WiredWX Hobby Weather ToolsLog in

 


Unknown malware/virus on Windows 7 PC

2 posters

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
http://virusscan.jotti.org/en/scanresult/f6a447d67745c4bfca676af035719f64f995004b

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
ComboFix 12-06-11.04 - jamie desktop 06/11/2012 19:33:14.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2472 [GMT -5:00]
Running from: c:\users\jamie desktop\Desktop\ComboFix.exe
Command switches used :: c:\users\jamie desktop\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ad-Aware Antivirus
c:\program files (x86)\Ad-Aware Antivirus\AdAware.exe
c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe
c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe
c:\program files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll
c:\program files (x86)\Ad-Aware Antivirus\AdAwareShellExtension64.dll
c:\program files (x86)\Ad-Aware Antivirus\BlockedAdPage.htm
c:\program files (x86)\Ad-Aware Antivirus\BlockedWebPage.htm
c:\program files (x86)\Ad-Aware Antivirus\Definitions\acertdefs0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\adsrules.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\AdviceTx.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\api0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\apincl.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\apprules.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\bhmem.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\bhsl.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\bmem.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\CatDesc.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\CatID.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\cblk.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\cmem.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\cname.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\comp0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\Cookies.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\CoreVer.txt
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ctid.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\defs0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\DefVer.txt
c:\program files (x86)\Ad-Aware Antivirus\Definitions\dnrl.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\EPSigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\FastSigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\FileDT.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\FolderDT.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\fsigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\hcol.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\heur0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\HistoryCleaner.xml
c:\program files (x86)\Ad-Aware Antivirus\Definitions\hstn.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\idsrules.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ih.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\IncompatiblePrograms.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\incompats.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ip.vtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\JSSigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\kbu.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\kbu.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\lgpl.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\lib7zip.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libCHM.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libEmail.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libMsCab.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libMsi.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libNSIS.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libOleA.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libRar.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libRTF.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libtd.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libVvs.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\libZip.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\macroptn.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\MFastSigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\mime0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\networkrules.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\pack0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\patchw32.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\qscnf.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\qscnr.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\RegDT.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\rem0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\remediation.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\RootCA.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\RTmem.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\SBTS.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\script0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\sdll0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\sel.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\smim0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatCategoryGlossary.xml
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatCategoryGlossary.xsd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatDT.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\ThreatID.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\TImem.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\unpck0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\updater.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\vcore.dll
c:\program files (x86)\Ad-Aware Antivirus\Definitions\VVSSigs.vdx
c:\program files (x86)\Ad-Aware Antivirus\Definitions\WebFilterExceptions.dat
c:\program files (x86)\Ad-Aware Antivirus\Definitions\white.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\white0.std
c:\program files (x86)\Ad-Aware Antivirus\Definitions\whmem.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\whsl.wtd
c:\program files (x86)\Ad-Aware Antivirus\Definitions\wmem.wtd
