Jump to content


Photo

PC Checkup


  • This topic is locked This topic is locked
6 replies to this topic

#1 Flan

Flan

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 08 December 2012 - 07:27 PM

Hello, I just wanted to have my PC checked, nothing looks unusual, but many people use this PC so I just want to make sure it's fine.
I have read the FAQ already.
Thank you for your time.

Below are the logs.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:04:25 AM, on 12/8/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Users\MyriamMarcos\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.genieo.com/?v=w3i8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\MyriamMarcos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\MyriamMarcos\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12220 bytes


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by MyriamMarcos at 3:58:02 on 2012-12-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1671 [GMT -8:00]
.
AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.genieo.com/?v=w3i8
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
uRun: [Google Update] "C:\Users\MyriamMarcos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\MyriamMarcos\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{40290780-B60F-465B-B3D6-E1A406D8768B} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{40290780-B60F-465B-B3D6-E1A406D8768B}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{40290780-B60F-465B-B3D6-E1A406D8768B}\47D6F62696C656 : DHCPNameServer = 66.94.9.120 66.94.25.120
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-28 77952]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-28 38016]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2012-12-8 85048]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2012-12-8 66104]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-10-20 13616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-28 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-28 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2012-8-30 202328]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-8 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-8 676936]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-5-1 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-8 25928]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-1 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-20 425064]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-5-1 878184]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-5-1 44672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\Windows\System32\drivers\lgvzandnetdiag64.sys [2012-5-9 29696]
S3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;C:\Windows\System32\drivers\lgvzandnetdiag264.sys [2012-5-9 29696]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\Windows\System32\drivers\lgvzandnetmdm64.sys [2012-5-9 36864]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgvzandnetndis64.sys [2012-5-9 94208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-08 11:44:52 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48C02C4A-18F7-4BDA-8999-102C8BA492FC}\offreg.dll
2012-12-08 11:42:35 -------- d-----r- C:\Backup
2012-12-08 11:39:01 85048 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
2012-12-08 11:39:01 66104 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
2012-12-08 11:38:09 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2012-12-08 11:38:04 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-12-08 11:38:04 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-12-08 11:07:35 -------- d-----w- C:\Users\MyriamMarcos\AppData\Roaming\Malwarebytes
2012-12-08 11:06:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-08 11:06:57 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-08 11:06:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-07 23:38:53 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48C02C4A-18F7-4BDA-8999-102C8BA492FC}\mpengine.dll
2012-11-29 20:03:23 -------- d-----r- C:\Program Files (x86)\Skype
2012-11-17 06:51:33 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-17 06:51:33 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-17 06:51:33 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-17 06:51:32 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-17 06:51:24 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-17 06:48:48 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-17 06:48:48 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-17 06:48:48 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-17 06:48:48 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-17 06:48:48 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-11-17 06:48:47 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-17 06:48:46 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-17 06:48:46 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-11-17 06:48:46 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-17 06:48:46 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-11-17 06:48:45 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-11-17 06:48:45 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-15 11:03:39 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 11:03:38 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 11:03:38 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 11:03:38 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 11:00:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 11:00:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 11:00:53 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 11:00:53 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 11:00:52 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 11:00:51 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 11:00:51 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 07:55:18 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-15 07:55:18 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
.
==================== Find3M ====================
.
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 00:25:37 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 00:25:37 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-09-24 23:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-24 23:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 3:58:39.75 ===============


Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.08.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MyriamMarcos :: MYRIAMMARCOS-HP [administrator]

Protection: Enabled

12/8/2012 3:08:57 AM
mbam-log-2012-12-08 (03-08-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203883
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 18
HKCR\CLSID\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044464439} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055465539} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004639.BHO.1 (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\CLSID\{22222222-2222-2222-2222-220022462239} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004639.Sandbox.1 (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004639.Sandbox (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\CLSID\{33333333-3333-3333-3333-330033463339} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004639.FBApi.1 (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004639.FBApi (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004639.BHO (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsApp (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstalledBrowserExtensions\215 Apps|4639 (PUP.CrossFire.SA) -> Data: SavingsApp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsApp|Publisher (PUP.CrossFire.SA) -> Data: 215 Apps -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\SavingsApp (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Program Files (x86)\SavingsApp\SavingsApp.dll (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
C:\Users\MyriamMarcos\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsApp\SavingsAppInstaller.log (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsApp\SavingsApp.exe (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsApp\SavingsApp.ico (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsApp\SavingsApp.ini (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsApp\SavingsAppGui.exe (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SavingsApp\Uninstall.exe (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
C:\Users\MyriamMarcos\Local Settings\Application Data\SavingsApp\Chrome\SavingsApp.crx (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

(end)


Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky PURE 2.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 37
Java version out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.95
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky PURE 2.0 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,227 posts

Posted 09 December 2012 - 01:06 PM

Hello Flan.

MBAM eliminated a Potentially Unwanted Program. PUPs are often installed along with other programs without your knowledge.


Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain.
If ComboFix caused any error message, reboot again should fix it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 Flan

Flan

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 09 December 2012 - 04:20 PM

I didn't notice any difference, but I barely got to test the PC since I'm a bit busy right now.
The combofix log is below.


