Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91982 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Infection with Rootkit.Boot.Pihar.b, Trojan-Downloader and more? [Solv


  • This topic is locked This topic is locked
29 replies to this topic

#1 hw31027

hw31027

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 22 December 2013 - 07:53 PM

Hello everyone,

 

I am running ZoneAlarm for firewall and antivirus. On 12/20/13, I received notifications from ZoneAlarm that the antivirus scan had found 12 viruses. However, only 6 files were quarantined by ZoneAlarm. Those were as follows:

 

Rootkit.Boot.Pihar.b

Trojan-Downloader.JS.ListensEvent.b

HEUR:Exploit.Java.Generic

Rootkit.Boot.Pihar.b (This one was listed again under the infections list with a slightly different path filename). 

 

I ran DDS on my computer. Here is the DDS.txt file:

 

.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by hw at 20:20:53.60 on Sun 12/22/2013
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.25.2
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3062.1753 [GMT -5:00]
.
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Users\hw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hw\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\hw\Downloads\dds (3).scr
C:\Users\hw\AppData\Local\Temp\nsqCB2C.tmp\nsD422.tmp
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\hw\Downloads\dds (4).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6843
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6843
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6843
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6843
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [HP ENVY 110 series (NET)] "c:\program files\hp\hp envy 110 series\bin\ScanToPCActivationApp.exe" -deviceID "CN26BC213J05RB:NW" -scfn "HP ENVY 110 series (NET)" -AutoStart 1
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [Google Update] "c:\users\hw\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WD Quick View] c:\program files\western digital\wd quick view\WDDMStatus.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hw\appdata\roaming\mozilla\firefox\profiles\04oi6fqk.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\users\hw\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2013-5-10 65640]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 WDBackup;WD Backup;c:\program files\western digital\wd smartware\WDBackupEngine.exe [2013-11-2 1042808]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2013-11-2 270704]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\checkpoint\zonealarm\ZAPrivacyService.exe [2013-10-15 50704]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2013-7-6 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-12 257416]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 282112]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51712]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-10-18 112640]
S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-10-18 103680]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2013-7-6 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2013-3-8 30798512]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-4-5 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-23 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-5-4 22528]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 119408]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-1-10 165248]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-1-10 142976]
S3 TWCRcAppSvc;Time Warner Cable RcAppSvc;"c:\program files\time warner cable\connection manager\rcappsvc.exe" /n "twcrcappsvc" --> c:\program files\time warner cable\connection manager\RcAppSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-9-19 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files\microsoft sql server\mssql10.mssmlbiz\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2013-12-20 07:15:00 7760024 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{74993527-deb6-4f6c-b805-311a5c033dce}\mpengine.dll
2013-12-11 08:59:55 -------- d-----w- c:\program files\Origin Games
2013-12-11 08:59:12 -------- d-----w- c:\users\hw\appdata\roaming\Origin
2013-12-11 08:59:10 -------- d-----w- c:\users\hw\appdata\local\Origin
2013-12-11 08:57:27 -------- d-----w- c:\progra~2\Origin
2013-12-11 08:57:23 -------- d-----w- c:\progra~2\Electronic Arts
2013-12-11 08:56:58 -------- d-----w- c:\program files\Origin
2013-12-11 08:47:29 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 08:47:26 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-11 08:47:26 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 08:47:26 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 08:47:21 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-11 08:47:21 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 08:47:21 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 08:47:21 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 08:47:21 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 08:47:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-06 07:33:57 -------- d-----w- c:\users\hw\GIFS
2013-11-23 20:41:08 -------- d-----w- c:\users\hw\Adobe Acrobat XI Pro
2013-11-23 20:40:07 -------- d-----w- c:\program files\Adobe Download Assistant
.
==================== Find3M  ====================
.
2013-12-11 06:18:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 06:18:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 08:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-11 02:08:02 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-03 12:45:50 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45:45 993792 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 20:21:56.15 ===============
 
I also have the Attach.txt file,but the popup said not to attach that unless it was asked for. Please note that I previously ran HiJackThis before trying DDS, but that program indicated that it could not access HOST files and so I was concerned running that might not give all info. However, that HiJack This report did reference a "hijack" on the report re: urls.
 
I would appreciate any help in getting this cleared up. Computers are far outside my area of expertise, and right now I am imagining that someone has access to everything on my computer!
 
Many thanks,
hw

Edited by hw31027, 22 December 2013 - 07:55 PM.

    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 23 December 2013 - 09:48 AM

Hi and Welcome!!   

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
81mYIKe.jpg  AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


Posted Image
 
 

#3 hw31027

hw31027

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 23 December 2013 - 06:18 PM

Attached File  TDSSKiller.3.0.0.19_23.12.2013_18.29.22_log.txt   180.93KB   137 downloadsHi Jeff! Thanks so much for your kindness and willingness to help me. Attached and below is the information you asked for.

 

# AdwCleaner v3.016 - Report created 23/12/2013 at 19:06:54
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : hw - HW-LAPTOP
# Running from : C:\Users\hw\Downloads\AdwCleaner(1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml
File Found : C:\Users\hw\AppData\Roaming\Mozilla\Firefox\Profiles\04oi6fqk.default\user.js
Folder Found C:\ProgramData\Trymedia
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Trymedia Systems
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16526
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\hw\AppData\Roaming\Mozilla\Firefox\Profiles\04oi6fqk.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\hw\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2291 octets] - [23/12/2013 18:53:15]
AdwCleaner[R1].txt - [2214 octets] - [23/12/2013 19:06:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2274 octets] ##########
 
Thanks again,
hw


#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 23 December 2013 - 08:03 PM

ComboFix

Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.



--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Posted Image
 
 

#5 hw31027

hw31027

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 25 December 2013 - 12:38 AM

Hi Jeff. I ran ComboFix. It took a couple of hours.

 

Here is the log:

 

ComboFix 13-12-24.02 - hw 12/25/2013   0:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3062.1489 [GMT -5:00]
Running from: c:\users\hw\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\hw\AppData\Local\assembly\tmp
c:\windows\system32\drivers\etc\hosts.ics
D:\Autorun.inf
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-25 to 2013-12-25  )))))))))))))))))))))))))))))))
.
.
2013-12-24 07:11 . 2013-12-04 02:57    7760024    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{287A85F4-B855-4C77-878A-47783D0361C1}\mpengine.dll
2013-12-23 23:53 . 2013-12-24 00:07    --------    d-----w-    C:\AdwCleaner
2013-12-11 08:59 . 2013-12-11 09:16    --------    d-----w-    c:\users\hw\AppData\Roaming\Origin
2013-12-11 08:57 . 2013-12-24 00:25    --------    d-----w-    c:\programdata\Origin
2013-12-11 08:47 . 2013-10-30 00:35    2050560    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 08:47 . 2013-10-30 02:12    335360    ----a-w-    c:\windows\system32\SysFxUI.dll
2013-12-11 08:47 . 2013-10-30 01:43    130048    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 08:47 . 2013-10-30 00:43    167936    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-11 08:47 . 2013-10-11 02:08    36864    ----a-w-    c:\windows\system32\wshcon.dll
2013-12-11 08:47 . 2013-10-11 02:08    131072    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 08:47 . 2013-10-11 02:08    172032    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 08:47 . 2013-10-11 00:35    135168    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 08:47 . 2013-10-11 00:35    155648    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 08:47 . 2013-10-22 07:19    158208    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-06 07:33 . 2013-12-06 07:34    --------    d-----w-    c:\users\hw\GIFS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 06:18 . 2012-05-13 01:23    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-11 06:18 . 2011-08-08 21:18    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 08:33 . 2013-11-18 19:54    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-30 02:13 . 2008-01-21 02:23    1304064    ----a-w-    c:\windows\system32\WMALFXGFXDSP.dll
2013-10-11 02:08 . 2013-11-13 17:17    444928    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-13 17:17    596480    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-08 10:47 . 2013-11-19 23:02    74848    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-10-03 12:45 . 2013-11-13 17:17    297984    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 12:45 . 2013-11-13 17:17    993792    ----a-w-    c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP ENVY 110 series (NET)"="c:\program files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe" [2011-09-19 1804648]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2013-10-28 12117160]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2013-08-14 5537136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-07 405504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SafeConnect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk
backup=c:\windows\pss\SafeConnect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 10.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk
backup=c:\windows\pss\Snagit 10.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 19:27    89184    ----a-w-    c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52    50736    ----a-w-    c:\program files\Common Files\aol\1221790750\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2013-04-05 16:59    59720    ----a-w-    c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 05:29    152392    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2008-05-15 21:29    95536    ----a-w-    c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 70700883;70700883; [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 06:18]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-06 12:21]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-06 12:21]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771374111-2616422062-1020362605-1000Core.job
- c:\users\hw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-13 14:12]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771374111-2616422062-1020362605-1000UA.job
- c:\users\hw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-13 14:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6843
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\hw\AppData\Roaming\Mozilla\Firefox\Profiles\04oi6fqk.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-23534570.sys
SafeBoot-37920221.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe
c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-12-25  01:30:54 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-25 06:30
.
Pre-Run: 64,142,139,392 bytes free
Post-Run: 64,348,663,808 bytes free
.
- - End Of File - - 25FCD0A6D941A19C88167EF5D5E657B7
5C616939100B85E558DA92B899A0FC36
 



#6 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 25 December 2013 - 12:26 PM

How is your system running now?  :)


Posted Image
 
 

#7 hw31027

hw31027

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 25 December 2013 - 05:57 PM

It's much, much better! There is no delay before going to websites, whereas before it would show "Resolving hosts" for a while and then I would get an error that the server could not be reached with every website I went to.

 

Does this mean the virus is all cleared up? Zone Alarm ran its antivirus again and it found no infections this time.

 

Also, may I ask two other questions? The first is this: is there a program I should be running regularly in addition to or instead of Zone Alarm to protect from this and other viruses happening again?