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\sbapifs.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\SBREDrv.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wlh\sbfw.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wlh\sbhips.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wlh\SBTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wlh\SBWTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\sbfw.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SbFwIm.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SBTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\sbaphd.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\sbapifs.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\sbapifsl.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\SBREDrv.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\sbfw.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SbFwIm.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SBTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\sbfw.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\SBTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\SBWTIS.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\i386\wxp\SbFwIm.sys
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbapifs.cat
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbapifs.inf
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbapifsl.cat
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbapx64.cat
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim.inf
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim_m.inf
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim2k.inf
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim2k_m.inf
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim64.cat
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbfwim86.cat
c:\program files (x86)\Ad-Aware Antivirus\Drivers\sbwtis.inf
c:\program files (x86)\Ad-Aware Antivirus\FSSC.dat
c:\program files (x86)\Ad-Aware Antivirus\GFI.Tools.Run64.exe
c:\program files (x86)\Ad-Aware Antivirus\htmlayout.dll
c:\program files (x86)\Ad-Aware Antivirus\IncompatiblePrograms.dll
c:\program files (x86)\Ad-Aware Antivirus\Incompats.dat
c:\program files (x86)\Ad-Aware Antivirus\kbu.dll
c:\program files (x86)\Ad-Aware Antivirus\lavalicense.dll
c:\program files (x86)\Ad-Aware Antivirus\mimepp.dll
c:\program files (x86)\Ad-Aware Antivirus\oeapiinitcom.dll
c:\program files (x86)\Ad-Aware Antivirus\oecom.dll
c:\program files (x86)\Ad-Aware Antivirus\oehook.dll
c:\program files (x86)\Ad-Aware Antivirus\oestore.dll
c:\program files (x86)\Ad-Aware Antivirus\SBAMConfig.bin
c:\program files (x86)\Ad-Aware Antivirus\SBAMOutlook.dll
c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
c:\program files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll
c:\program files (x86)\Ad-Aware Antivirus\SBAMTray.exe
c:\program files (x86)\Ad-Aware Antivirus\SBAMWsc.exe
c:\program files (x86)\Ad-Aware Antivirus\sbap.dll
c:\program files (x86)\Ad-Aware Antivirus\SBArva.dll
c:\program files (x86)\Ad-Aware Antivirus\SBCA.dll
c:\program files (x86)\Ad-Aware Antivirus\SbFwe.dll
c:\program files (x86)\Ad-Aware Antivirus\SbHips.dll
c:\program files (x86)\Ad-Aware Antivirus\sbipl.dat
c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe
c:\program files (x86)\Ad-Aware Antivirus\SBRE.dll
c:\program files (x86)\Ad-Aware Antivirus\SBSetupDrivers.exe
c:\program files (x86)\Ad-Aware Antivirus\SBTE.dll
c:\program files (x86)\Ad-Aware Antivirus\SBTIS.dll
c:\program files (x86)\Ad-Aware Antivirus\SbWebFilter.dll
c:\program files (x86)\Ad-Aware Antivirus\SpursDownload.dll
c:\program files (x86)\Ad-Aware Antivirus\unrar.dll
c:\program files (x86)\Ad-Aware Antivirus\vipre.dll
c:\program files (x86)\Ad-Aware Antivirus\x32\sbbd.exe
c:\program files (x86)\Ad-Aware Antivirus\x64\SBAMOutlook.dll
c:\program files (x86)\Ad-Aware Antivirus\x64\SBAMSvcPS.dll
c:\program files (x86)\Ad-Aware Antivirus\x64\sbbd.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Ad-Aware Service
-------\Service_SBAMSvc
-------\Service_Ad-Aware Service
-------\Service_SBAMSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-11 01:54 . 2012-06-11 01:54 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\SUPERAntiSpyware.com
2012-06-11 01:54 . 2012-06-11 01:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-11 01:54 . 2012-06-11 01:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-09 03:45 . 2012-06-09 03:45 -------- d-----w- c:\users\jamie desktop\AppData\Local\AVG Secure Search
2012-06-09 03:45 . 2012-06-09 03:45 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-09 03:44 . 2012-06-09 03:45 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-09 03:44 . 2012-06-09 03:44 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-09 03:44 . 2012-06-09 03:44 -------- d--h--w- c:\programdata\Common Files
2012-06-09 00:44 . 2012-06-09 00:44 -------- d-----w- c:\program files (x86)\ESET
2012-06-08 21:30 . 2012-06-08 21:33 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-06-08 21:30 . 2012-06-08 21:30 -------- d-----w- c:\programdata\HitmanPro
2012-06-07 23:57 . 2012-06-07 23:57 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\Malwarebytes
2012-06-07 23:57 . 2012-06-07 23:57 -------- d-----w- c:\programdata\Malwarebytes
2012-06-07 23:57 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 23:57 . 2012-06-07 23:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-28 14:53 . 2012-05-28 14:53 -------- d-----w- c:\users\jamie desktop\AppData\Local\CRE
2012-05-28 14:52 . 2012-05-28 14:52 -------- d-----w- c:\program files (x86)\Conduit
2012-05-28 14:52 . 2012-05-28 14:52 -------- d-----w- c:\users\jamie desktop\AppData\Local\Conduit
2012-05-28 14:52 . 2012-05-28 14:52 -------- d-----w- c:\program files (x86)\BitTorrentBar2
2012-05-26 16:21 . 2012-05-26 16:25 -------- d-----w- c:\program files (x86)\SpotifyRemotelessHelper
2012-05-26 00:41 . 2012-05-26 00:41 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\Hobbyist Software
2012-05-26 00:40 . 2012-05-26 00:40 -------- d-----w- c:\users\jamie desktop\AppData\Local\Hobbyist_Software
2012-05-26 00:40 . 2012-05-26 00:40 -------- d-----w- c:\program files (x86)\Hobbyist Software
2012-05-26 00:16 . 2012-05-26 00:17 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\avidemux
2012-05-26 00:15 . 2012-05-26 00:15 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2012-05-26 00:08 . 2011-12-19 17:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-26 00:07 . 2011-12-19 17:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-26 00:07 . 2011-09-29 17:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-26 00:07 . 2011-12-19 18:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-05-26 00:05 . 2012-05-26 00:15 -------- d-----w- c:\users\jamie desktop\AppData\Roaming\Ad-Aware Antivirus
2012-05-25 22:08 . 2012-05-25 22:08 -------- d-----w- c:\users\jamie desktop\AppData\Local\libimobiledevice
2012-05-22 00:26 . 2012-05-23 22:42 -------- d-----w- c:\users\jamie desktop\Tracing
2012-05-22 00:14 . 2012-05-22 00:14 -------- d-----w- c:\windows\en