ComboFix 12-12-07.01 - MyriamMarcos 12/09/2012 12:24:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2327 [GMT -8:00]
Running from: c:\users\MyriamMarcos\Desktop\ComboFix.exe
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
.
.
2012-12-09 20:33 . 2012-12-09 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 21:27 . 2012-12-08 21:34 -------- d-----w- c:\users\MyriamMarcos\AppData\Roaming\QuickScan
2012-12-08 11:44 . 2012-12-09 20:31 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48C02C4A-18F7-4BDA-8999-102C8BA492FC}\offreg.dll
2012-12-08 11:42 . 2012-12-08 11:42 -------- d-----r- C:\Backup
2012-12-08 11:39 . 2009-12-14 20:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-12-08 11:39 . 2009-12-14 20:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-12-08 11:38 . 2012-12-08 11:38 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2012-12-08 11:38 . 2012-12-09 20:26 -------- d-----w- c:\programdata\Kaspersky Lab
2012-12-08 11:38 . 2012-12-08 11:38 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-12-08 11:37 . 2012-12-08 11:37 636760 ----a-w- c:\windows\system32\drivers\klif.sys
2012-12-08 11:07 . 2012-12-08 11:07 -------- d-----w- c:\users\MyriamMarcos\AppData\Roaming\Malwarebytes
2012-12-08 11:06 . 2012-12-08 11:06 -------- d-----w- c:\programdata\Malwarebytes
2012-12-08 11:06 . 2012-12-08 11:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-08 11:06 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 23:38 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48C02C4A-18F7-4BDA-8999-102C8BA492FC}\mpengine.dll
2012-11-29 20:03 . 2012-12-09 20:20 -------- d-----w- c:\users\MyriamMarcos\AppData\Roaming\Skype
2012-11-29 20:03 . 2012-11-29 20:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-29 20:03 . 2012-11-29 20:03 -------- d-----r- c:\program files (x86)\Skype
2012-11-29 20:03 . 2012-12-08 12:30 -------- d-----w- c:\programdata\Skype
2012-11-27 00:21 . 2012-11-27 00:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-17 06:51 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-17 06:51 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-17 06:51 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-17 06:51 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-17 06:51 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-17 06:48 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-17 06:48 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-17 06:48 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-17 06:48 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-17 06:48 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-17 06:48 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-17 06:48 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-17 06:48 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-17 06:48 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-17 06:48 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-17 06:48 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-17 06:48 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-15 11:03 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 11:03 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 11:03 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 11:03 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 11:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 11:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 11:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 11:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 11:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 11:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 11:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 07:55 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 07:55 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 11:01 . 2012-06-10 23:08 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-29 19:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 19:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 19:42 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 00:25 . 2012-07-27 18:26 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 00:25 . 2012-07-27 18:26 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-24 23:32 . 2012-06-01 04:52 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 23:32 . 2011-05-14 05:18 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-14 23:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-14 23:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 06:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\MyriamMarcos\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"BYRUA_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" [2012-07-27 396408]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-31 202328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys [2012-05-09 29696]
R3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\DRIVERS\lgvzandnetdiag264.sys [2012-05-09 29696]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys [2012-05-09 36864]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys [2012-05-09 94208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-01-29 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-01-29 38016]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-28 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-22 743992]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-07-20 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-07-20 425064]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-08-02 878184]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 00:25]
.
2012-12-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2898404426-2694280887-1234077820-1002Core.job
- c:\users\MyriamMarcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 18:56]
.
2012-12-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2898404426-2694280887-1234077820-1002UA.job
- c:\users\MyriamMarcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 18:56]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2898404426-2694280887-1234077820-1002Core.job
- c:\users\MyriamMarcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 04:26]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2898404426-2694280887-1234077820-1002UA.job
- c:\users\MyriamMarcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 04:26]
.
2012-12-01 c:\windows\Tasks\HPCeeScheduleForMYRIAMMARCOS-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-11-28 c:\windows\Tasks\HPCeeScheduleForMyriamMarcos.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-31 06:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-02 1128448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.genieo.com/?v=w3i8
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-xy-VSFilter_is1 - f:\xy-vsfilter\unins000.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{11111111-1111-1111-1111-110011461139}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,40,14,18,55,2d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4c,2a,2c,45,64,b6,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,02,9f,7e,1a,16,71,44,8d,dd,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,02,9f,7e,1a,16,71,44,8d,dd,8a,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-09 12:37:20
ComboFix-quarantined-files.txt 2012-12-09 20:37
.
Pre-Run: 50,650,619,904 bytes free
Post-Run: 50,971,340,800 bytes free
.
- - End Of File - - 22D55BFA0F01E0BC21D8345CA926484B

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,227 posts

Posted 09 December 2012 - 04:34 PM

ComboFix found nothing amiss.

Please do these important security updates:
Update Adobe Reader (uncheck the option box for McAfee scan)

Update Java:
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 Flan

Flan

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 11 December 2012 - 06:30 AM

Updated them both, good to know nothing is going wrong.
Thank you for taking your time to help me out, much appreciated

#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,227 posts

Posted 11 December 2012 - 04:07 PM

Please clean up our tools:

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Delete the DDS files and Security Check folder from your Desktop.

I advise you to Create a system repair disc. Label the disk and keep it in a safe place. It can rescue you if your PC ever becomes unbootable.


Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,227 posts

Posted 16 December 2012 - 01:56 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button