 

The second question is that I have an external hard drive that I use to backup the laptop you have been helping me with. Is there something I should do before I plug that hard drive in again (like some virus scan I should run on it?) to make sure my computer does not reinfected?

 

Thanks again for your help,

hw



#8 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 December 2013 - 07:03 AM

It's much, much better! There is no delay before going to websites, whereas before it would show "Resolving hosts" for a while and then I would get an error that the server could not be reached with every website I went to.

Good to hear!!  :)

 

Does this mean the virus is all cleared up? Zone Alarm ran its antivirus again and it found no infections this time.

Most of it is probably gone but we still have some work to do to make sure nothing is left in there hiding.  :) 

 

The first is this: is there a program I should be running regularly in addition to or instead of Zone Alarm to protect from this and other viruses happening again?
 
The second question is that I have an external hard drive that I use to backup the laptop you have been helping me with. Is there something I should do before I plug that hard drive in again (like some virus scan I should run on it?) to make sure my computer does not reinfected?

1.  Well since you have an antivirus and firewall running, the only other tool I would run regularly is Malwarebytes.  Maybe once a week or so would be fine.  I have not used ZoneAlarm's antivirus at all....only the free firewall years ago.  ZoneAlarm is not what I use, but if fine none-the-less if you like it.  :)
 
2.  If you are just saving data on the external hard drive you should be fine.  Just run a standard antivirus scan on the drive and you should be good to go. 
 
----------------------
 
When you ran DDS the first time there should have been a log created named Attach.txt.  Could you post that please?  If you don't have it, just run DDS once again and then post it when it is made again. 
----------------------
 
81mYIKe.jpg  AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
Please post the Attach.txt log from DDS and the new AdwCleaner log.


Posted Image
 
 

#9 hw31027

hw31027

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 26 December 2013 - 02:48 PM

Thanks Jeff! I may have spoken a little too soon on the progress because I notice my computer is being somewhat slower again when trying to access a website, but not as slow as it was before. I still seem to have resolving host problems, but I have not gotten any "server not found" errors. I also seem to get some freezing while my arrow icon is unusable periodically while on any website.

 

Here are the results from the programs you told me to run.

 

DDS (the attach zip is attached):

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.25.2
Run by hw at 15:13:57 on 2013-12-26
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3062.1951 [GMT -5:00]
.
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6843
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [HP ENVY 110 series (NET)] "c:\program files\hp\hp envy 110 series\bin\ScanToPCActivationApp.exe" -deviceID "CN26BC213J05RB:NW" -scfn "HP ENVY 110 series (NET)" -AutoStart 1
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WD Quick View] c:\program files\western digital\wd quick view\WDDMStatus.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3EDB39C0-CB73-403E-8FE8-C5E032813A43} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hw\appdata\roaming\mozilla\firefox\profiles\04oi6fqk.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\users\hw\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 WDBackup;WD Backup;c:\program files\western digital\wd smartware\WDBackupEngine.exe [2013-11-2 1042808]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2013-11-2 270704]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\checkpoint\zonealarm\ZAPrivacyService.exe [2013-10-15 50704]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 282112]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51712]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-10-18 112640]
S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-10-18 103680]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-4-5 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-23 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-5-4 22528]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-1-10 165248]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-1-10 142976]
S3 TWCRcAppSvc;Time Warner Cable RcAppSvc;"c:\program files\time warner cable\connection manager\rcappsvc.exe" /n "twcrcappsvc" --> c:\program files\time warner cable\connection manager\RcAppSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-9-19 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files\microsoft sql server\mssql10.mssmlbiz\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2013-12-25 06:31:02    --------    d-----w-    c:\users\hw\appdata\local\temp
2013-12-25 06:24:01    --------    d-----w-    C:\$RECYCLE.BIN
2013-12-25 05:09:51    98816    ----a-w-    c:\windows\sed.exe
2013-12-25 05:09:51    256000    ----a-w-    c:\windows\PEV.exe
2013-12-25 05:09:51    208896    ----a-w-    c:\windows\MBR.exe
2013-12-24 07:11:25    7760024    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{287a85f4-b855-4c77-878a-47783d0361c1}\mpengine.dll
2013-12-23 23:53:02    --------    d-----w-    C:\AdwCleaner
2013-12-11 08:59:12    --------    d-----w-    c:\users\hw\appdata\roaming\Origin
2013-12-11 08:57:27    --------    d-----w-    c:\programdata\Origin
2013-12-11 08:47:29    2050560    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 08:47:26    335360    ----a-w-    c:\windows\system32\SysFxUI.dll
2013-12-11 08:47:26    167936    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-11 08:47:26    130048    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 08:47:21    36864    ----a-w-    c:\windows\system32\wshcon.dll
2013-12-11 08:47:21    172032    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 08:47:21    155648    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 08:47:21    135168    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 08:47:21    131072    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 08:47:19    158208    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-06 07:33:57    --------    d-----w-    c:\users\hw\GIFS
.
==================== Find3M  ====================
.
2013-12-11 06:18:15    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-11 06:18:14    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 08:33:38    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-14 22:42:41    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-11-14 22:42:32    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-14 22:35:52    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01    1304064    ----a-w-    c:\windows\system32\WMALFXGFXDSP.dll
2013-10-11 02:08:02    444928    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57    596480    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-08 10:47:52    74848    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-10-03 12:45:50    297984    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 12:45:45    993792    ----a-w-    c:\windows\system32\crypt32.dll
.
============= FINISH: 15:15:43.29 ===============
 

AdwCleaner:

 

# AdwCleaner v3.016 - Report created 26/12/2013 at 15:22:06
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : hw - HW-LAPTOP
# Running from : C:\Users\hw\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml
File Deleted : C:\Users\hw\AppData\Roaming\Mozilla\Firefox\Profiles\04oi6fqk.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Trymedia Systems

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\hw\AppData\Roaming\Mozilla\Firefox\Profiles\04oi6fqk.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\hw\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2291 octets] - [23/12/2013 18:53:15]
AdwCleaner[R1].txt - [2354 octets] - [23/12/2013 19:06:54]
AdwCleaner[R2].txt - [2414 octets] - [26/12/2013 15:19:21]
AdwCleaner[S0].txt - [2371 octets] - [26/12/2013 15:22:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2431 octets] ##########
 

Thanks!

hwAttached File  attach.zip   2.38KB   66 downloads



#10 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 December 2013 - 07:47 PM

Hi,
 
Thanks for letting me know.  We still have some work to do though.  :)
 
Let's make sure your System Restore Point is set to On and Manually Set a Restore Point.

  • Go to Start
  • Select Control Panel
  • Select System
  • Select the System Protection link in the left-hand task list
  • Check the disk drive for which you would like to turn system restore on
  • Click the "Apply" button. System Restore will now monitor and create restore points for the checked
        disk drive.
  • Press Create button
  • Type a description of the Restore Point of your choosing
  • Press the Create button
  • Press Finish

Now we have turned On your System Restore and Manually set a Restore Point.
----------
 
VBJ9QO9.jpgJava

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:

http://java.com/en/download/index.jsp
----------

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

----------
 
GUZVCQN.jpgMalwarebytes

Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 
ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------
 
Do an online scan with BitDefender QuickScan.
Please be patient as scanning may take some time. If you have problem running the scan, you might want to disable any real time protection that you have.

  • Click here to go to BitDefender QuickScan page.
  • For Firefox users:
    • Click on Free Scan Now. You will be prompted to install a plug-in. Please Allow. In case you get stuck, please refresh the page to try again.
    • A Software Installation window will appear. Click Install Now and the plugin will be installed as an Add-on.
    • Restart Firefox when done. Go back to the BitDefender QuickScan page again and click on Free Scan Now and proceed accordingly.
  • For Internet Explorer users:
    • Click on Free Scan Now. You will be prompted to install an ActiveX control. Please install.
    • The page will refresh. Click on Free Scan Now again and proceed accordingly.
  • When scan has completed, click on View report and a Notepad log shall open.
  • If there are any infections found, you will get a warning and the link to the report will be displayed as the number of infections. Click on it.
  • Post back the contents of this report. It can also be found at C:\Documents and Settings\<username>\Application Data\QuickScan, <username> is the Windows log-in name.

Posted Image
 
 

    Advertisements

Register to Remove


#11 hw31027

hw31027

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 28 December 2013 - 01:05 AM

Hi Jeff,

 

So this set of instructions did not run as smoothly as the others for me. I think I may have done something wrong. I did create the System Restore point. However, when I tried the Java instructions, things went a little wrong. I was able to delete the old Java (Java 7 Update 25) and install the new Java (Java 7 Update 45). However, the page that came up next asked me to verify my version. At first I received a message that said "Unable to verify Java version", but when I restarted my computer, it did verify correctly. Attempting to delete the old Java temp files appeared not to have worked at all, as when I tried to do so, the process did not close at all. It just sat there, and instead of clicking "OK" and having it disappear, I had to cancel the process via Task Manager. I wanted to make sure you knew all this in case I have done something wrong.