2012-05-22 00:11 . 2012-03-08 23:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-05-22 00:07 . 2012-05-22 00:07 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e54c97c11cd37ae02\MeshBetaRemover.exe
2012-05-22 00:07 . 2012-05-22 00:07 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e48e29ab1cd37ae01\DSETUP.dll
2012-05-22 00:07 . 2012-05-22 00:07 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e48e29ab1cd37ae01\DXSETUP.exe
2012-05-22 00:07 . 2012-05-22 00:07 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e48e29ab1cd37ae01\dsetup32.dll
2012-05-21 02:07 . 2012-05-21 02:07 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:10 . 2012-04-12 22:09 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:10 . 2011-05-17 23:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:10 . 2012-04-14 18:41 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-31 06:05 . 2012-05-12 00:18 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-12 00:18 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-12 00:18 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-12 00:18 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-12 00:17 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 18:11 . 2012-03-01 00:18 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-17 07:58 . 2012-05-12 00:17 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-11_22.16.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-11 22:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-12 00:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-12 00:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-11 22:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-11 22:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-12 00:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-06-12 00:45 42802 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-24 05:52 . 2012-06-12 00:45 14778 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3926266715-3380694729-1637783024-1001_UserData.bin
+ 2010-09-24 03:28 . 2012-06-12 00:39 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-24 03:28 . 2012-06-11 22:15 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-24 03:28 . 2012-06-11 22:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-24 03:28 . 2012-06-12 00:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-11 22:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-12 00:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 05:52 . 2012-06-11 21:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-24 05:52 . 2012-06-12 00:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-24 05:52 . 2012-06-11 21:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-24 05:52 . 2012-06-12 00:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-24 05:52 . 2012-06-11 21:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-24 05:52 . 2012-06-12 00:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-24 05:52 . 2012-06-11 22:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-24 05:52 . 2012-06-12 00:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-25 16:29 . 2012-06-11 22:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-25 16:29 . 2012-06-12 00:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-12 00:39 . 2012-06-12 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-11 22:15 . 2012-06-11 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-12 00:39 . 2012-06-12 00:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-11 22:15 . 2012-06-11 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-09 03:44 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-09 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Facebook Update"="c:\users\jamie desktop\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
"Spotify Web Helper"="c:\users\jamie desktop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-07 932528]
"RemotelessHelper"="c:\program files (x86)\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe" [2012-04-26 2315264]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-10-19 715776]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-02 928656]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-02 3508624]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-09 1104440]
.
c:\users\jamie desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-09-11 22072]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-08-04 232248]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-09 935480]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 10:10]
.
2012-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001Core.job
- c:\users\jamie desktop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 18:49]
.
2012-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001UA.job
- c:\users\jamie desktop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 18:49]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 21:20]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 21:20]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001Core.job
- c:\users\jamie desktop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 21:20]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3926266715-3380694729-1637783024-1001UA.job
- c:\users\jamie desktop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-09 21:20]
.
2012-06-03 c:\windows\Tasks\HPCeeScheduleForjamie desktop.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2012-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jamie desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-08-04 16:29 4742968 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-08-04 16:29 4742968 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-08-04 16:29 4742968 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
"combofix"="c:\combofix\CF14420.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={2F610A58-E7FB-4224-A499-2AFF32A4A119}&mid=b9569c06e7fc47d08240a138faf40482-00e2554ee3c0a2400bd8ace33844af03c6d4e798&lang=en&ds=ft011&pr=sa&d=2012-06-08 22:44&v=11.1.0.7&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\jamie desktop\AppData\Roaming\Mozilla\Firefox\Profiles\vj1ii32i.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - cnn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-SBAMSvc
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3926266715-3380694729-1637783024-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3926266715-3380694729-1637783024-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-06-11 19:48:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-12 00:48
ComboFix2.txt 2012-06-11 22:22
.
Pre-Run: 458,312,384,512 bytes free
Post-Run: 458,047,320,064 bytes free
.
- - End Of File - - 8B9FE613974335DB4131411AF0440B01

