SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Windows 7

(Solved) - cports.exe

(15 posts)
  • Started 1 year ago by Robertyyy
  • Latest reply from Robertyyy
  • Topic Viewed 1524 times

Robertyyy
Posts: 186

Hi all, I have downloaded cports.exe it is CurrPorts, & then run it, i have copied the whole thing, but i will just leave a bit hear, It says i am Established in a lot of cases, which i thought i am bieng Hijacked, well i will paste part of it here, tell me if you want the whole thing, then i will paste it: avp.exe 1824 TCP 1110 nfsd-status 127.0.0.1 49482 127.0.0.1 Rob-PC Established C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe Kaspersky Anti-Virus Kaspersky Anti-Virus 12.0.2.733 Kaspersky Lab ZAO 16/01/2013 04:41:00 NT AUTHORITY\SYSTEM AVP A 16/01/2013 04:44:36
avp.exe 1824 TCP 1110 nfsd-status 127.0.0.1 49478 127.0.0.1 Rob-PC Established C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe Kaspersky Anti-Virus Kaspersky Anti-Virus 12.0.2.733 Kaspersky Lab ZAO 16/01/2013 04:41:00 NT AUTHORITY\SYSTEM AVP A 16/01/2013 04:44:36
avp.exe 1824 TCP 49479 192.168.0.2 80 http 213.248.117.57 213-248-117-57.customer.teliacarrier.com Established C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe Kaspersky Anti-Virus Kaspersky Anti-Virus 12.0.2.733 Kaspersky Lab ZAO 16/01/2013 04:41:00 NT AUTHORITY\SYSTEM AVP A 16/01/2013 04:44:36
avp.exe 1824 TCP 49483 192.168.0.2 80 http 213.248.117.59 213-248-117-59.customer.teliacarrier.com Established C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe Kaspersky Anti-Virus Kaspersky Anti-Virus 12.0.2.733 Kaspersky Lab ZAO 16/01/2013 04:41:00 NT AUTHORITY\SYSTEM AVP A 16/01/2013 04:44:36
avp.exe 1824 TCP 1110 nfsd-status 127.0.0.1 49488 127.0.0.1 Rob-PC Established C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe Kaspersky Anti-Virus Kaspersky Anti-Virus 12.0.2.733 Kaspersky Lab ZAO 16/01/2013 04:41:00 NT AUTHORITY\SYSTEM AVP A 16/01/2013 04:44:46
avp.exe 1824 TCP 1110 nfsd-status 127.0.0.1 49491 127.0.0.1 Rob-PC Established C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe Kaspersky Anti-Virus Kaspersky Anti-Virus 12.0.2.733 Kaspersky Lab ZAO 16/01/2013 04:41:00 NT AUTHORITY\SYSTEM AVP A 16/01/2013 04:44:46
avp.exe 1824 TCP 1110 nfsd-status 127.0.0.1 49494 127.0.0.1 Rob-PC Established C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe Kaspersky Anti-Virus Kaspersky Anti-Virus 12.0.2.733 Kaspersky Lab ZAO 16/01/2013 04:41:00 NT AUTHORITY\SYSTEM AVP A 16/01/2013 04:44:46
avp.exe 1824 TCP 49489 192.168.0.2 80 http 65.55.185.26 Established C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe Kaspersky Anti-Virus Kaspersky Anti-Virus 12.0.2.733 Kaspersky Lab ZAO 16/01/2013 04:41:00 NT AUTHORITY\SYSTEM AVP A 16/01/2013 04:44:46
avp.exe 1824 TCP 49492 192.168.0.2 80 http 217.212.238.24 Established C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe Kaspersky Anti-Virus Kaspersky Anti-Virus 12.0.2.733 Kaspersky Lab ZAO 16/01/2013 04:41:00 NT AUTHORITY\SYSTEM AVP A 16/01/2013 04:44:46
(It is me again, well what do you think, am i bieng Hijacked or what? :/ )

Posted 1 year ago
Top
 
ispalten
ispalten
Posts: 6259

Totally unreadable.

You running Kaspersky? If so that is OK...

What actually bothers you?

Irv S.

Posted 1 year ago
Top
 
Robertyyy
Posts: 186

Yes ispalten i have bought Kaspersky and it is running, But i have been told if cports.exe is running and it shows Established then i am in a bit of trouble.
I have typed netstat -ano on the CMD then it shows Established, which i think it means my PC has been hijacked.

Posted 1 year ago
Top
 
Robertyyy
Posts: 186

I have right clicked my Computer then went to Properties, Then chosen Advanced system settings then clicked remote about 2 weeks ago i done it, The box was ticked in Allow Remote Assistance connections to this computer, I have unticked it, then there was a lot less problems on my PC.
It bothers me to lose my money on the credit card.

Posted 1 year ago
Top
 
ispalten
ispalten
Posts: 6259

Establish ONLY means there IS a connection and you are connected AND can be exchanging information/data.

Open a COMMAND PROMPT running as ADMINISTRATOR and issue NETSTAT -abnof and then LOOK at all the established connections and where to and what program is doing the connection. Having ESTABLISHED is quite normal but it can also be malware too.

Here are some of mine (hope it stays formatted) :

===========
TCP 127.0.0.1:5354 127.0.0.1:49155 ESTABLISHED 2152
[mDNSResponder.exe]
TCP 127.0.0.1:5354 127.0.0.1:49208 ESTABLISHED 2152
[mDNSResponder.exe]
TCP 127.0.0.1:5354 127.0.0.1:49717 ESTABLISHED 2152
[mDNSResponder.exe]
TCP 127.0.0.1:5940 0.0.0.0:0 LISTENING 4028
[TeamViewer_Service.exe]
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING 1980
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:27015 127.0.0.1:49234 ESTABLISHED 1980
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:37218 127.0.0.1:49216 ESTABLISHED 6456
[AirPS.exe]
TCP 127.0.0.1:49155 127.0.0.1:5354 ESTABLISHED 1980
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:49158 127.0.0.1:49159 ESTABLISHED 1832
[pbeagent.exe]
TCP 127.0.0.1:49159 127.0.0.1:49158 ESTABLISHED 1832
[pbeagent.exe]
TCP 127.0.0.1:49202 0.0.0.0:0 LISTENING 2952
[ccSvcHst.exe]
TCP 127.0.0.1:49208 127.0.0.1:5354 ESTABLISHED 6180
[AirVideoServer.exe]
TCP 127.0.0.1:49216 127.0.0.1:37218 ESTABLISHED 6404
[airplayit.exe]
TCP 127.0.0.1:49234 127.0.0.1:27015 ESTABLISHED 5400
[iTunesHelper.exe]
TCP 127.0.0.1:49717 127.0.0.1:5354 ESTABLISHED 6456
[AirPS.exe]
TCP 127.0.0.1:59243 0.0.0.0:0 LISTENING 2312
[SetPoint.exe]
TCP 127.0.0.1:65138 127.0.0.1:65139 ESTABLISHED 5112
[firefox.exe]
TCP 127.0.0.1:65139 127.0.0.1:65138 ESTABLISHED 5112
[firefox.exe]
TCP 192.168.1.2:80 192.168.1.105:53517 TIME_WAIT 0
TCP 192.168.1.2:80 192.168.1.105:53636 TIME_WAIT 0
TCP 192.168.1.2:80 192.168.1.105:53808 TIME_WAIT 0
TCP 192.168.1.2:80 192.168.1.105:53827 TIME_WAIT 0
TCP 192.168.1.2:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 192.168.1.2:2161 192.168.1.2:49157 ESTABLISHED 1832
[pbeagent.exe]
TCP 192.168.1.2:49157 192.168.1.2:2161 ESTABLISHED 1932
[PBESER~1.EXE]
TCP 192.168.1.2:49230 65.55.223.28:40033 ESTABLISHED 6680
[Skype.exe]
TCP 192.168.1.2:49300 23.8.16.60:443 CLOSE_WAIT 8096
[jusched.exe]
TCP 192.168.1.2:49703 82.76.200.7:80 TIME_WAIT 0
TCP 192.168.1.2:49711 204.93.63.66:80 ESTABLISHED 1780
[Explorer.EXE]
TCP 192.168.1.2:49712 209.107.220.32:80 ESTABLISHED 1780
[Explorer.EXE]
TCP 192.168.1.2:49713 209.107.220.32:80 ESTABLISHED 1780
[Explorer.EXE]
TCP 192.168.1.2:49714 209.107.220.32:80 ESTABLISHED 1780
[Explorer.EXE]
========================

All 'normal' and I know the programs that are established are ones I start and use.

Irv S.

Posted 1 year ago
Top
 
Robertyyy
Posts: 186

Hi Irv S,
Hope that is your correct name, I run Command Prompt as an Administrator then i typed NETSTAT -abnof then it shows this:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>NETSTAT -abnof

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 896
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:1110 0.0.0.0:0 LISTENING 1808
[avp.exe]
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:12321 0.0.0.0:0 LISTENING 1808
[avp.exe]
TCP 0.0.0.0:21320 0.0.0.0:0 LISTENING 524
[SDFSSvc.exe]
TCP 0.0.0.0:21321 0.0.0.0:0 LISTENING 2252
[SDUpdSvc.exe]
TCP 0.0.0.0:21322 0.0.0.0:0 LISTENING 524
[SDFSSvc.exe]
TCP 0.0.0.0:21323 0.0.0.0:0 LISTENING 524
[SDFSSvc.exe]
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 580
[wininit.exe]
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1024
eventlog
[svchost.exe]
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1104
Schedule
[svchost.exe]
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 648
[services.exe]
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 656
[lsass.exe]
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 3256
PolicyAgent
[svchost.exe]
TCP 127.0.0.1:51926 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51927 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51928 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51929 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51930 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51931 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51932 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51933 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51934 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51935 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51937 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51938 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51939 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51940 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51941 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51942 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51943 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51944 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51945 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51946 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51947 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51948 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51949 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51950 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51951 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51952 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51953 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51954 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51955 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51956 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51957 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51958 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51960 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51961 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51962 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51963 127.0.0.1:21322 TIME_WAIT 0
TCP 127.0.0.1:51964 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:51965 127.0.0.1:21322 TIME_WAIT 0
TCP 192.168.0.2:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 192.168.0.2:51936 195.122.169.15:80 TIME_WAIT 0
TCP 192.168.0.2:51959 195.122.169.18:80 TIME_WAIT 0
TCP [::]:135 [::]:0 LISTENING 896
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:1110 [::]:0 LISTENING 1808
[avp.exe]
TCP [::]:5357 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:12321 [::]:0 LISTENING 1808
[avp.exe]
TCP [::]:49152 [::]:0 LISTENING 580
[wininit.exe]
TCP [::]:49153 [::]:0 LISTENING 1024
eventlog
[svchost.exe]
TCP [::]:49154 [::]:0 LISTENING 1104
Schedule
[svchost.exe]
TCP [::]:49155 [::]:0 LISTENING 648
[services.exe]
TCP [::]:49156 [::]:0 LISTENING 656
[lsass.exe]
TCP [::]:49157 [::]:0 LISTENING 3256
PolicyAgent
[svchost.exe]
UDP 0.0.0.0:500 *:* 1104
IKEEXT
[svchost.exe]
UDP 0.0.0.0:3702 *:* 1892
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:* 1892
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:* 1260
EventSystem
[svchost.exe]
UDP 0.0.0.0:3702 *:* 1260
EventSystem
[svchost.exe]
UDP 0.0.0.0:4500 *:* 1104
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5355 *:* 960
Dnscache
[svchost.exe]
UDP 0.0.0.0:21328 *:* 524
[SDFSSvc.exe]
UDP 0.0.0.0:49152 *:* 1892
FDResPub
[svchost.exe]
UDP 0.0.0.0:49154 *:* 524
[SDFSSvc.exe]
UDP 0.0.0.0:59225 *:* 1260
EventSystem
[svchost.exe]
UDP 127.0.0.1:1900 *:* 1892
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:53353 *:* 1892
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:61846 *:* 3384
[iexplore.exe]
UDP 192.168.0.2:137 *:* 4
Can not obtain ownership information
UDP 192.168.0.2:138 *:* 4
Can not obtain ownership information
UDP 192.168.0.2:1900 *:* 1892
SSDPSRV
[svchost.exe]
UDP 192.168.0.2:53352 *:* 1892
SSDPSRV
[svchost.exe]
UDP [::]:500 *:* 1104
IKEEXT
[svchost.exe]
UDP [::]:3702 *:* 1892
FDResPub
[svchost.exe]
UDP [::]:3702 *:* 1892
FDResPub
[svchost.exe]
UDP [::]:3702 *:* 1260
EventSystem
[svchost.exe]
UDP [::]:3702 *:* 1260
EventSystem
[svchost.exe]
UDP [::]:4500 *:* 1104
IKEEXT
[svchost.exe]
UDP [::]:5355 *:* 960
Dnscache
[svchost.exe]
UDP [::]:49153 *:* 1892
FDResPub
[svchost.exe]
UDP [::]:59226 *:* 1260
EventSystem
[svchost.exe]
UDP [::1]:1900 *:* 1892
SSDPSRV
[svchost.exe]
UDP [::1]:53351 *:* 1892
SSDPSRV
[svchost.exe]
UDP [fe80::f986:daaa:5bf7:6371%10]:1900 *:*
1892
SSDPSRV
[svchost.exe]
UDP [fe80::f986:daaa:5bf7:6371%10]:53350 *:*
1892
SSDPSRV
[svchost.exe]

C:\Windows\system32>

( Me again, does that look all right Irv S)

Posted 1 year ago
Top
 
ispalten
ispalten
Posts: 6259

I'm confused, now you show nothing established? Something has to be if you are using a browser? Unless you took the data before opening the browser and closing all applications?

Again, Established only means there is an ACTIVE connection. LISTENING means the port is open waiting for something, and TIME_WAIT generally means some transaction took place and it is waiting for a return and if not soon it will close. It does this to make sure the last transmission was really complete. See HERE for more details.

Is there ANYTHING specific that bothers you?

Irv S.

Posted 1 year ago
Top
 
Xhi
Xhi
Posts: 6298

Trying to track down Ghosts that do not exist can be a big waste of time and can cause unintended damage to the computer. Please be specific of what and why you suspect anything.

Posted 1 year ago
Top
 
Robertyyy
Posts: 186

I pressed here on what you have said, it took about 5 mins to get through and then all it said was: Trying to Hack Us? OR Acting Normal? Well, something is amiss. SDVP thinks you are being bad. Then it gives Boxes for Back or Home.
Hi Xhi Guest Moderator, Well I had this PC repairer at my home, well I sacked him for taking things away from my PC, also things that normally worked fine did not work anymore, As I explained earlier The box was ticked in Allow Remote Assistance connections to this computer, I have unpicked it, then there was a lot less problems on my PC.
Apart from losing money from my credit cards, and I know I can get it back, but I just do not need the hassle, I am disabled and I receive the DLA, which means the Disability Living Allowance, And I think I should be spared for this hassle, well Xhi Guest Moderator have seen what I have typed, if you think it’s ok then I think it will be fine---if you say it’s ok.

Posted 1 year ago
Top
 
Robertyyy
Posts: 186

Hi all, cports.exe was 118 Total Ports, 3 Remote Connections 27 Listening, now it’s 0 Total Ports, No Remote Connections, 0 Listening, I think it was the Remote Connections that was giving me the problems. I have taken this advice: Open ports offer services that are potentially vulnerable to attacks! All ports should be closed or filtered, unless you specifically require some open (and know exactly what they are).
Well I hope I have done the right thing.
:)

Posted 1 year ago
Top
 
Robertyyy
Posts: 186

Hi all, well i have been shown ComboFix by another PC helper, this is what it reports:
ComboFix 13-01-14.01 - Rob 18/01/2013 15:39:55.4.4 - x86
Running from: c:\users\Rob\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rob\Documents\CF10606.3XE
c:\users\Rob\Documents\regt.3xe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))
.
.
2013-01-18 15:50 . 2013-01-18 15:53 -------- d-----w- c:\users\Rob\AppData\Local\temp
2013-01-18 15:50 . 2013-01-18 15:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-18 15:50 . 2013-01-18 15:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-18 15:50 . 2013-01-18 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-17 15:48 . 2013-01-12 03:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-14 22:49 . 2013-01-14 22:49 -------- d-----w- C:\found.000
2013-01-09 10:26 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 12:11 . 2013-01-18 13:52 242864 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-01-08 12:10 . 2013-01-08 12:18 -------- d-----w- c:\programdata\Comodo
2013-01-08 12:10 . 2013-01-08 12:10 -------- d-----w- c:\program files\COMODO
2013-01-08 09:44 . 2013-01-08 09:44 -------- d-----w- C:\MGADiagToolOutput
2013-01-08 09:43 . 2013-01-08 09:43 -------- d-----w- c:\programdata\Office Genuine Advantage
2013-01-06 16:31 . 2013-01-06 16:31 -------- d-----w- c:\program files\Zombie Bowl-O-Rama
2013-01-06 05:40 . 2013-01-06 05:40 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-01-05 13:52 . 2013-01-05 13:52 -------- d-----w- c:\users\Rob\AppData\Roaming\TeamViewer
2013-01-01 11:26 . 2013-01-01 11:26 -------- d-----w- c:\program files\BBC iPlayer Desktop
2012-12-29 02:53 . 2012-12-29 02:53 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-12-29 01:20 . 2012-12-29 01:21 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-12-28 14:18 . 2012-12-28 14:41 45376 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-12-28 14:16 . 2013-01-06 08:23 -------- d-----w- c:\program files\Microsoft Visual Studio 11.0
2012-12-27 23:59 . 2013-01-01 10:35 -------- d-----w- c:\program files\Kaspersky Lab
2012-12-27 06:50 . 2012-12-27 06:50 -------- d-----w- c:\program files\Common Files\Microsoft
2012-12-27 06:49 . 2012-12-27 06:49 -------- d-----w- c:\program files\Windows Kits
2012-12-27 06:42 . 2013-01-06 08:23 -------- d-----w- c:\programdata\Package Cache
2012-12-26 12:52 . 2012-12-26 12:52 -------- d-----w- c:\programdata\Lost Treasures Of El Dorado
2012-12-25 09:39 . 2012-12-25 09:39 -------- d-----w- c:\program files\NirSoft
2012-12-24 12:50 . 2013-01-18 14:07 -------- d-----w- c:\programdata\Kaspersky Lab
2012-12-22 15:25 . 2012-12-22 15:41 -------- d-----w- c:\users\Rob\AppData\Roaming\FreeFixer
2012-12-22 15:25 . 2012-12-22 15:25 -------- d-----w- c:\users\Rob\AppData\Local\FreeFixer
2012-12-22 15:25 . 2012-12-22 15:25 -------- d-----w- c:\program files\FreeFixer
2012-12-21 02:54 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 02:54 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-20 14:29 . 2012-12-20 14:29 -------- d-----w- c:\users\Rob\AppData\Roaming\adawaretb
2012-12-19 16:32 . 2012-12-19 16:32 -------- d-----w- c:\users\Rob\AppData\Roaming\DelinvFile
2012-12-19 16:32 . 2012-12-19 16:32 -------- d-----w- c:\programdata\DelinvFile
2012-12-19 16:31 . 2013-01-17 11:46 -------- d-----w- C:\PurgeIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 07:42 . 2011-11-21 02:44 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-10 07:42 . 2011-07-21 07:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-05 04:06 . 2011-12-28 21:17 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-05 04:06 . 2011-12-21 14:23 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-27 06:03 . 2012-08-31 05:29 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-27 06:03 . 2012-08-31 05:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-22 04:23 . 2012-10-09 17:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-22 04:23 . 2012-10-09 17:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-17 06:43 . 2012-11-28 07:28 33616 ----a-w- c:\windows\system32\drivers\gfiark.sys
2012-12-17 03:47 . 2011-07-24 11:07 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-17 03:46 . 2011-07-24 11:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-14 16:49 . 2012-07-21 07:12 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-13 03:37 . 2012-11-27 06:18 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-11-12 11:52 . 2012-12-12 14:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 14:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-07 23:37 . 2012-11-07 23:37 82952 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:37 . 2012-11-07 23:37 494416 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:37 . 2012-11-07 23:37 36072 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:37 . 2012-11-07 23:37 19632 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2012-11-07 23:37 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2012-11-07 23:37 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-07 15:25 . 2012-12-11 08:18 32512 ----a-w- c:\windows\system32\drivers\npf.sys
2012-11-06 01:20 . 2012-11-06 01:20 875472 ----a-w- c:\windows\system32\msvcr110.dll
2012-11-06 01:20 . 2012-11-06 01:20 535008 ----a-w- c:\windows\system32\msvcp110.dll
2012-11-06 01:20 . 2012-11-06 01:20 252400 ----a-w- c:\windows\system32\vccorlib110.dll
2012-11-06 01:20 . 2012-11-06 01:20 125904 ----a-w- c:\windows\system32\vcomp110.dll
2012-11-06 01:20 . 2012-11-06 01:20 168920 ----a-w- c:\windows\system32\atl110.dll
2012-11-02 05:11 . 2012-12-12 14:50 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-27 06:26 . 2012-12-12 14:51 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-21 07:42 . 2012-06-05 13:52 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41 87448 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-03 05:21 220608 ----a-w- c:\users\Rob\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-03 05:21 220608 ----a-w- c:\users\Rob\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-03 05:21 220608 ----a-w- c:\users\Rob\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-30 22:24 496056 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Handy Start Menu"="c:\users\Rob\AppData\Local\ChemTable Software\Handy Start Menu\HandyStartMenu.exe" [2012-12-21 4569720]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-30 202328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SeparateProcess"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Rob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 02:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogiScrollApp]
2011-12-14 07:25 112920 ----a-w- c:\program files\Logitech\ScrollApp\KhalScroll.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtection]
2012-12-13 03:36 141 ----a-w- c:\programdata\Search Protection\_run.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-10-23 14:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-12-22 04:23 295072 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2012-09-20 04:02 363752 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 AntiLog32;AntiLog32; [x]
R1 SBRE;SBRE; [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5; [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SBSDWSCService;SBSD Security Center Service; [x]
R2 Web Assistant Updater;Web Assistant Updater; [x]
R3 cpuz134;cpuz134; [x]
R3 cpuz135;cpuz135; [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 SBHIPS;SBHIPS;c:\windows\system32\drivers\sbhips.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-21 07:42]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-17 20:00]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-17 20:00]
.
2013-01-18 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-09-06 14:39]
.
2013-01-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task cd5c488e-43d0-4f51-9fe0-6bb0fecbf5d1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/news/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F3BE4803-B600-455F-A2DC-0200B9F568AB}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\8ok22ndk.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=CF61B2BB9852E473425EC750818BC589
FF - prefs.js: keyword.URL - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=CF61B2BB9852E473425EC750818BC589&q=
FF - prefs.js: browser.search.selectedEngine - blekko
FF - prefs.js: browser.search.selectedEngine - blekko
FF - prefs.js: browser.search.selectedEngine - blekko
FF - prefs.js: browser.search.selectedEngine - blekko
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2902917691-2434408741-2504604554-1000\Software\SecuROM\License information*]
"datasecu"=hex:1f,1c,d0,fb,f8,01,b9,8c,71,a4,f0,bf,51,05,de,99,bc,98,a7,8b,a1,
1a,c8,2c,64,dd,89,0b,56,b1,47,ab,6f,04,c4,ff,d7,4b,9e,2e,12,65,4a,58,d1,a3,\
"rkeysecu"=hex:e0,31,9d,ec,38,da,d3,01,1a,14,cc,5e,64,4e,0d,0c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\guard32.dll
.
Completion time: 2013-01-18 15:58:32
ComboFix-quarantined-files.txt 2013-01-18 15:58
ComboFix2.txt 2013-01-15 06:54
ComboFix3.txt 2012-08-28 14:30
ComboFix4.txt 2012-08-02 09:25
.
Pre-Run: 295,637,123,072 bytes free
Post-Run: 295,349,002,240 bytes free
.
- - End Of File - - 3C3A627D3085B4395220561BD5E64BDB (It is me again, sorry it was so long)

Posted 1 year ago
Top
 
ispalten
ispalten
Posts: 6259

I completely DO NOT understand your last two messages?

First sentence in the first reply above the last I can not understand what you mean, please explain.

Second one, how did you go from 118 ports to 0? Even a non-internet system will have open ports between 127.0.0.1, 0.0.0.0, the local computer, and even unknown IP Addresses. What did you different, please explain?

A remote connection unless it is actually connected shouldn't bother you. Of course you don't need to allow Remote Access unless you are going to use it.

Irv S.

EDIT: I see you added more info, so I'm talking about 2 and 3 messages above this one.

Posted 1 year ago
Top
 
ispalten
ispalten
Posts: 6259

OK, what do you think is wrong to run ComboFix and what do you think is a problem in the report? You KNOW what programs you are running, I do not?

Maybe you want to try HIJACK HUNTER, it might provide more direct info.

Still, WHAT do you think is the problem and WHY?

Irv S.

Accepted Answer · Posted 1 year ago
Top
 
Robertyyy
Posts: 186

I have already said Irv S, The last PC helper was Hijacking my PC Because i sacked him, In case you need to know, I had to reinstall a lot of my Games that were ok to run before, But yesterday while we were typing messages they dissapeard, But, I hope my PC will go ok know.

Posted 1 year ago
Top
 
Robertyyy
Posts: 186

Thanks for your help Irv S.

Posted 1 year ago
Top
 



Topic Closed

This topic has been closed to new replies.