 

The next step was the Malwarebytes log. Here is that log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.27.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
hw :: HW-LAPTOP [administrator]

12/26/2013 11:11:36 PM
mbam-log-2013-12-26 (23-11-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217956
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Next is the ESET Online Scanner. I run that through Internet Explorer, but I got conflicting messages about security settings being changed (and then not changed, over and over again) in order to run it. I also had to accept a Java-related option to make that run through IE. Ultimately, that log had only one line of text, which is as follows:

 

C:\Program Files\CheckPoint\Install\zatb.exe    multiple threats
 

Finally, I ran the BitDefender Quickscan. That log is as follows:

 

QuickScan 32-bit v0.9.9.119
---------------------------
Scan date:  Sat Dec 28 01:47:08 2013
Machine ID: 6A86325C



No infection found.
-------------------



Processes
---------
             hpwuSchd Application                    3968    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
            CEC_MAIN.exe                             3008    C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
            Chicony traybar                          3876    C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
            Firefox                                  2640    C:\Program Files\Mozilla Firefox\firefox.exe
            Firefox                                  6900    C:\Program Files\Mozilla Firefox\plugin-container.exe
            HP Digital Imaging                       2124    C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe
            iCloud                                    748    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
            IDT Audio                                4064    C:\Windows\sttray.exe
            Intel® Common User Interface           3776    C:\Windows\System32\hkcmd.exe
            Intel® Common User Interface           3712    C:\Windows\System32\igfxpers.exe
            Intel® Common User Interface           3800    C:\Windows\System32\igfxsrvc.exe
            iTunes                                   4024    C:\Program Files\iTunes\iTunesHelper.exe
            Microsoft IntelliPoint                   3944    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
            Microsoft IntelliPoint                   3720    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
            Microsoft® Windows® Operating System     1928    C:\Windows\explorer.exe
            Microsoft® Windows® Operating System     1852    C:\Windows\System32\taskeng.exe
            RAID Event Monitor                       3756    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
            WDDMStatus.exe                           3956    C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(verified)  Microsoft® Windows® Operating System     2224    C:\Windows\ehome\ehmsas.exe
(verified)  Microsoft® Windows® Operating System     1444    C:\Windows\ehome\ehtray.exe
(verified)  Microsoft® Windows® Operating System     1704    C:\Windows\System32\dwm.exe


Network activity
----------------
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.135
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.144
Process firefox.exe (2640) connected on port 443 (HTTP over SSL) --> 74.125.228.144
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.134
Process firefox.exe (2640) connected on port 443 (HTTP over SSL) --> 74.125.228.143
Process firefox.exe (2640) connected on port 443 (HTTP over SSL) --> 74.125.228.15
Process firefox.exe (2640) connected on port 443 (HTTP over SSL) --> 74.125.228.98
Process firefox.exe (2640) connected on port 80 (HTTP) --> 141.101.116.18
Process firefox.exe (2640) connected on port 80 (HTTP) --> 141.101.116.18
Process firefox.exe (2640) connected on port 80 (HTTP) --> 141.101.116.18
Process firefox.exe (2640) connected on port 80 (HTTP) --> 141.101.116.18
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.29.95
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.29.95
Process firefox.exe (2640) connected on port 80 (HTTP) --> 141.101.116.18
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.29.95
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.29.95
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.29.95
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.29.95
Process firefox.exe (2640) connected on port 80 (HTTP) --> 103.31.7.35
Process firefox.exe (2640) connected on port 80 (HTTP) --> 103.31.7.35
Process firefox.exe (2640) connected on port 80 (HTTP) --> 103.31.7.35
Process firefox.exe (2640) connected on port 80 (HTTP) --> 103.31.7.35
Process firefox.exe (2640) connected on port 80 (HTTP) --> 103.31.7.35
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.141
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.29.95
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.29.156
Process firefox.exe (2640) connected on port 80 (HTTP) --> 23.196.31.139
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.108
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.108
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.108
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.108
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.89
Process firefox.exe (2640) connected on port 80 (HTTP) --> 107.14.34.146
Process firefox.exe (2640) connected on port 443 (HTTP over SSL) --> 23.196.18.110
Process firefox.exe (2640) connected on port 80 (HTTP) --> 107.14.34.16
Process firefox.exe (2640) connected on port 80 (HTTP) --> 107.14.34.161
Process firefox.exe (2640) connected on port 80 (HTTP) --> 107.14.34.161
Process firefox.exe (2640) connected on port 80 (HTTP) --> 107.14.34.161
Process firefox.exe (2640) connected on port 80 (HTTP) --> 107.14.34.161
Process firefox.exe (2640) connected on port 443 (HTTP over SSL) --> 74.125.29.84
Process firefox.exe (2640) connected on port 80 (HTTP) --> 107.14.34.161
Process firefox.exe (2640) connected on port 80 (HTTP) --> 107.14.34.161
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.89
Process firefox.exe (2640) connected on port 443 (HTTP over SSL) --> 74.125.228.138
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.141
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.89
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.15
Process firefox.exe (2640) connected on port 443 (HTTP over SSL) --> 74.125.228.89
Process firefox.exe (2640) connected on port 443 (HTTP over SSL) --> 31.13.65.1
Process firefox.exe (2640) connected on port 80 (HTTP) --> 31.13.65.1
Process firefox.exe (2640) connected on port 80 (HTTP) --> 107.14.34.145
Process firefox.exe (2640) connected on port 80 (HTTP) --> 107.14.34.145
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.228.154
Process firefox.exe (2640) connected on port 80 (HTTP) --> 63.140.35.162
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.226.199
Process firefox.exe (2640) connected on port 80 (HTTP) --> 74.125.226.199
Process firefox.exe (2640) connected on port 80 (HTTP) --> 63.140.35.162



Autoruns and critical files
---------------------------
             hpwuSchd Application                    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
            Adobe Reader and Acrobat Manager         C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
            Apple Push                               C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
            Chicony traybar                          C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
            HP Digital Imaging                       C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe
            iCloud                                   C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
            IDT Audio                                C:\Windows\sttray.exe
            Intel® Common User Interface           C:\Windows\System32\hkcmd.exe
            Intel® Common User Interface           C:\Windows\system32\igfxdev.dll
            Intel® Common User Interface           C:\Windows\System32\igfxpers.exe
            Intel® Common User Interface           C:\Windows\system32\igfxtray.exe
            iTunes                                   C:\Program Files\iTunes\iTunesHelper.exe
            Java™ Platform SE Auto Updater        C:\Program Files\Common Files\Java\Java Update\jusched.exe
            Microsoft IntelliPoint                   C:\Program Files\Microsoft IntelliPoint\ipoint.exe
            Microsoft Lync 2010                      C:\Program Files\Microsoft Lync\communicator.exe
            Microsoft Office 2010                    C:\Program Files\Microsoft Office\Office14\BCSSync.exe
            Microsoft Office 2010                    C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
            Microsoft® Windows® Operating System     C:\Windows\system32\BROWSEUI.dll
            Microsoft® Windows® Operating System     C:\Windows\system32\Ribbons.scr
            QuickTime                                C:\Program Files\QuickTime\QTTask.exe
            RAID Event Monitor                       C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
            soft thinks Launcher                     C:\Windows\SMINST\launcher.exe
            Synaptics Pointing Device Driver         C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            WDDMStatus.exe                           C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
            Windows® Internet Explorer               c:\windows\system32\webcheck.dll
            ZoneAlarm                                C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(verified)  Google Update                            C:\Users\hw\AppData\Local\Google\Update\GoogleUpdate.exe
(verified)  Microsoft® Windows® Operating System     C:\Windows\ehome\ehtray.exe
(verified)  Microsoft® Windows® Operating System     c:\windows\system32\userinit.exe


Browser plugins
---------------
            AcroIEHelperShim Library                 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
            Adobe Acrobat                            C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
            Adobe Acrobat                            C:\Program Files\Internet Explorer\plugins\nppdf32.dll
            Bitdefender QuickScan                    C:\Users\hw\AppData\Roaming\Mozilla\Firefox\Profiles\04oi6fqk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
            Bonjour                                  C:\Program Files\Bonjour\mdnsNSP.dll
            Browser Address Error Redirector         c:\windows\system32\bae.dll
            Google Update                            C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
            Google Update                            C:\Users\hw\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
            gwCID Module                             C:\Windows\Downloaded Program Files\gwCID.dll
            Java Deployment Toolkit 7.0.450.18       C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
            Java™ Platform SE 7 U45               c:\program files\java\jre7\bin\jp2ssv.dll
            Java™ Platform SE 7 U45               C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
            Java™ Platform SE 7 U45               c:\program files\java\jre7\bin\ssv.dll
            Microsoft Lync 2010                      c:\program files\microsoft lync\ochelper.dll
            Microsoft Office 2010                    C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
            Microsoft Office 2010                    C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL
            Microsoft Office 2010                    C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL
            Microsoft Office 2010                    c:\program files\microsoft office\office14\urlredir.dll
            npitunes.dll                             C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
            npMeetingJoinPluginOC.dll                C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
            NPSWF32_11_9_900_170.dll                 C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
            QuickTime Plug-in 7.7.4                  C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
            QuickTime Plug-in 7.7.4                  C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
            QuickTime Plug-in 7.7.4                  C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
            QuickTime Plug-in 7.7.4                  C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
            QuickTime Plug-in 7.7.4                  C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
            QuickTime Plug-in 7.7.4                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
            QuickTime Plug-in 7.7.4                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
            QuickTime Plug-in 7.7.4                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
            QuickTime Plug-in 7.7.4                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
            QuickTime Plug-in 7.7.4                  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
            Silverlight Plug-In                      c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
            Windows Presentation Foundation          c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
            Windows® Internet Explorer               C:\Windows\system32\ieframe.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\mswsock.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\napinsp.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\nlaapi.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\pnrpnsp.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\winrnr.dll