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 20:02:01
-----------------------------
20:02:01.826 OS Version: Windows x64 6.1.7601 Service Pack 1
20:02:01.826 Number of processors: 2 586 0x602
20:02:01.842 ComputerName: JAMIEDESKTOP-PC UserName: jamie desktop
20:02:03.793 Initialize success
20:02:47.777 AVAST engine defs: 12061101
20:02:50.197 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
20:02:50.199 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 11
20:02:50.214 Disk 0 MBR read successfully
20:02:50.231 Disk 0 MBR scan
20:02:50.235 Disk 0 Windows 7 default MBR code
20:02:50.242 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:02:50.258 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 649702 MB offset 206911
20:02:50.258 Disk 0 Partition - 00 0F Extended LBA 21000 MB offset 1396334592
20:02:50.273 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12599 MB offset 1439342592
20:02:50.304 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 20999 MB offset 1396336640
20:02:50.341 Disk 0 scanning C:\Windows\system32\drivers
20:03:00.956 Service scanning
20:03:21.840 Modules scanning
20:03:21.867 Disk 0 trace - called modules:
20:03:21.884 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
20:03:21.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003da4060]
20:03:21.895 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8003726040]
20:03:21.901 5 amdxata.sys[fffff88000ddf7a8] -> nt!IofCallDriver -> \Device\00000069[0xfffffa8003d91060]
20:03:27.701 AVAST engine scan C:\Windows
20:03:30.064 AVAST engine scan C:\Windows\system32
20:06:23.196 AVAST engine scan C:\Windows\system32\drivers
20:06:34.451 AVAST engine scan C:\Users\jamie desktop
20:12:52.343 AVAST engine scan C:\ProgramData
20:14:28.040 Scan finished successfully
20:27:34.010 Disk 0 MBR has been saved successfully to "C:\Users\jamie desktop\Desktop\MBR.dat"
20:27:34.010 The log file has been saved successfully to "C:\Users\jamie desktop\Desktop\aswMBR.txt"
20:28:15.750 Disk 0 MBR has been saved successfully to "C:\Users\jamie desktop\Desktop\MBR.dat"
20:28:15.755 The log file has been saved successfully to "C:\Users\jamie desktop\Desktop\2aswMBR.txt"

