d-----w- c:\users\chris\appdata\roaming\MumboJumbo

2011-04-06 21:51:03 -------- d-----w- c:\users\chris\appdata\roaming\Oberon Media

2011-04-06 21:50:38 -------- d-----w- c:\program files\Yahoo! Games

2011-03-23 21:45:53 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-23 21:45:53 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-23 21:45:52 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

.

==================== Find3M ====================

.

2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys

2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 21:34:55.47 ==============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 06/02/2009 20:36:06

System Uptime: 20/04/2011 21:22:41 (0 hours ago)

.

Motherboard: Hewlett-Packard | | 3612

Processor: Genuine Intel® CPU 585 @ 2.16GHz | CPU | 2161/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 141 GiB total, 70.365 GiB free.

D: is FIXED (NTFS) - 8 GiB total, 1.51 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

.

3Connect

7-Zip 4.65

AC3Filter (remove only)

Acrobat.com

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.4.3

Adobe Shockwave Player

Adobe Shockwave Player 11.5

Advanced SystemCare 3

Amazing Adventures The Forgotten Dynasty

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Driver Installation Program

Big Fish Games: Game Manager

Bing Bar Platform

BitTorrent

Bonjour

Camera RAW Plug-In for EPSON Creativity Suite

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Combined Community Codec Pack 2010-10-10

COMODO Internet Security

Compatibility Pack for the 2007 Office system

Conexant HD Audio

CX4300_5500_DX4400 manual

CyberLink DVD Suite

CyberLink YouCam

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

EPSON Attach To Email

EPSON Copy Utility 3

EPSON Easy Photo Print

EPSON File Manager

EPSON Printer Software

EPSON Scan

EPSON Scan Assistant

Escape Rosecliff Island

ESU for Microsoft Vista

Game Booster

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.7

HP Easy Setup - Frontend

HP Help and Support

HP Product Detection

HP Quick Launch Buttons 6.40 H2

HP Update

HP User Guides 0118

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

InstallIQ Updater

Intel® Graphics Media Accelerator Driver

IObit Security 360

iTunes

Java Auto Updater

Java 6 Update 24

LabelPrint

LightScribe System Software 1.14.17.1

Malwarebytes' Anti-Malware

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office Word Viewer 2003

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetWaiting

OGA Notifier 2.0.0048.0

Orbit Downloader

Plants vs. Zombies - Game of the Year Edition

Power2Go

PowerDirector

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

SAGEM F@st 2404

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Skype web features

Skype™ 4.1

Smart Defrag 2

Spotify

SUPERAntiSpyware

Synaptics Pointing Device Driver

System Requirements Lab for Intel

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC80CRTRedist - 8.0.50727.4053

Virgin Media HUB 3.5.12

VLC media player 1.0.3

Windows Live OneCare safety scanner

ZTE_1.2059.0.8

.

==== End Of File ===========================

Posted

P2P - I see you have P2P software installed on your machine (BitTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

*************************************************

Download OTL to your desktop.

 

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - 
TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItS khGTkg"&"inst=NzctNDcyNTM2NDg4LVhMKzEtVDQtRlA5Mis2 LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMD EwKzItRjEwTTEwRCsxLUYxME0xMEMrMS1MSUMrNw"&"prod=90 "&"ver=10.0.1204

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

**********************************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix log and a new HijackThis log in your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Posted

OTL Report

 

Thanks for all thia Dave x

 

All processes killed

========== OTL ==========

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: chris

->Temp folder emptied: 2458016 bytes

->Temporary Internet Files folder emptied: 3053933 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3638016 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Posted

combofix

 

ComboFix 11-04-21.02 - chris 21/04/2011 22:39:12.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1253.30.1033.18.1978.1016 [GMT 1:00]

Running from: c:\users\chris\Downloads\ComboFix.exe

AV: COMODO Antivirus *Enabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}

SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}

SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Fast Browser Search

c:\users\chris\AppData\Roaming\Local

c:\users\chris\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr

c:\users\chris\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr

c:\users\chris\AppData\Roaming\Local\Temp\DDM\Settings\.ddr

c:\users\chris\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\chris\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi

c:\users\chris\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi

c:\users\chris\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\chris\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)

c:\users\chris\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)

c:\users\chris\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

.

.

((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))

.

.

2011-04-21 22:04 . 2011-04-21 22:05 -------- d-----w- c:\users\chris\AppData\Local\temp

2011-04-21 22:04 . 2011-04-21 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-04-21 20:37 . 2011-04-21 20:37 -------- d-----w- C:\_OTL

2011-04-19 21:13 . 2011-04-19 21:13 -------- d-----w- c:\program files\Common Files\Java

2011-04-19 15:54 . 2011-04-19 15:54 -------- d-----w- c:\program files\MSN Toolbar

2011-04-19 09:20 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FF6E07B-623D-41B5-A409-43085F008AD5}\mpengine.dll

2011-04-19 09:17 . 2011-04-19 09:17 -------- d-----w- c:\users\chris\AppData\Roaming\SUPERAntiSpyware.com

2011-04-19 09:17 . 2011-04-19 09:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-04-19 09:17 . 2011-04-19 09:17 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-04-19 06:09 . 2011-04-19 06:09 -------- d-----w- c:\programdata\SpinTop Games

2011-04-16 04:50 . 2011-04-21 17:03 -------- d-----w- c:\programdata\Big Fish Games

2011-04-16 04:11 . 2011-04-16 04:11 766976 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2011-04-16 04:11 . 2011-04-16 04:11 149504 ----a-w- c:\program files\Internet Explorer\jsprofilerui.dll