Scan
----
MD5: 04acc61b47857e779cd92d1d88770bf1  C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 40947436a70e0034e41123df5a0a7702  C:\Program Files\Bonjour\mdnsNSP.dll
MD5: db5bea73edaf19ac68b2c0fad0f92b1a  C:\Program Files\Bonjour\mDNSResponder.exe
MD5: cf38ebf06aeca9912c6a756aa6cb0421  C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
MD5: 97cb28f0dd031e5a4046e870a581b23c  C:\Program Files\Camera Assistant Software for Gateway\CECCMDLL.DLL
MD5: 6a64d85b2d9b60e4da81de544e41c2bd  C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
MD5: 936231534f4ee96bf752f66cb863788e  C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
MD5: f0814a5318a534e4742f5358df59f3ad  C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
MD5: 76085f350aac7eea7d91471f58a9e344  C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
MD5: f9616d202b0124d373d2d82a4aa66b1d  c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: adda5e1951b90d3d23c56d3cf0622adc  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 85180cf88c5ebad73b452a43a004ca51  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
MD5: 60c079cb2150760263d1fe5ff6218961  C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: 61e4289e91e88c90478d7f4beb10dcf7  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: f6fd367c9eaaedf90cd7a7952ae0b336  C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: a7dddde163f16ab49df3de9eec715495  C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: ef8cd3c64ee9c08980d6d06ccce46c68  C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: dc3ff4e57bb9e0ad3b62adc5b47274cc  C:\Program Files\Common Files\Apple\Apple Application Support\Foundation.dll
MD5: 43a0a24cd12b110dc93462d6b035c961  C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: ff9831030678c7b6d70bac00f68f8976  C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: fd86c605fd7ad4a41c01ec7a4a1e1c5d  C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: a3609397ef273b03295dbb10274be12c  C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 3687e37869b69040657e0ce3f5db58aa  C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
MD5: 18301b40411b2108076ab685b4e4b6dc  C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 78865abc5f5d13190f8b35bd9044714a  C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: df1c1cd0c7ee95cc00d71e9e415e7bcd  C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: c28fd3b37b6f18751c99e6022a2a9782  C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 6d41f6aa35220e7a54543075b27e8f83  C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
MD5: a56ccbbfccedce2fd9c69fed24e035e3  C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 60623b63ffc4943561297e926656a846  C:\Program Files\Common Files\Apple\Internet Services\AOSKit.dll
MD5: d5543e09953c8a8b12801a3a7afee155  C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MD5: ed300ef217533c90157400883538d039  C:\Program Files\Common Files\Apple\Internet Services\iCloudServices_main.dll
MD5: 30e3850f303eae5c364782ea78579cc9  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 2ee693be96c0d9e885cbc0fac177d379  C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 5b6e8e09be6401a7e022f52fdfcb2ff8  C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 883d87aa9d3c15c3d57b11babc180b4e  C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MD5: 8d01dbb06d4dbbc216b97cbc432987bf  C:\Program Files\Common Files\Western Digital\WD Update\WDUpdate.dll
MD5: 23a13fce5480e0637b7514961b8cfe14  C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
MD5: c36444d7301a8c881fc7296b092609c7  C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
MD5: 506708142bc63daba64f2d3ad1dcd5bf  C:\Program Files\Google\Update\GoogleUpdate.exe
MD5: 9a495ae86a09dd987249b6c852a4290f  C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe
MD5: 282cd20111b3df28e2f42feb693af2a1  C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationUI.dll
MD5: ce5c9977da751ddc30952ac4dcbca788  C:\Program Files\HP\HP Software Update\hpwuschd2.exe
MD5: 1ff6c24219df90a657737f31a448ead4  C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll
MD5: b3e0c20a53d6a55590468b33aa9bc525  C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
MD5: 204a73a56751c68c6031e9d5d611ec98  C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
MD5: c0e7898090d81772ea927e9a3c71817c  C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
MD5: 77b09c2c6f407531447da75e3acd1c5b  C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: e50a1db5de70d656287511297b42f9f2  C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: e50a1db5de70d656287511297b42f9f2  C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: e50a1db5de70d656287511297b42f9f2  C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: e50a1db5de70d656287511297b42f9f2  C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: e50a1db5de70d656287511297b42f9f2  C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 066f2bbe2eec9a42b065b552bf356b4e  C:\Program Files\iPod\bin\iPodService.exe
MD5: 3af35def61c817aa7c62904e9cc6f56c  C:\Program Files\iTunes\iTunesHelper.dll
MD5: baf535f843a3e790e04a7613811b55bc  C:\Program Files\iTunes\iTunesHelper.exe
MD5: dfe23f802a5114ea471b0980e87fd183  C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: c12d1b8da3bffac2c76e60d9abd17a1c  C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 9d4a0b314cb9cf134ca27e1e0217e51e  C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: f1cd6e22e5ae5ceeb7712e546a5fc853  C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
MD5: 78964b1dd1264b8d66fbe08f5944868f  c:\program files\java\jre7\bin\jp2ssv.dll
MD5: 6768c724599214e4f9add9f8ff5097eb  C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
MD5: 9db03d7693c4a9f9336f4fe746f8885a  c:\program files\java\jre7\bin\ssv.dll
MD5: b7b5218a789b924c1de01cb8497fae31  C:\Program Files\Microsoft IntelliPoint\Components\Commands\dpghnt\dpghnt.dll
MD5: 4d147ea8cdf0700e77f8d9393c9f4265  C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll
MD5: 1aefc7f1beba19b055be502b7c12c1fd  C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
MD5: 3065bbba85e30284a77643745c57c8db  C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
MD5: 7a7d4000c9443350383f0fdfb7a1c12e  C:\Program Files\Microsoft IntelliPoint\ipoint.exe
MD5: d7b47d16d7ed77f0e44a914d3a8f0326  C:\Program Files\Microsoft IntelliPoint\ipres.dll
MD5: d057af42c556fc785ff465e97625b913  C:\Program Files\Microsoft IntelliPoint\srres.dll
MD5: ee9b19e9ec212243e7a252ca200fb482  C:\Program Files\Microsoft Lync\communicator.exe
MD5: 43a0ac7dbb7ee9baf1a03472e3684275  c:\program files\microsoft lync\ochelper.dll
MD5: 676ccc08d9e9a3f4ca39cb04e97048df  C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MD5: 187f4c75a89e3f412322c94526320074  C:\Program Files\Microsoft Office\Office14\BCSSync.exe
MD5: 240c981735b054738a2a32178366166a  C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
MD5: d1f438e9dfd869b33d1edb635764c892  C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
MD5: e04a1418b6caa33ef61f7b4ae826fc94  c:\program files\microsoft office\office14\urlredir.dll
MD5: be501cbc29b2025a263d80d399f1797a  c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
MD5: 2e552b658273b90251e0441631de2ca3  C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
MD5: f1761c8fb2b25a32c6d63e36bb88c3ae  C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
MD5: 10d936dced9eacd1a1b3fcdda6d7a4eb  C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
MD5: 135cdccc167ef0c250125bbd3abe18d5  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
MD5: a892134c28777978ecde8283dc57ac0f  C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
MD5: d6ea06724fb70c98c43eab1f9a7e541a  C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
MD5: 666a76d8ed0a06c9404da0d546bf3627  C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll
MD5: 1eea6c1b35191dc177ea83672b9c3fc0  C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 8439cd841764fc1d7b1059a21021bdca  C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 1fd37aec631eef547ff6c93151c21a5b  C:\Program Files\Mozilla Firefox\gkmedias.dll
MD5: 454830b2ff549241e4b09cd291f4b59d  C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: ab7ebfd1d7fe626612d1e815fe4e6df4  C:\Program Files\Mozilla Firefox\mozglue.dll
MD5: 8a6087b231b529ef6186cd0179b16032  C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: 03e9314004f504a14a61c3d364b62f66  C:\Program Files\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1  C:\Program Files\Mozilla Firefox\MSVCR100.dll
MD5: 2545f8fa1ba4417308df63b952d66fa1  C:\Program Files\Mozilla Firefox\nss3.dll
MD5: cf618ddc43b1f48959275961d0142615  C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 689a9eff35da52f70849fdb25034174f  C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 0dd74786d22edff0ce5b8e1b1e398618  C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 3ccde061fcf24625cd49ad6e8aba7ced  C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
MD5: e50a1db5de70d656287511297b42f9f2  C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: e50a1db5de70d656287511297b42f9f2  C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: e50a1db5de70d656287511297b42f9f2  C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: e50a1db5de70d656287511297b42f9f2  C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: e50a1db5de70d656287511297b42f9f2  C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: a6f5aa4bd602cda7b0a375a6a48d715d  C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: de2345b8cbcc6366e20848ec22278cb6  C:\Program Files\Mozilla Firefox\xul.dll
MD5: 3b9398e0146855b1dc0e3d9769c80f01  C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 9accbc5891ba51b5b29c1a88f80d4ce3  C:\Program Files\QuickTime\QTTask.exe
MD5: b8f08c36909f95f0bd8882d8d0537d4f  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: afa293dae84019bb65e17f926e9f5185  C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
MD5: 31e3cdeabd9f89aed78c08a391d6a7d2  C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
MD5: 3a164e4c3f453230b6f6c3bd319d83c1  C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
MD5: c36444d7301a8c881fc7296b092609c7  C:\Users\hw\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
MD5: c9e3864fb9cbfa93d9010bcfe18a5697  C:\Users\hw\AppData\Roaming\Mozilla\Firefox\Profiles\04oi6fqk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 9ccda677011f4a5c54376cf520575097  C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MD5: 2fae9744391ba80df7a4a4a62ee1d1f8  C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MD5: 9ca9b77853199dbc7a5fff2ad2f99e6a  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MD5: 02d9001cc182e37508d55bbbf32d8064  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MD5: 90ba68ec03ceedee492c68233e01fd54  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MD5: 62abded195b34d46af5904d590cbd344  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MD5: ecac4b0e50f934bd91df150950d638fb  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MD5: dcbe1afe0383e64fe4e789ca9e80cf79  C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MD5: 47600d264616f0d1b729be79b3d28f49  C:\Windows\Downloaded Program Files\gwCID.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67  c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: b20b18df8eb3c821e071541fc3dff1ab  C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: 07bbb3cbb86d2626b46bc1d210c4781b  C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: bfdeda37de512bdee122f8339dbfe711  C:\Windows\Microsoft.NET\Framework\v4.0.30319\culture.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: a7a7da4d6c44660852d058635b83b108  C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: 15673bd0b86150cb8e27766059c72a9b  C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
