Jump to content

Browser Plus 2 Hijacker Malware


Recommended Posts

Step 1

Please download AppRemover and save it on your desktop. Start the application and click Next and then select Clean Up a Failed Uninstall. Wait until AppRemover finishes scanning the computer and determines which security applications have elements installed. For some applications, AppRemover requires that you restart your computer to finish the uninstallation. If prompted, restart your computer before exiting AppRemover.

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

c:\program files (x86)\GUM3B14.tmp

Folder::

c:\users\paul\AppData\Local\DefineExt

c:\users\paul\AppData\Roaming\StreamTorrent

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Nothing has gotten better.  More programs are complaining that they cannot run.

 

Here is the log:

 

ComboFix 13-09-08.02 - paul 09/08/2013  20:57:39.3.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8048.6110 [GMT -5:00]
Running from: c:\users\paul\Desktop\ComboFix.exe
Command switches used :: c:\users\paul\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\GUM3B14.tmp"
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-09 to 2013-09-09  )))))))))))))))))))))))))))))))
.
.
2013-09-09 01:59 . 2013-09-09 01:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-09 01:59 . 2013-09-09 01:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-08 17:12 . 2013-09-09 01:59 -------- d-----w- c:\users\paul\AppData\Local\temp
2013-09-08 05:16 . 2013-09-08 05:16 -------- d-----w- c:\program files (x86)\GUM3B14.tmp
2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\program files\Google
2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\program files (x86)\Google
2013-09-08 05:15 . 2013-09-08 05:16 -------- d-----w- c:\users\paul\AppData\Local\Google
2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\users\paul\AppData\Local\Apps
2013-09-08 05:15 . 2013-09-08 05:15 -------- d-----w- c:\users\paul\AppData\Local\Deployment
2013-09-08 00:41 . 2013-09-08 00:41 -------- d-----w- c:\users\paul\AppData\Roaming\AVG2013
2013-09-08 00:40 . 2013-09-08 00:40 -------- d-----w- c:\program files (x86)\AVG
2013-09-08 00:31 . 2013-09-08 00:41 -------- d-----w- c:\users\paul\AppData\Local\Avg2013
2013-09-04 08:33 . 2013-09-04 08:33 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2013-09-03 06:28 . 2013-09-03 06:28 -------- d-----w- c:\users\paul\AppData\Roaming\Webroot
2013-09-03 06:27 . 2013-09-03 06:28 -------- d-----w- c:\program files (x86)\Common Files\Webroot Shared
2013-09-03 06:27 . 2013-09-03 06:27 -------- d-----w- c:\program files (x86)\Webroot
2013-09-03 06:27 . 2005-05-20 20:53 486400 ----a-w- c:\windows\SysWow64\wwSecure.exe
2013-09-02 04:58 . 2013-09-02 05:02 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-09-01 06:02 . 2013-09-01 06:02 -------- d-----w- C:\_OTL
2013-08-28 07:31 . 2013-08-28 07:31 -------- d-----w- c:\windows\ERUNT
2013-08-26 15:49 . 2013-08-26 15:51 -------- d-----w- C:\AdwCleaner
2013-08-26 14:52 . 2013-08-27 05:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-26 14:52 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-26 06:41 . 2013-08-26 06:41 -------- d-----w- c:\users\paul\AppData\Roaming\Malwarebytes
2013-08-26 06:41 . 2013-08-26 06:41 -------- d-----w- c:\programdata\Malwarebytes
2013-08-26 06:40 . 2013-08-26 06:40 -------- d-----w- c:\users\paul\AppData\Local\Programs
2013-08-26 06:36 . 2013-08-26 06:39 -------- d-----w- c:\programdata\HitmanPro
2013-08-26 05:08 . 2013-09-02 05:02 -------- d-----w- c:\program files (x86)\Real
2013-08-26 04:58 . 2013-08-26 04:58 -------- d-----w- c:\users\paul\AppData\Roaming\Video Media Download
2013-08-17 22:40 . 2013-08-17 22:41 -------- d-----w- c:\windows\system32\MRT
2013-08-17 22:14 . 2013-06-16 22:41 997632 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-08-17 22:14 . 2013-06-01 09:24 1453568 ----a-w- c:\windows\SysWow64\mfcore.dll
2013-08-17 22:14 . 2013-06-01 09:23 1842176 ----a-w- c:\windows\SysWow64\dwmcore.dll
2013-08-17 22:14 . 2013-06-01 09:20 1527808 ----a-w- c:\windows\system32\mfcore.dll
2013-08-17 22:14 . 2013-06-01 09:20 2219520 ----a-w- c:\windows\system32\dwmcore.dll
2013-08-17 22:11 . 2012-10-12 06:13 109568 ----a-w- c:\windows\system32\dskquota.dll
2013-08-17 22:11 . 2012-10-12 05:39 82944 ----a-w- c:\windows\SysWow64\dskquota.dll
2013-08-17 22:11 . 2012-10-24 04:54 396008 ----a-w- c:\windows\system32\hal.dll
2013-08-17 22:07 . 2012-12-04 04:21 368640 ----a-w- c:\windows\system32\sppwinob.dll
2013-08-17 22:06 . 2012-11-06 07:33 1566432 ----a-w- c:\windows\system32\ole32.dll
2013-08-17 22:05 . 2013-07-09 06:07 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-17 22:04 . 2013-07-13 06:16 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-08-17 22:04 . 2013-07-13 04:23 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-17 22:04 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-08-17 22:04 . 2013-07-13 06:16 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-17 22:04 . 2013-07-13 06:15 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-08-17 22:04 . 2013-07-13 06:15 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-08-17 22:04 . 2013-07-13 04:24 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-17 22:04 . 2013-07-13 04:23 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-08-17 22:04 . 2013-07-13 04:23 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-17 22:40 . 2013-06-10 12:52 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-17 08:33 . 2013-06-30 02:51 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-20 06:51 . 2013-07-20 06:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 06:50 . 2013-07-20 06:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 06:50 . 2013-07-20 06:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 06:50 . 2013-07-20 06:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-10 06:32 . 2013-07-10 06:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-09 06:28 . 2013-07-09 06:28 248632 ----a-w- c:\windows\system32\drivers\avgwfpa.sys
2013-07-01 06:45 . 2013-07-01 06:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-27 22:04 . 2013-06-10 13:28 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2013-06-10 13:28 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-25 08:54 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-11 08:31 . 2013-06-11 08:31 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-09-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-05-02 548864]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-07-26 508656]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-07-27 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-07-27 167024]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
R2 0215451370840746mcinstcleanup;McAfee Application Installer Cleanup (0215451370840746);c:\windows\TEMP\021545~1.EXE;c:\windows\TEMP\021545~1.EXE [x]
R2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 NEOFLTR_7110_21187;Juniper Networks TDI Filter Driver (NEOFLTR_7110_21187);c:\windows\system32\Drivers\NEOFLTR_7110_21187.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_7110_21187.SYS [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08 05:15]
.
2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-12 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-12 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-12 441888]
"SynLenovoGestureMgr"="c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" [bU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-06 13219984]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-10-29 1234064]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-09-30 11582848]
"OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-09-14 4196432]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-01-14 17080376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-01-14 191544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67


.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-09-08  21:00:22
ComboFix-quarantined-files.txt  2013-09-09 02:00
ComboFix2.txt  2013-09-09 01:44
ComboFix3.txt  2013-09-08 17:12
.
Pre-Run: 904,093,696,000 bytes free
Post-Run: 904,044,154,880 bytes free
.
- - End Of File - - 7251B8924CC8401C6897624A3B30D366

 

Hopefully, things will start improving.
 

Link to post
Share on other sites

By the way  AppRemover removed only some game application that I never heard of.  There was no option for "next' or to "clean up failed uninstall".  So I ran Combofix before anything really got accomplished with AppRemover.  It found AVG and MalwareBytes and I didn't remove those.

 

Do you think we are making any progress?

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.