2011-04-16 04:11 . 2011-04-16 04:11 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-16 04:11 . 2011-04-16 04:11 386560 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2011-04-16 04:11 . 2011-04-16 04:11 22016 ----a-w- c:\program files\Internet Explorer\ExtExport.exe

2011-04-14 21:36 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-04-14 21:36 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-04-07 07:20 . 2011-04-07 07:20 -------- d-----w- c:\users\chris\AppData\Roaming\MumboJumbo

2011-04-06 21:51 . 2011-04-06 21:51 -------- d-----w- c:\users\chris\AppData\Roaming\Oberon Media

2011-04-06 21:50 . 2011-04-15 11:46 -------- d-----w- c:\program files\Yahoo! Games

2011-03-30 19:49 . 2011-03-30 19:56 -------- d-----w- c:\program files\Windows Live Safety Center

2011-03-23 21:45 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-23 21:45 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-23 21:45 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-02 17:11 . 2009-10-03 03:33 222080 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-23 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-21 2548552]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-08-25 19:45 171032 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2008-12-08 13:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2008-04-15 12:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-08-25 19:45 136216 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-08-25 19:45 170520 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2008-08-01 14:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2008-09-23 15:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-10-06 18:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirginMediaHUB.exe]

2009-12-14 11:25 4277488 ----a-w- c:\program files\Virgin Media\HUB\VirginMediaHUB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2847197973-3881536387-4015035347-1000]

"EnableNotificationsRef"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c9d48a100fdc20;Υπηρεσία Google Update (gupdate1c9d48a100fdc20);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 133104]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-01-18 17256]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-18 236600]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]

S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [2009-12-14 668912]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 193640]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-21 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2011-04-01 13:11]

.

2011-04-21 c:\windows\Tasks\AWC Startup.job

- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2011-04-01 12:53]

.

2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 11:49]

.

2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 11:49]

.

2011-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2847197973-3881536387-4015035347-1000Core.job

- c:\users\chris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-05 21:49]

.

2011-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2847197973-3881536387-4015035347-1000UA.job

- c:\users\chris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-05 21:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gr&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = *.local

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)

URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-21 23:05

Windows 6.0.6002 Service Pack 2 NTFS

.

detected NTDLL code modification:

ZwClose, ZwOpenFile

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(588)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'lsass.exe'(616)

c:\windows\system32\guard32.dll

.

Completion time: 2011-04-21 23:12:09

ComboFix-quarantined-files.txt 2011-04-21 22:12

.

Pre-Run: 75,483,267,072 bytes free

Post-Run: 75,404,353,536 bytes free

.

- - End Of File - - 4D3AA28E62B4C61131546A0036D926B9

Posted

hijackthis log

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:26:06, on 21/04/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gr&c=91&bd=Presario&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDcyNTM2NDg4LVhMKzEtVDQtRlA5Mis2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUYxME0xMEMrMS1MSUMrNw"&"prod=90"&"ver=10.0.1204

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/stg_drm.ocx

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553538400} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: O?cnao?a Google Update (gupdate1c9d48a100fdc20) (gupdate1c9d48a100fdc20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\HUB\ServicepointService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9820 bytes

Posted

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Posted

SpyProt Antiroot log

 

Hi Dave,

 

Ive been away in the Highlands for a few days, unable to get a signal so I've only just completed the last scan. Here it is. A funny thing happened when I downloaded SpyProt, it automatically saved in itunes at first. Second time that's happened. Hope all is well, thanks, ChrisSysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

No Hidden Kernel Modules found

 

******************************************************************************************

******************************************************************************************

No SSDT Hooks found

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

No hidden files/folders found

Posted

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Posted

It would appear that your computer is clean. If there are no other issues, we can do some cleanup.

 

To remove all of the tools we used and the files and folders they created do the following:

Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

***************************************************

To set a new Restore Point.

 

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.

Click the Start button , click Control Panel, click System and Maintenance, and then click System.

In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.

This will give you a new, clean Restore Point.

********************************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

*******************************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Posted

TFC problem

 

Hi Dave, I cleaned up using OTL and then created a new restore point. I already had TFC on my desktop so clicked on it to empty temporary internet files. It looks like it has finished clearing but the blue bar keeps running as if it is stuck in a loop. I have no desktop items and i can't get it to exit. Help!

Posted

Hi again, I finally used alt/ control/ delete in order to stop that programme. once I rebooted, two logs appeared om my desktop as follows: desktop ini,

A

[.ShellClassInfo]

LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769

IconResource=%SystemRoot%\system32\imageres.dll,-183

 

Desktop ini B

[.ShellClassInfo]

LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

[LocalizedFileNames]

Norton Internet Security.lnk=@C:\PROGRA~1\NORTON~2\Branding\muis.dll,-102

HP Βοήθεια και υποστήριξη.lnk=@C:\Windows\Help\OEM\scripts\HELPDT~1.DLL,-101

Posted

secunia and java problems

 

I am now on with downloading Secunia but as I still don't have java it won't download. So i tried java again. I deleted all earlier versions and downloaded a new one one but the wizard failed to install it. According to the java website this is a recognised problem but they don't know the cause. i tried to install using cmd prompt they provide but it wasn't recognised. i have saved a log of the failed install if its any use. cheers chris

Posted

I'm having some problems with Java as late as yesterday. It wouldn't update. I had to go to their site and run the analyzer which told me I didn't have the latest updates. I have no ideas what those other things are that came from TFC.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...