MD5: 7c8d84a7aea23cd018564e0a48e1c2ca  C:\Windows\SMINST\launcher.exe
MD5: 485a4912b2d639694f836451a2b30435  C:\Windows\sttray.exe
MD5: 8ed60797908fd394eee0d6949f493224  C:\Windows\system32\agrsmsvc.exe
MD5: 3467178ae878796650290ca54361c810  c:\windows\system32\bae.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53  C:\Windows\system32\cmd.exe
MD5: 0317420d419e1885894b3ed9d375d245  C:\Windows\system32\CRYPT32.dll
MD5: 684c130bbc6db681bad4920a4c944aa5  C:\Windows\system32\cryptsvc.dll
MD5: 85e861d0b88db2b54acb0839654c09f7  C:\Windows\system32\DNSAPI.dll
MD5: 57d762f6f5974af0da2be88a3349baaa  C:\Windows\System32\dnsrslvr.dll
MD5: 062373995eae5f0eac9eaa9192136bfb  C:\Windows\system32\dnssd.dll
MD5: 3911b972b55fea0478476b2e777b29fa  C:\Windows\system32\drivers\afd.sys
MD5: a2be7e717d1b4decbfd56e2c83e4a92e  C:\Windows\system32\DRIVERS\BcmBusCtr.sys
MD5: 35f376253f687bde63976ccb3f2108ca  C:\Windows\system32\DRIVERS\bowser.sys
MD5: 8be938fe04e3a9d091f379c1d5f4b873  C:\Windows\system32\DRIVERS\cm_net.sys
MD5: 33f77f7cb2c2efe34b3bc9cc716f73f3  C:\Windows\system32\DRIVERS\cm_ser.sys
MD5: 622c41a07ca7e6dd91770f50d532cb6c  C:\Windows\System32\Drivers\dfsc.sys
MD5: 477f7addef02a8242744417bf90e8e33  C:\Windows\system32\DRIVERS\drxvi314.sys
MD5: 988670d8343ef9835fb3659db71b2efa  C:\Windows\System32\drivers\dxgkrnl.sys
MD5: 185ada973b5020655cee342059a86cbb  C:\Windows\System32\Drivers\GEARAspiWDM.sys
MD5: 8318e04a6455ced1020bcc5039b62cfa  C:\Windows\system32\DRIVERS\ialmnt5.sys
MD5: 2358c53f30cb9dcd1d3843c4e2f299b2  C:\Windows\system32\DRIVERS\iaStor.sys
MD5: 9378d57e2b96c0a185d844770ad49948  C:\Windows\system32\DRIVERS\igdkmd32.sys
MD5: 2ad446e7a867c48099227415dd66fb34  C:\Windows\system32\DRIVERS\kl1.sys
MD5: ad9e4c3462714800953112496e785d1b  C:\Windows\system32\DRIVERS\klif.sys
MD5: 4a1445efa932a3baf5bdb02d7131ee20  C:\Windows\System32\Drivers\ksecdd.sys
MD5: ce5a453095127fba8355322cbb1a995f  C:\Windows\system32\DRIVERS\motccgp.sys
MD5: aad6191a4daa519f04ab12b2af73e356  C:\Windows\system32\DRIVERS\motccgpfl.sys
MD5: 49bc2ea84db5320b880a222e6e11b28b  C:\Windows\system32\DRIVERS\motmodem.sys
MD5: 49bc2ea84db5320b880a222e6e11b28b  C:\Windows\system32\DRIVERS\motport.sys
MD5: 1e94971c4b446ab2290deb71d01cf0c2  C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 4fccb34d793b116423209c0f8b7a3b03  C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: c3cb1b40ad4a0124d617a1199b0b9d7c  C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: 6e9edc1020b319e7676387b8cdf2398c  C:\Windows\system32\DRIVERS\NETw2v32.sys
MD5: 35d5458d9a1b26b2005abffbf4c1c5e7  C:\Windows\system32\DRIVERS\NETw3v32.sys
MD5: cb3af516a6797b27725e3f1e73f3496c  C:\Windows\system32\DRIVERS\NETw4v32.sys
MD5: b9c2b89f08670e159f7181891e449cd9  C:\Windows\System32\drivers\partmgr.sys
MD5: 1961590aa191b6b7dcf18a6a693af7b8  C:\Windows\System32\Drivers\PCASp50.sys
MD5: b7c5a8769541900f6dfa6fe0c5e4d513  C:\Windows\system32\DRIVERS\pcmcia.sys
MD5: 437827d69040c0c2565d47b024ed5372  C:\Windows\system32\DRIVERS\point32k.sys
MD5: 616eac1b0e48b236a5a9b8ae07fdb81c  C:\Windows\System32\Drivers\RimUsb.sys
MD5: 75e8a6bfa7374aba833ae92bf41ae4e6  C:\Windows\System32\Drivers\RootMdm.sys
MD5: 6a7360e36cbd636972aeef0dd292a946  C:\Windows\system32\DRIVERS\RsFx0105.sys
MD5: 2d19a7469ea19993d0c12e627f4530bc  C:\Windows\system32\DRIVERS\Rtlh86.sys
MD5: 4f31cfdebd0a5bc27d45e7ebfefaaf6f  C:\Windows\system32\drivers\RTSTOR.SYS
MD5: 126ea89bcc413ee45e3004fb0764888f  C:\Windows\system32\DRIVERS\sdbus.sys
MD5: ef70b3d22b4bffda6ea851ecb063efaa  C:\Windows\system32\DRIVERS\serscan.sys
MD5: 41987f9fc0e61adf54f581e15029ad91  C:\Windows\System32\DRIVERS\srv.sys
MD5: ff33aff99564b1aa534f58868cbe41ef  C:\Windows\System32\DRIVERS\srv2.sys
MD5: 7605c0e1d01a08f3ecd743f38b834a44  C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 5af135b2e2097d4494b9067ce84e2665  C:\Windows\system32\drivers\stwrt.sys
MD5: 851681f7d3200e2a646c5ee4d4e9883d  C:\Windows\System32\drivers\swmsflt.sys
MD5: ca27e8ce559a9c0acc4f9ea468acf414  C:\Windows\system32\DRIVERS\swnc8u80.sys
MD5: e0042a561eeed484b5c831c2a50b7e8b  C:\Windows\system32\DRIVERS\swumx80.sys
MD5: 21470bf105b96ded47e99e1ee7495e8f  C:\Windows\system32\DRIVERS\SynTP.sys
MD5: 6d0d344f643e28b31262ac2682109a3c  C:\Windows\System32\drivers\tcpip.sys
MD5: 5877a786ef27e42c4e84d1356f922302  C:\Windows\System32\drivers\tcpipreg.sys
MD5: f4eaa7ecbcb25de901c9b7f2cdcda0b3  C:\Windows\System32\DRIVERS\tssecsrv.sys
MD5: 6e421ccc57059b0186c6259ca3b6dfc9  C:\Windows\System32\Drivers\usbaapl.sys
MD5: aab0b5f72d2d726fbfdc895a2902de1d  C:\Windows\system32\DRIVERS\usbccgp.sys
MD5: 153e8515cb86f8bb5d1a8b478ebf4bb2  C:\Windows\system32\DRIVERS\usbehci.sys
MD5: 2ae6bcebd85d31317e433733daf25888  C:\Windows\system32\DRIVERS\usbhub.sys
MD5: 44056325428a8e4c755830426e29878f  C:\Windows\system32\DRIVERS\usbuhci.sys
MD5: 73ff24e21b690625a58109637dda0df7  C:\Windows\System32\Drivers\usbvideo.sys
MD5: 7b8424bbaafbc127c8f55ad6007d6d6b  C:\Windows\System32\Drivers\UVCFTR_S.SYS
MD5: 786db5771f05ef300390399f626bf30a  C:\Windows\system32\drivers\volsnap.sys
MD5: ad4ca8f4d17cb62e0a0d9af47b738cf4  C:\Windows\system32\DRIVERS\vsdatant.sys
MD5: 0a716c08cb13c3a8f4f51e882dbf7416  C:\Windows\system32\DRIVERS\wanatw4.sys
MD5: 25944d2cc49e0a6c581d02a74b7d6645  C:\Windows\system32\drivers\Wdf01000.sys
MD5: 4422ac5ed8d4c2f0db63e71d4c069dd7  C:\Windows\system32\DRIVERS\WSDPrint.sys
MD5: 06e6f32c8d0a3f66d956f57b43a2e070  C:\Windows\system32\drivers\WudfPf.sys
MD5: 867c301e8b790040ae9cf6486e8041df  C:\Windows\system32\DRIVERS\WUDFRd.sys
MD5: 7d1f3b131d503ef43ee594b5a2b9b427  C:\Windows\system32\DRIVERS\yk60x86.sys
MD5: 9bd443b52350d2784544b637f103ebcf  C:\Windows\system32\dwrite.dll
MD5: abaeaee763e287bdd39094c4165e1f3f  C:\Windows\system32\fdproxy.dll
MD5: 2afa3a46986ae935daecebc7e66314cf  C:\Windows\system32\FntCache.dll
MD5: ee16f3e01c4a6c77383f1bbbd10ad6c2  C:\Windows\System32\fwpuclnt.dll
MD5: 872363237f24bcb03d73e2a3b4fbf38d  C:\Windows\system32\GDI32.dll
MD5: 03f2078a0af7e12fd294d36541a57eca  C:\Windows\System32\hccutils.DLL
MD5: 5f529fbb095cbc9f14bb1e97a7a6b547  C:\Windows\System32\hkcmd.exe
MD5: b231416dd7569b5c16f2dd2d2d64bb5a  C:\Windows\system32\ieframe.dll
MD5: b787ee3f327abac1ec47313b3a673598  C:\Windows\system32\iertutil.dll
MD5: 784485b6bf7f0156d3cf64e8a91d1ce6  C:\Windows\system32\igdumd32.dll
MD5: 6b01dad4cb6b2bb507a268dd0dfef04f  C:\Windows\system32\igfxdev.dll
MD5: d8a33af26e4143f7a892009890bb6f64  C:\Windows\System32\igfxpers.exe
MD5: d0e997dd37fdf2b7951c96c71b99f14c  C:\Windows\system32\igfxrENU.lrc
MD5: 65c4ecda9f77735b26d3459df535db81  C:\Windows\system32\igfxsrvc.dll
MD5: 734006a2db2404138f2c1a2cb86d32ef  C:\Windows\System32\igfxsrvc.exe
MD5: 412c0e1b515ab44f45037cd495d6a1be  C:\Windows\system32\igfxTMM.dll
MD5: 7f7b42b1ba42242116f5b277a063fe2e  C:\Windows\system32\igfxtray.exe
MD5: 4687ee0c0dd2ce5f7aaa9c2e33c1dc78  C:\Windows\System32\ikeext.dll
MD5: dc2fe300b941d6330d7475c977c4c5e9  C:\Windows\system32\imaadp32.acm
MD5: 09ea40f4dad2edb3587e5e0baa9c3e15  C:\Windows\system32\imagehlp.dll
MD5: dc3105cc925a0d47f61b54e66ab730fc  C:\Windows\system32\kernel32.dll
MD5: 861797d3c83a6eba05fb2c63b1a45e82  C:\Windows\system32\ksproxy.ax
MD5: a3e186b4b935905b829219502557314e  C:\Windows\system32\lsass.exe
MD5: 1ba1ab4141a92eb34da99f1249ca2d4d  C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: f891089a6ab9e12fedebcc5ec0f40d66  C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
MD5: ef24642d5fb52a1eef56de9e47cbb993  C:\Windows\system32\MFC42.dll
MD5: 1b593fbb763150bd225df266c69a9329  C:\Windows\system32\MFC42u.DLL
MD5: ce761566eada0509f02e4afdb09b62e4  C:\Windows\system32\msadp32.acm
MD5: 4177ea05e1215ebe0405c18bff463473  C:\Windows\system32\msg711.acm
MD5: 13acfd3f412cd31aca8387911c80a9e2  C:\Windows\system32\msgsm32.acm
MD5: 0e37fbfa79d349d672456923ec5fbbe3  C:\Windows\system32\MSVCR100.dll
MD5: 17af64d727545f2804f6e6d998327e3f  C:\Windows\system32\msvcrt.dll
MD5: 6abd253226770eae1292b4c945ed4b4b  C:\Windows\System32\msxml3.dll
MD5: 13cc59c1b04e9f20a87987c68cd4be3f  C:\Windows\system32\ncrypt.dll
MD5: 98b656eaf128cd06f625b09c84d959e1  C:\Windows\system32\NETAPI32.dll
MD5: b9fdff876b0e7b4fecbaa5708c6ed616  C:\Windows\system32\ntdll.dll
MD5: 862363973dcbcc31dd161ef41a69153c  C:\Windows\system32\ODBC32.dll
MD5: 9586e7cb2255a8b097a7e4538202585e  C:\Windows\system32\ole32.dll
MD5: dc15ab7168c0309d8f04fd95b6240422  C:\Windows\system32\OLEACC.dll
MD5: b218342214d9bba0f54ea12ba2e9278c  C:\Windows\system32\OLEAUT32.dll
MD5: 4a1feebf039b283258b0e479fa135dba  C:\Windows\System32\osbaseln.dll
MD5: a14f25f62e84c6b4a178a1cfd9b47222  C:\Windows\system32\qcap.dll
MD5: c43decdac58c0a43e0376a216590f40a  C:\Windows\system32\quartz.dll
MD5: 5a32d90a3d3d63e9011869a07a720ab3  C:\Windows\system32\Ribbons.scr
MD5: ab530fdd34c67b497a20171d1234cfe9  C:\Windows\system32\RICHED32.DLL
MD5: e389c328ac7fe5673593ecad269e7a54  C:\Windows\system32\RPCRT4.dll
MD5: 50e3e76b0901bb4fc029bb88bfa5ce79  C:\Windows\system32\schannel.dll
MD5: 1a58069db21d05eb2ab58ee5753ebe8d  C:\Windows\system32\schedsvc.dll
MD5: d602fedbd9155fc2ded6863fb60c950f  C:\Windows\system32\Secur32.dll
MD5: 167ac31450c0c53a01fa1491e94d7678  C:\Windows\system32\SHDOCVW.dll
MD5: aaf101900a23d75ae1ae00840fa6f3b8  C:\Windows\system32\SHELL32.dll
MD5: 420b075cd71ab9e58d15dd258958fba3  C:\Windows\system32\SHLWAPI.dll
MD5: c7230fbee14437716701c15be02c27b8  C:\Windows\System32\shsvcs.dll
MD5: 8554097e5136c3bf9f69fe578a1b35f4  C:\Windows\System32\spoolsv.exe
MD5: 1bf5eebfd518dd7298434d8c862f825d  C:\Windows\System32\srvsvc.dll
MD5: bf47ed87eadbf5e31f7e95d7cd2369d7  C:\Windows\system32\stapi32.dll
MD5: f2b4a9d0d0e1fbf6cca824ea0a76ffc0  C:\Windows\system32\STLang.dll
MD5: b5950df243837d8217f4e597919b224a  C:\Windows\system32\stobject.dll
MD5: 3d50c4b10352367d5cb20ed1f50f8da2  C:\Windows\System32\taskeng.exe
MD5: 52e129522c1775dbb8cc252e7a0655c7  C:\Windows\system32\taskschd.dll
MD5: 5aafa41f2a09d68f43741ef13937650a  C:\Windows\system32\urlmon.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b  C:\Windows\system32\USP10.dll
MD5: 012e22681a63d2bf405e6f15ef80bfd3  C:\Windows\system32\vidcap.ax
MD5: 5193de33f3284c447e0d31dafbf92570  c:\windows\system32\webcheck.dll
MD5: dbd02e3e6f061ebbbf9b99a9d7cba30b  C:\Windows\system32\winhttp.dll
MD5: 4cc9df09c3d915ba0a101a11db684f26  C:\Windows\system32\WININET.dll
MD5: 14ff750efe13b0c21e5a06507c3a97b1  C:\Windows\system32\WINMM.dll
MD5: 3fcb7347d2de38488c85a31ea7838a3c  C:\Windows\system32\WinSATAPI.dll
MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475  C:\Windows\system32\WINSPOOL.DRV
MD5: d16a740186870c32941c0e61df4f1298  C:\Windows\system32\WINTRUST.dll
MD5: fc3ec24fce372c89423e015a2ac1a31e  C:\Windows\system32\wuaueng.dll
MD5: fe47b7bc8ea320c2d9b5e5bf6e303765  C:\Windows\System32\WUDFSvc.dll
MD5: 1908cc7673f72601affdca022689cedf  C:\Windows\system32\XmlLite.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc  C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4  C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2  C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16  C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9  C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: 9474ad3584430d24da87517f9db0cbb2  C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18879_none_88f80d1769beeaec\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6  C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: 040015b18f6779c25160a7854113cf50  C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll

No file uploaded.
 

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 1.38 KB recvd
Scanned 728 files and modules - 41 seconds

==============================================================================
 

You asked how my system seems to be running. It still seems weird to me, and it still takes a noticably delayed time to access web pages compared to when I first said things were faster. Plus, I still get the turning circle in place of the arrow icon on websites, even when I am not clicking anything at all. It seems like something is still running in the background, when I did not notice this before the problem started.

 

Again, I want to thank you for your help. I know this is a time-consuming process for you, so I am very grateful you are walking me through it.

 

Many thanks,

hw


Edited by hw31027, 28 December 2013 - 01:06 AM.


#12 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 December 2013 - 09:48 AM

This is just my opinion, but there is really very little use for Java any longer for the average home user.   I have not had it on my system in a couple of years with no change in my ability to do what I want.  Not only that, Java has been exploited by malware so much lately I would not have it on my system.  These are just my opinions though.  :)
 
ttLR1ki.jpg

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------


Posted Image
 
 

#13 hw31027

hw31027

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 28 December 2013 - 04:22 PM

Hi Jeff!

 

If Java isn't necessary, I would like to get rid of it completely. Would you be willing to walk me through that process so that it's gone on all 3 browsers?

 

Also, I forgot to tell you that earlier in 2013, I ran TDSSkiller and it said I had an infection that it quarantined. I believe that was linked to my downloading Paltalk at that time, because it started causing a lot of crash dumps (with the blue screen) and so I uninstalled the program but still get the crash dumps sometimes This was in March 2013 or so. Are these files still on the computer even though they are quarantined? Is there something I should do to get rid of those files or to make sure Paltalk is completely gone?

 

Finally, I don't know if you are allowed to recommend specific antivirus/firewall protection, but I would be interested in knowing what you use. I just want to make sure I am using the best thing to prevent this type of thing from happening again. I had been using Norton 360 for a few years, but it go so expensive that I decided to go with ZoneAlarm. However, I am not adverse to paying for a program if it will provide better protection than what I use now.

 

Thanks again. Here are the logs from OTL. I will place them in this post and the next.

 

Many thanks,

hw

 

OTL.txt:

 

OTL logfile created on: 12/28/2013 4:56:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hw\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 63.97% Memory free
6.18 Gb Paging File | 5.08 Gb Available in Paging File | 82.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.12 Gb Total Space | 59.77 Gb Free Space | 43.59% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 5.13 Gb Free Space | 43.05% Space Free | Partition Type: NTFS
 
Computer Name: HW-LAPTOP | User Name: hw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\hw\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe ()
PRC - C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
PRC - C:\Windows\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (TWCRcAppSvc) -- C:\Program Files\Time Warner Cable\Connection Manager\RcAppSvc.exe /n TWCRcAppSvc File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WDBackup) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
SRV - (WDDriveService) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ZAPrivacyService) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PCTINDIS5) -- C:\Windows\system32\PCTINDIS5.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (70700883) --  File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (RsFx0105) -- C:\Windows\System32\drivers\RsFx0105.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (bcmbusctr) -- C:\Windows\System32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
DRV - (bcm) -- C:\Windows\System32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()
DRV - (cm_net) -- C:\Windows\System32\drivers\cm_net.sys (C-motech Co.,Ltd.)
DRV - (cm_ser) -- C:\Windows\System32\drivers\cm_ser.sys (C-motech Co.,Ltd.)
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (SWUMX80) -- C:\Windows\System32\drivers\swumx80.sys (Sierra Wireless Inc.)
DRV - (SWNC8U80) -- C:\Windows\System32\drivers\swnc8u80.sys (Sierra Wireless Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=M-6843
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {5A23ECE0-B91D-4D8E-AEC6-DB55DDEE7C22}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5A23ECE0-B91D-4D8E-AEC6-DB55DDEE7C22}: "URL" = http://www.google.co...&rlz=1I7GWYE_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hw\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hw\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/21 20:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 20:49:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/21 20:49:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 20:49:47 | 000,000,000 | ---D | M]
 
[2011/08/08 16:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hw\AppData\Roaming\Mozilla\Extensions
[2013/12/28 01:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hw\AppData\Roaming\Mozilla\Firefox\Profiles\04oi6fqk.default\extensions
[2013/12/28 01:46:20 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\hw\AppData\Roaming\Mozilla\Firefox\Profiles\04oi6fqk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/05/12 20:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hw\AppData\Roaming\Mozilla\SeaMonkey\Profiles\o2ejr7pq.default\extensions
[2012/05/12 20:33:15 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\hw\AppData\Roaming\Mozilla\SeaMonkey\Profiles\o2ejr7pq.default\extensions\inspector@mozilla.org
[2013/12/21 20:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/21 20:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/21 20:49:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/05 10:01:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/10/28 17:12:06 | 000,032,440 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hw\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\hw\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\hw\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Lync 2010 Meeting Join Plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\hw\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\hw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\hw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\hw\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\hw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\hw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\hw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/12/25 01:23:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [HP ENVY 110 series (NET)] C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EDB39C0-CB73-403E-8FE8-C5E032813A43}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/28 01:47:05 | 000,000,000 | ---D | C] -- C:\Users\hw\AppData\Roaming\QuickScan
[2013/12/27 20:27:20 | 002,347,384 | ---- | C] (ESET) -- C:\Users\hw\Desktop\esetsmartinstaller_enu.exe
[2013/12/26 22:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/26 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/12/26 22:23:09 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/12/26 22:22:13 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/12/26 22:22:13 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/12/26 22:22:13 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/12/26 22:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/25 01:31:02 | 000,000,000 | ---D | C] -- C:\Users\hw\AppData\Local\temp
[2013/12/25 01:24:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/12/25 01:21:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/25 00:09:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/25 00:09:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/25 00:09:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/24 23:50:26 | 005,158,070 | R--- | C] (Swearware) -- C:\Users\hw\Desktop\ComboFix.exe
[2013/12/24 23:42:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/24 23:41:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/12/23 18:53:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/21 20:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/12 16:33:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/12 16:33:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/12 16:33:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/12 16:33:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/12/12 16:33:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/12 16:33:20 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/12 16:33:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/12/12 16:33:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/11 03:59:12 | 000,000,000 | ---D | C] -- C:\Users\hw\AppData\Roaming\Origin
[2013/12/11 03:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/12/11 03:47:29 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/11 03:47:26 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013/12/11 03:47:26 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/11 03:47:26 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/11 03:47:21 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/11 03:47:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013/12/06 02:33:57 | 000,000,000 | ---D | C] -- C:\Users\hw\GIFS
[1 C:\Users\hw\Documents\*.tmp files -> C:\Users\hw\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/28 16:58:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/28 16:55:11 | 000,000,840 | ---- | M] () -- C:\Users\hw\Desktop\OTL.exe - Shortcut.lnk
[2013/12/28 16:26:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-771374111-2616422062-1020362605-1000UA.job
[2013/12/28 16:18:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/28 15:20:58 | 000,008,192 | ---- | M] () -- C:\Windows\System32\WDPABKP.dat
[2013/12/28 15:20:55 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/12/28 15:20:47 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/28 15:20:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/28 15:20:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/28 15:20:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/28 02:25:32 | 000,002,619 | ---- | M] () -- C:\Users\hw\Desktop\Microsoft Outlook 2010.lnk
[2013/12/27 20:28:30 | 002,347,384 | ---- | M] (ESET) -- C:\Users\hw\Desktop\esetsmartinstaller_enu.exe
[2013/12/27 20:20:50 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-771374111-2616422062-1020362605-1000Core.job
[2013/12/26 22:21:52 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/12/26 22:21:39 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/12/26 22:21:39 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/12/26 22:21:39 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/12/26 15:40:42 | 000,002,442 | ---- | M] () -- C:\Users\hw\Desktop\attach.zip
[2013/12/26 15:13:46 | 000,000,859 | ---- | M] () -- C:\Users\hw\Desktop\dds(3).scr - Shortcut.lnk
[2013/12/25 01:23:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/12/24 23:38:23 | 000,000,871 | ---- | M] () -- C:\Users\hw\Desktop\ComboFix.exe - Shortcut.lnk
[2013/12/24 23:38:08 | 005,158,070 | R--- | M] (Swearware) -- C:\Users\hw\Desktop\ComboFix.exe
[2013/12/23 19:06:29 | 000,000,896 | ---- | M] () -- C:\Users\hw\Desktop\AdwCleaner(1).exe - Shortcut.lnk
[2013/12/22 19:04:54 | 000,002,613 | ---- | M] () -- C:\Users\hw\Desktop\Microsoft Word 2010.lnk
[2013/12/19 17:17:40 | 002,791,596 | ---- | M] () -- C:\Users\hw\Documents\Test20004.pdf
[2013/12/17 14:48:03 | 000,139,907 | ---- | M] () -- C:\Users\hw\Documents\ExperianCreditReport.pdf
[2013/12/17 14:44:23 | 000,191,763 | ---- | M] () -- C:\Users\hw\Documents\EquifaxCreditReport.pdf
[2013/12/17 14:37:59 | 000,168,097 | ---- | M] () -- C:\Users\hw\Documents\TransunionCreditReport.pdf
[2013/12/17 14:29:57 | 000,022,969 | -H-- | M] () -- C:\Windows\System32\BTImages.dat
[2013/12/15 16:00:32 | 000,002,571 | ---- | M] () -- C:\Users\hw\Desktop\Microsoft Excel 2010.lnk
[2013/12/14 01:12:54 | 000,037,799 | ---- | M] () -- C:\Users\hw\Documents\456116683.jpg
[2013/12/13 03:26:17 | 000,381,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/11 19:26:57 | 000,166,492 | ---- | M] () -- C:\Users\hw\Documents\TriFexisRebateForm.pdf
[2013/12/11 01:18:15 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/11 01:18:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/05 19:33:15 | 000,002,070 | ---- | M] () -- C:\Users\hw\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/05 19:33:13 | 000,002,068 | ---- | M] () -- C:\Users\hw\Desktop\Google Chrome.lnk
[2013/12/04 22:55:37 | 000,000,058 | ---- | M] () -- C:\Users\hw\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2013/11/28 19:18:15 | 000,004,080 | ---- | M] () -- C:\Users\hw\Documents\images.jpg
[2013/11/28 19:11:25 | 000,002,519 | ---- | M] () -- C:\Users\hw\Desktop\Microsoft Office Picture Manager.lnk
[1 C:\Users\hw\Documents\*.tmp files -> C:\Users\hw\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/28 16:55:11 | 000,000,840 | ---- | C] () -- C:\Users\hw\Desktop\OTL.exe - Shortcut.lnk
[2013/12/26 15:40:42 | 000,002,442 | ---- | C] () -- C:\Users\hw\Desktop\attach.zip
[2013/12/26 15:24:00 | 000,008,192 | ---- | C] () -- C:\Windows\System32\WDPABKP.dat
[2013/12/26 15:13:46 | 000,000,859 | ---- | C] () -- C:\Users\hw\Desktop\dds(3).scr - Shortcut.lnk
[2013/12/25 00:09:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/25 00:09:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/25 00:09:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/25 00:09:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/25 00:09:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/24 23:38:23 | 000,000,871 | ---- | C] () -- C:\Users\hw\Desktop\ComboFix.exe - Shortcut.lnk
[2013/12/23 19:06:29 | 000,000,896 | ---- | C] () -- C:\Users\hw\Desktop\AdwCleaner(1).exe - Shortcut.lnk
[2013/12/19 17:17:35 | 002,791,596 | ---- | C] () -- C:\Users\hw\Documents\Test20004.pdf
[2013/12/17 14:48:15 | 000,139,907 | ---- | C] () -- C:\Users\hw\Documents\ExperianCreditReport.pdf
[2013/12/17 14:44:23 | 000,191,763 | ---- | C] () -- C:\Users\hw\Documents\EquifaxCreditReport.pdf
[2013/12/17 14:37:59 | 000,168,097 | ---- | C] () -- C:\Users\hw\Documents\TransunionCreditReport.pdf
[2013/12/14 01:12:19 | 000,037,799 | ---- | C] () -- C:\Users\hw\Documents\456116683.jpg
[2013/12/11 19:26:57 | 000,166,492 | ---- | C] () -- C:\Users\hw\Documents\TriFexisRebateForm.pdf
[2013/11/28 19:12:07 | 000,004,080 | ---- | C] () -- C:\Users\hw\Documents\images.jpg
[2013/11/19 18:15:23 | 000,022,969 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2013/10/06 16:54:05 | 000,000,058 | ---- | C] () -- C:\Users\hw\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2013/04/15 21:54:42 | 000,000,680 | ---- | C] () -- C:\Users\hw\AppData\Local\d3d9caps.dat
[2013/03/22 22:27:11 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/11/17 18:47:15 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/08/08 07:48:11 | 000,001,940 | ---- | C] () -- C:\Users\hw\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/13 17:17:41 | 000,004,096 | -H-- | C] () -- C:\Users\hw\AppData\Local\keyfile3.drm
[2009/07/02 13:10:56 | 000,003,584 | ---- | C] () -- C:\Users\hw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/18 21:32:36 | 000,000,410 | ---- | C] () -- C:\Users\hw\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/11/23 15:40:10 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/06/24 13:51:16 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013/11/18 14:24:05 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\com.polycom.cmad
[2013/10/06 16:54:05 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\DonationCoder
[2008/09/24 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\GetRightToGo
[2012/05/12 20:28:05 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\IrfanView
[2008/09/19 10:07:23 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\Opera
[2013/09/06 17:06:16 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\Oracle
[2013/12/11 04:16:26 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\Origin
[2013/03/09 21:12:01 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\Paltalk
[2013/05/27 16:38:07 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\PDAppFlex
[2013/11/19 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\Polycom CMA Desktop
[2013/12/28 01:47:08 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\QuickScan
[2008/09/19 09:45:08 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\SampleView
[2008/09/30 10:49:52 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\Sierra Wireless
[2008/09/18 22:08:41 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\Template
[2008/09/18 22:06:20 | 000,000,000 | ---D | M] -- C:\Users\hw\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 

< End of report >
 


Edited by hw31027, 28 December 2013 - 04:26 PM.


#14 hw31027

hw31027

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 28 December 2013 - 04:24 PM

And here is the info from the Extras.txt using OTL:

 

OTL Extras logfile created on: 12/28/2013 4:56:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hw\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 63.97% Memory free
6.18 Gb Paging File | 5.08 Gb Available in Paging File | 82.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.12 Gb Total Space | 59.77 Gb Free Space | 43.59% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 5.13 Gb Free Space | 43.05% Space Free | Partition Type: NTFS
 
Computer Name: HW-LAPTOP | User Name: hw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\opera.exe"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{91E779DE-2BEE-40A6-8D7B-ED64C9576041}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{AFC1557D-7053-47D8-98A4-6FBC166FB4E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E5F48CBE-0ADF-4CE6-9704-A9C140CDA253}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E4A55B1-82F5-4212-BA01-ADDEE3A2930D}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{1E0907ED-FC40-480F-B053-F25B82BAA677}" = dir=in | app=c:\program files\microsoft lync\ucmapi.exe |
"{2B334C4A-FE42-4EF8-B61A-38EC9B16E665}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{33738811-9F55-482D-8772-BE10EE4D5860}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{338697F9-31DD-4ED4-B6AE-5533577DD1D5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{35498F45-29DD-4B0C-BCC4-6A098700C9DF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3B5831D1-E32A-499C-BEB0-B7B5BE36D552}" = dir=in | app=c:\program files\microsoft lync\communicator.exe |
"{591C4578-030E-4284-B136-FC806E9879B7}" = dir=in | app=c:\program files\hp\hp envy 110 series\bin\hpnetworkcommunicator.exe |
"{5AB68DAA-988D-4055-91A2-2B56BE9C3239}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{661A32F0-CAEA-4B8A-B227-036131DFB0DA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1221790750\ee\aolsoftware.exe |
"{69D9DB4E-6C45-469B-961C-3C6FE0928A31}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{72233DEB-6368-4288-9821-2FD10659BBF4}" = protocol=17 | dir=in | app=c:\users\hw\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{7408B907-E6F2-4197-9086-13E57E8CABAC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{74FCA456-31CE-4EA4-8B5D-BBF92C202DE3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{7DF9F977-5241-4457-B3AB-AC82AB4CADB8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{92048084-B3B3-47D1-B1A7-2FDCF1832B58}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{B3E41721-F3E0-423E-B547-C5AC6425D0A0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B3F99C47-2795-4C89-A4E2-079EAF001CAB}" = dir=in | app=c:\program files\hp\hp envy 110 series\bin\devicesetup.exe |
"{BAFA4E80-DBF2-44AE-800D-226F9E97A0AA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BF1804C5-3EBF-43B4-9303-FFE5FD8C97E5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{C81C2AA4-283D-4842-B826-408B616D42AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF9FF497-3FEC-4B54-9AB4-4F2532A8661F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D23BD602-AAE9-485D-AFE0-8796A736E241}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1221790750\ee\aolsoftware.exe |
"{D4137924-911F-4F68-BE54-0EF36496FDF9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D50075B7-87B9-4A19-A4C1-E0934D1D33F4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D50BBC47-9D5E-49BA-A171-A943F42AD285}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6B2F20F-7F82-49D5-ACCD-8C464B663BA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DD26B23B-0D38-4288-AB96-43DC3C19D9F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EB944E99-F5F1-4446-AC5E-04504330DE55}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{EE86F6B6-7AAD-4E25-9214-E5EAB644C2AB}" = protocol=6 | dir=in | app=c:\users\hw\appdata\local\temp\wzse0.tmp\symnrt.exe |
"TCP Query User{1EF9BF86-F3CC-4571-A591-7A14A7F8595E}C:\users\hw\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\hw\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{25DA9565-218E-4B10-9470-79595A8CCB6E}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{6B75EB64-97E2-48D9-9E79-8111C879C379}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E17BE0D9-93FD-484F-87DE-1B723992CF48}C:\users\hw\appdata\local\temp\lmi535e.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\hw\appdata\local\temp\lmi535e.tmp\lmi_rescue.exe |
"UDP Query User{76E2259C-9BAC-4883-97D2-EE71491FAC01}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{D55440E2-60E1-477C-A15F-ACE6DA79D900}C:\users\hw\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\hw\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{EA5CD6B1-FC52-47D5-A9C1-DBA037E0E842}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F7D08E43-EC79-4D84-A214-CEC5AB99BB68}C:\users\hw\appdata\local\temp\lmi535e.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\hw\appdata\local\temp\lmi535e.tmp\lmi_rescue.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{507B1304-194A-4204-A9D9-9BAAF51EF760}" = WD Quick View
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{55938E68-F7B3-42B1-9317-60D44067869C}" = ZoneAlarm Antivirus
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
"{83298573-A6B6-42AB-A234-FE91CA2859C0}" = Microsoft SQL Server 2008 Native Client
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9B167C98-AC9C-418C-A82F-06438E6A4F35}" = HP ENVY 110 series Basic Device Software
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{ba99df5b-3e46-419e-81e2-544352772fda}" = WD SmartWare Installer
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB49B376-1136-44B4-83FA-036334B59937}" = OLYMPUS Master 2
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4444B31-E9E9-4389-B35D-41B5BCA5E9FB}" = HP ENVY 110 series Help
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{FDAEE697-A659-43C5-9520-6DA298EF021E}" = WD SmartWare
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ScreenshotCaptor_is1" = Screenshot Captor 4.7.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent gateway Master Uninstall" = Gateway Games
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/5/2013 10:30:45 PM | Computer Name = HW-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/5/2013 10:30:45 PM | Computer Name = HW-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020
 
Error - 5/5/2013 10:30:45 PM | Computer Name = HW-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error - 5/5/2013 11:05:17 PM | Computer Name = HW-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/5/2013 11:05:17 PM | Computer Name = HW-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2078916
 
Error - 5/5/2013 11:05:17 PM | Computer Name = HW-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2078916
 
Error - 5/5/2013 11:05:18 PM | Computer Name = HW-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/5/2013 11:05:19 PM | Computer Name = HW-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2080086
 
Error - 5/5/2013 11:05:19 PM | Computer Name = HW-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2080086
 
Error - 5/5/2013 11:05:21 PM | Computer Name = HW-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ Media Center Events ]
Error - 10/18/2011 12:42:16 PM | Computer Name = hw-laptop | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
[ System Events ]
Error - 12/26/2013 11:06:33 PM | Computer Name = hw-laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12/26/2013 11:39:51 PM | Computer Name = hw-laptop | Source = HTTP | ID = 15021
Description =
 
Error - 12/26/2013 11:40:56 PM | Computer Name = hw-laptop | Source = DCOM | ID = 10016
Description =
 
Error - 12/26/2013 11:41:27 PM | Computer Name = hw-laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12/27/2013 9:53:25 PM | Computer Name = hw-laptop | Source = HTTP | ID = 15021
Description =
 
Error - 12/27/2013 9:54:31 PM | Computer Name = hw-laptop | Source = DCOM | ID = 10016
Description =
 
Error - 12/27/2013 9:54:54 PM | Computer Name = hw-laptop | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12/28/2013 4:20:41 PM | Computer Name = hw-laptop | Source = HTTP | ID = 15021
Description =
 
Error - 12/28/2013 4:21:47 PM | Computer Name = hw-laptop | Source = DCOM | ID = 10016
Description =
 
Error - 12/28/2013 4:22:14 PM | Computer Name = hw-laptop | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
 



#15 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 December 2013 - 06:55 PM

If Java isn't necessary, I would like to get rid of it completely. Would you be willing to walk me through that process so that it's gone on all 3 browsers?

You can just remove it via Control Panel >> Programs and Features.  Anything else left over we can remove manually.  :)
 

Are these files still on the computer even though they are quarantined? Is there something I should do to get rid of those files or to make sure Paltalk is completely gone?

We can take of this when we remove our tools. 
 

I don't know if you are allowed to recommend specific antivirus/firewall protection, but I would be interested in knowing what you use.

Oh I can recommend anything that I like really, but the only things that I ever recommend are free and quality programs.  :)  I recommend using Avast or just Microsoft Security Essentials.  They are both free and very light on resources.  If I had to choose for my machine it would be Avast for a free antivirus program.  I will give you the download links below so you can look them over.  Quite honestly.....I would just remove ZoneAlarm all together. 
 
Microsoft Security Essentials
Avast
 
Get that done and then let me know if that improved your system at all.  I don't see anything really malware related jumping out at me in the logs.


Posted Image
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users