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
Good job.How's the computer now? Can you boot in Normal Mode? Lavasoft Ad-Aware should be gone now.

Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
Everything seems to be working great now. Speed is back to normal. However, I have a few issues still.

1. I couldn't get the Rooter to scan. It sat overnight and still said "Please Wait..." in the morning. When I attempted to run the program again this morning, a window popped up that said "Windows Installer: Attempting to install Ad Aware Antivirus" I canceled the install as I didn't prompt that to happen and didn't know whether to trust it or not.

2. I also have 2 new documents on my desktop. They are transparents compared to the other files on my desktop . I don't recognize what they are either. They are labeled:
"~$ood Resume.txt
~$ood Resume.rtf"

Do you know anything about these?

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
I also have 2 new documents on my desktop. They are transparents compared to the other files on my desktop . I don't recognize what they are either. They are labeled:
"~$ood Resume.txt
~$ood Resume.rtf"

If you can't open them to see what's inside, delete them. Just drag them to the Recycling bin.

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.


  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button

  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)

    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • When you have re-booted,and tell me how your computer is running now

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
Do you have another link to download that from? The site keeps giving me a runtime error message.


Server Error in '/' Application.

Runtime Error

Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off".










Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL.









descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
Can you download it on another computer and transfer it to your computer using a CD or memory stick?

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
I tried to access the page on another computer and got the same error. I've tried with three different browsers as well.

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
I tried to access the page on another computer and got the same error. I've tried with three different browsers as well.

That is really weird because the link works for me. Are those other computers on the same modem?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the Unknown malware/virus on Windows 7 PC - Page 2 EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on Unknown malware/virus on Windows 7 PC - Page 2 EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Unknown malware/virus on Windows 7 PC - Page 2 EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check Unknown malware/virus on Windows 7 PC - Page 2 EsetAcceptTerms
•Click the Unknown malware/virus on Windows 7 PC - Page 2 EsetStart button.
•Accept any security warnings from your browser.
•Check Unknown malware/virus on Windows 7 PC - Page 2 EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Unknown malware/virus on Windows 7 PC - Page 2 EsetListThreats
•Push Unknown malware/virus on Windows 7 PC - Page 2 EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Unknown malware/virus on Windows 7 PC - Page 2 EsetBack button.
•Push Unknown malware/virus on Windows 7 PC - Page 2 EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
Yeah they're all on the same network. I'll try resetting my router tonight and let you know if that works. I don't really have many other options.

online scan results:

C:\Users\jamie desktop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5d149be1-77e6353a a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\jamie desktop\Desktop\Setup.exe probably a variant of Win32/Adware.iBryte.B application cleaned by deleting - quarantined

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
In the meantime, we can do some cleanup.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall


Unknown malware/virus on Windows 7 PC - Page 2 Combofix_uninstall_image

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

***************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
I'm running the Sophos Virus Removal Tool now.

Some things seem different from your step by step directions.

Installer prompted me to extract the files to:
c:\program files (x86)\Sophos\Sophos Virus Removal Tool\

instead of c:\SophTemp

There also weren't any windows, but the scan would pause and prompt me to remove threats immediately instead of deleting or quarantining them at the end.

Just thought you should know in case I did something wrong or they've changed this tool recently.

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
Some things seem different from your step by step directions

I know. My speech needs to be updated which I will get to sometime.

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
I tried to post the findings from the Sophos scan, but I had to type it out myself because I couldn't figure out a way to copy it over. Then I closed the scan, and hit send and the site made me log in again, which lost everything I had typed out. Unless you know a way to recover the log from the scan I just ran, I don't know what to tell you other than the only thing found was something described as a Trojan and it mentioned java. Sorry

descriptionUnknown malware/virus on Windows 7 PC - Page 2 EmptyRe: Unknown malware/virus on Windows 7 PC

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum