Jump to content


Photo
- - - - -

Malwarebytes Locks Up


  • This topic is locked This topic is locked
34 replies to this topic

#1 Brother_Jim

Brother_Jim

    New Member

  • Members
  • Pip
  • 19 posts

Posted 23 July 2013 - 09:42 AM

Ok I was in the malwarebytes help section and was told to come here, due to possiable being infected. Everytime I tried to run Malwarebytes it locks up once it gets into the system file scans. I have ran it in safe more and it found 22 infections, ran a online virus scan and found 17 infections.

 

But if I try to use in normal mode it locks up.

 

Win 7 Prem 2 GB of Ram Dell Inspiron LapTop

 

here are the logs requested.

Attached Files



#2 Brother_Jim

Brother_Jim

    New Member

  • Members
  • Pip
  • 19 posts

Posted 23 July 2013 - 09:45 AM

http://forums.malwar...howtopic=129841  here is the link of the help section



#3 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 July 2013 - 09:54 AM

Hello Brother_Jim! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

appbario12 Toolbar
Ask Toolbar
Ask Toolbar Updater
Coupon Printer for Windows
Define Ext
Inbox Toolbar
LessTabs
InternetHelper3.1 Toolbar
Search Toolbar



Step 2

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step 4

Please add in exclusions in Norton Internet Security Malwarebytes' Anti-Malware.
https://support.nort...tail_2012_en_us

Please add each of the following files:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\drivers\mbam.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys

Make sure to click 'OK' when done.


Step 5
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 6
  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • RogueKiller log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#4 Brother_Jim

Brother_Jim

    New Member

  • Members
  • Pip
  • 19 posts

Posted 23 July 2013 - 11:52 AM

Ok I am up to step 4, but I don't see where to add this in the malware program Please add in exclusions in Norton Internet Security Malwarebytes' Anti-Malware.

I am looking but don't see a exclusions tab or where it may be. Sorry.

#5 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 July 2013 - 11:56 AM

Did you follow the instructions here?
https://support.nort...tail_2012_en_us

Which version is your Norton Internet Security?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#6 Brother_Jim

Brother_Jim

    New Member

  • Members
  • Pip
  • 19 posts

Posted 23 July 2013 - 11:57 AM

Ok I am up to step 4, but I don't see where to add this in the malware program Please add in exclusions in Norton Internet Security Malwarebytes' Anti-Malware.

I am looking but don't see a exclusions tab or where it may be. Sorry.


Sorry you meant to add it to Norton, I no longer have Norton installed I removed it, so do I attempt to run Malware again?

#7 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 July 2013 - 12:34 PM

In this case, proceed further.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#8 Brother_Jim

Brother_Jim

    New Member

  • Members
  • Pip
  • 19 posts

Posted 23 July 2013 - 12:37 PM

I tried to run Malware again and it locked up once it gets into system file scans. Here are the other reports.

Attached Files



#9 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 July 2013 - 12:40 PM

Please read my instructions again from the beginning. All of your log fiels should be pasted in your reply, not to attach it.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#10 Brother_Jim

Brother_Jim

    New Member

  • Members
  • Pip
  • 19 posts

Posted 23 July 2013 - 01:27 PM

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 11:33:03
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : user - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\ProgramData\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB05974.TBSB05974Toolbar
Key Deleted : HKLM\Software\SearchProtect
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

-\\ Google Chrome v28.0.1500.72

*************************

AdwCleaner[S1].txt - [4845 octets] - [23/07/2013 11:33:04]

########## EOF - C:\AdwCleaner[S1].txt - [4905 octets] ##########
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Premium x86
Ran by user on Tue 07/23/2013 at 11:28:41.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\bho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{18b9b16e-716f-43df-a6ad-512c7d2eb983}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{8736c681-37a0-40c6-a0f0-4c083409151c}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3279411
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289663
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{456DADC9-06DC-42DF-AD83-C3196CDB1625}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1E3D3CE-3549-430F-8822-01240E400989}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CECB5D17-5B44-4CED-8179-BD0AF911C5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA7D7B9C-C5AE-405E-ACA7-F4673BED1900}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{13796C65-BBE9-4BB0-8E72-B7A26F519A0D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\interface\{ac71b60e-94c9-4ede-ba46-e146747bb67e}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\sweetim"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/23/2013 at 11:31:19.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------------------------------
RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 07/23/2013 12:34:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\user\AppData\Local\Temp\IHUC447.tmp.exe [x][x] -> DELETED
[V2][SUSP PATH] TidyNetwork Update : C:\Users\user\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1655GSX +++++
--- User ---
[MBR] 04fed4a20147b5da2437ac64a81ba55f
[BSP] b36e7300d4773d7b7ca0cc43aaba9b3e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07232013_123441.txt >>
RKreport[0]_S_07232013_123257.txt

-------------------------------------------------------------------
RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 07/23/2013 12:32:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\user\AppData\Local\Temp\IHUC447.tmp.exe [x][x] -> FOUND
[V2][SUSP PATH] TidyNetwork Update : C:\Users\user\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1655GSX +++++
--- User ---
[MBR] 04fed4a20147b5da2437ac64a81ba55f
[BSP] b36e7300d4773d7b7ca0cc43aaba9b3e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07232013_123257.txt >>

#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 July 2013 - 06:49 AM

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:
  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 Brother_Jim

Brother_Jim

    New Member

  • Members
  • Pip
  • 19 posts

Posted 24 July 2013 - 09:33 AM

ComboFix 13-07-24.02 - user 07/24/2013 9:17.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2010.1111 [GMT -5:00]
Running from: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-06-24 to 2013-07-24 )))))))))))))))))))))))))))))))
.
.
2013-07-24 14:25 . 2013-07-24 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-23 17:24 . 2013-07-23 17:24 -------- d-----w- c:\users\user\AppData\Local\SwvUpdater
2013-07-23 17:17 . 2013-07-23 17:17 -------- d-----w- c:\program files\iMesh
2013-07-23 16:54 . 2013-07-23 16:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-23 16:28 . 2013-07-23 16:28 -------- d-----w- c:\windows\ERUNT
2013-07-22 15:06 . 2013-07-22 15:06 -------- d-----w- c:\program files\Common Files\Java
2013-07-22 15:06 . 2013-07-22 15:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-22 15:00 . 2013-07-22 15:02 -------- d-----w- c:\users\user\AppData\Local\Adobe
2013-07-22 14:50 . 2013-07-22 14:52 -------- d-----w- c:\windows\system32\MRT
2013-07-22 14:38 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-22 14:38 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-22 14:38 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-07-22 14:38 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-22 14:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-07-22 14:18 . 2013-07-22 14:18 -------- d-----w- c:\users\user\AppData\Local\Apple
2013-07-19 22:41 . 2013-07-19 22:41 -------- d-----w- c:\program files\ESET
2013-07-19 21:46 . 2013-07-19 21:46 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\programdata\Malwarebytes
2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-19 21:45 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-19 19:28 . 2013-07-24 14:25 -------- d-----w- c:\users\user\AppData\Local\temp
2013-07-19 18:11 . 2013-07-19 18:11 -------- d-----w- C:\found.000
2013-07-17 19:10 . 2013-07-17 19:10 -------- d-----w- c:\users\user\AppData\Local\Acelogix
2013-07-17 16:30 . 2013-07-17 16:30 -------- d-----w- c:\program files\VS Revo Group
2013-07-17 16:25 . 2013-07-17 16:25 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2013-07-17 16:24 . 2013-07-17 16:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-17 16:22 . 2013-07-17 16:22 -------- d-----w- c:\program files\CCleaner
2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Acelogix
2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Ace Utilities
2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\users\user\AppData\Roaming\PlusWinks
2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\users\user\AppData\Roaming\SpeedAnalysis2
2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\program files\Cool Smiley Bar for Facebook
2013-07-11 18:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 18:41 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 18:41 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 18:41 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 18:41 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 18:41 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 18:41 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 18:41 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 18:41 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 18:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 18:41 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-08 16:23 . 2013-07-09 11:28 -------- d-----w- c:\program files\uPlayer
2013-07-08 16:21 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-07-08 16:21 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-07-08 16:21 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-07-08 16:21 . 2013-02-05 07:25 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-07-08 16:21 . 2013-02-05 07:25 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-07-08 16:20 . 2013-07-23 16:21 -------- d-----w- c:\users\user\AppData\Local\DefineExt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-22 15:05 . 2012-06-20 00:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-22 15:02 . 2012-03-29 11:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-22 15:02 . 2011-05-16 13:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 02:48 . 2011-03-24 14:39 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-22 17:32 . 2013-05-22 17:32 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-05-13 04:45 . 2013-06-13 00:28 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 00:28 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-13 00:28 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-13 00:28 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 00:28 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-13 00:28 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-13 00:28 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-13 00:28 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-13 00:28 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-30 04:36 . 2013-04-30 04:36 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 04:36 . 2013-04-30 04:36 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 04:36 . 2013-04-30 04:36 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 04:36 . 2013-04-30 04:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 04:36 . 2013-04-30 04:36 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 04:36 . 2013-04-30 04:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 04:36 . 2013-04-30 04:36 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 04:36 . 2013-04-30 04:36 361984 ----a-w- c:\windows\system32\html.iec
2013-04-30 04:36 . 2013-04-30 04:36 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 04:36 . 2013-04-30 04:36 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 04:36 . 2013-04-30 04:36 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 04:36 . 2013-04-30 04:36 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 04:36 . 2013-04-30 04:36 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 04:36 . 2013-04-30 04:36 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 04:36 . 2013-04-30 04:36 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 04:36 . 2013-04-30 04:36 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 04:36 . 2013-04-30 04:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-26 04:55 . 2013-06-13 00:28 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-13 00:28 1505280 ----a-w- c:\windows\system32\d3d11.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-04-02 08:01 1467528 ----a-w- c:\program files\Microsoft\BingBar\7.2.233.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="c:\users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-07-17 4760816]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2008-5-10 282624]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-12-21 18:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-05-07 22:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
2009-10-02 19:48 165104 ----a-w- c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe"
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"<NO NAME>"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-07-23 40776]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-17 1343400]
R4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x]
R4 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R4 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R4 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [2013-04-16 134744]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe [2009-03-31 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [2013-05-21 144368]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.exe [2009-10-02 656624]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - SPBBCDrv
*Deregistered* - SYMDNS
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:02]
.
2013-07-24 c:\windows\Tasks\AmiUpdXp.job
- c:\users\user\AppData\Local\SwvUpdater\Updater.exe [2013-07-23 17:24]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47]
.
.
------- Supplementary Scan -------
.

Trusted Zone: $talisma_url$
Trusted Zone: amazon.com\www
TCP: DhcpNameServer = 10.0.0.1


.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-DSite - c:\users\user\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-24 09:27:05
ComboFix-quarantined-files.txt 2013-07-24 14:27
ComboFix2.txt 2013-07-19 19:35
.
Pre-Run: 102,558,375,936 bytes free
Post-Run: 102,565,122,048 bytes free
.
- - End Of File - - 4D4845E579B58B743D7654B894B681EC
A36C5E4F47E84449FF07ED3517B43A31

#13 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 July 2013 - 09:40 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\Tasks\AmiUpdXp.job

Folder::
c:\users\user\AppData\Roaming\PlusWinks
c:\users\user\AppData\Roaming\SpeedAnalysis2
c:\program files\Cool Smiley Bar for Facebook
c:\users\user\AppData\Local\SwvUpdater

JavaClearCache::


Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#14 Brother_Jim

Brother_Jim

    New Member

  • Members
  • Pip
  • 19 posts

Posted 24 July 2013 - 12:55 PM

ComboFix 13-07-24.02 - user 07/24/2013  12:41:19.3.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2010.1236 [GMT -5:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\AmiUpdXp.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Cool Smiley Bar for Facebook
c:\program files\Cool Smiley Bar for Facebook\AddonsFramework.Typelib.dll
c:\program files\Cool Smiley Bar for Facebook\background.html
c:\program files\Cool Smiley Bar for Facebook\BackgroundHost.exe
c:\program files\Cool Smiley Bar for Facebook\BackgroundHost64.exe
c:\program files\Cool Smiley Bar for Facebook\BackgroundHostPS.dll
c:\program files\Cool Smiley Bar for Facebook\ButtonSite.dll
c:\program files\Cool Smiley Bar for Facebook\ButtonSite64.dll
c:\program files\Cool Smiley Bar for Facebook\config.xml
c:\program files\Cool Smiley Bar for Facebook\content.js
c:\program files\Cool Smiley Bar for Facebook\icon128.png
c:\program files\Cool Smiley Bar for Facebook\icon16.png
c:\program files\Cool Smiley Bar for Facebook\icon48.png
c:\program files\Cool Smiley Bar for Facebook\jquery-1.9.1.min.js
c:\program files\Cool Smiley Bar for Facebook\json2.min.js
c:\program files\Cool Smiley Bar for Facebook\mz\background.js
c:\program files\Cool Smiley Bar for Facebook\mz\content.js
c:\program files\Cool Smiley Bar for Facebook\ScriptHost.dll
c:\program files\Cool Smiley Bar for Facebook\uninst.exe
c:\program files\Cool Smiley Bar for Facebook\uninstall.exe
c:\program files\Cool Smiley Bar for Facebook\updater.js
c:\program files\Cool Smiley Bar for Facebook\updaterWrapper.js
c:\users\user\AppData\Local\SwvUpdater
c:\users\user\AppData\Local\SwvUpdater\status.cfg
c:\users\user\AppData\Local\SwvUpdater\Updater.exe
c:\users\user\AppData\Local\SwvUpdater\Updater.xml
c:\users\user\AppData\Roaming\PlusWinks
c:\users\user\AppData\Roaming\PlusWinks\pluswinks.crx
c:\users\user\AppData\Roaming\SpeedAnalysis2
c:\users\user\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 17:49 . 2013-07-24 17:49 -------- d-----w- c:\users\user\AppData\Local\temp
2013-07-24 17:49 . 2013-07-24 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-23 17:17 . 2013-07-23 17:17 -------- d-----w- c:\program files\iMesh
2013-07-23 16:54 . 2013-07-23 16:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-23 16:28 . 2013-07-23 16:28 -------- d-----w- c:\windows\ERUNT
2013-07-22 15:06 . 2013-07-22 15:06 -------- d-----w- c:\program files\Common Files\Java
2013-07-22 15:06 . 2013-07-22 15:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-22 15:00 . 2013-07-24 14:31 -------- d-----w- c:\users\user\AppData\Local\Adobe
2013-07-22 14:50 . 2013-07-22 14:52 -------- d-----w- c:\windows\system32\MRT
2013-07-22 14:38 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-22 14:38 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-22 14:38 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-07-22 14:38 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-22 14:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-07-22 14:18 . 2013-07-22 14:18 -------- d-----w- c:\users\user\AppData\Local\Apple
2013-07-19 22:41 . 2013-07-19 22:41 -------- d-----w- c:\program files\ESET
2013-07-19 21:46 . 2013-07-19 21:46 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\programdata\Malwarebytes
2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-19 21:45 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-19 18:11 . 2013-07-19 18:11 -------- d-----w- C:\found.000
2013-07-17 19:10 . 2013-07-17 19:10 -------- d-----w- c:\users\user\AppData\Local\Acelogix
2013-07-17 16:30 . 2013-07-17 16:30 -------- d-----w- c:\program files\VS Revo Group
2013-07-17 16:25 . 2013-07-17 16:25 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2013-07-17 16:24 . 2013-07-17 16:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-17 16:22 . 2013-07-17 16:22 -------- d-----w- c:\program files\CCleaner
2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Acelogix
2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Ace Utilities
2013-07-11 18:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 18:41 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 18:41 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 18:41 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 18:41 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 18:41 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 18:41 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 18:41 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 18:41 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 18:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 18:41 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-08 16:23 . 2013-07-09 11:28 -------- d-----w- c:\program files\uPlayer
2013-07-08 16:21 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-07-08 16:21 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-07-08 16:21 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-07-08 16:21 . 2013-02-05 07:25 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-07-08 16:21 . 2013-02-05 07:25 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-07-08 16:20 . 2013-07-23 16:21 -------- d-----w- c:\users\user\AppData\Local\DefineExt
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-22 15:05 . 2012-06-20 00:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-22 15:02 . 2012-03-29 11:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-22 15:02 . 2011-05-16 13:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 02:48 . 2011-03-24 14:39 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-22 17:32 . 2013-05-22 17:32 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-05-13 04:45 . 2013-06-13 00:28 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 00:28 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-13 00:28 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-13 00:28 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 00:28 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-13 00:28 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-13 00:28 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-13 00:28 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-13 00:28 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-30 04:36 . 2013-04-30 04:36 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 04:36 . 2013-04-30 04:36 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 04:36 . 2013-04-30 04:36 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 04:36 . 2013-04-30 04:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 04:36 . 2013-04-30 04:36 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 04:36 . 2013-04-30 04:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 04:36 . 2013-04-30 04:36 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 04:36 . 2013-04-30 04:36 361984 ----a-w- c:\windows\system32\html.iec
2013-04-30 04:36 . 2013-04-30 04:36 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 04:36 . 2013-04-30 04:36 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 04:36 . 2013-04-30 04:36 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 04:36 . 2013-04-30 04:36 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 04:36 . 2013-04-30 04:36 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 04:36 . 2013-04-30 04:36 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 04:36 . 2013-04-30 04:36 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 04:36 . 2013-04-30 04:36 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 04:36 . 2013-04-30 04:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-26 04:55 . 2013-06-13 00:28 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-13 00:28 1505280 ----a-w- c:\windows\system32\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-04-02 08:01 1467528 ----a-w- c:\program files\Microsoft\BingBar\7.2.233.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="c:\users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-07-17 4760816]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2008-5-10 282624]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-12-21 18:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-05-07 22:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
2009-10-02 19:48 165104 ----a-w- c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe"
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"<NO NAME>"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-07-23 40776]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-17 1343400]
R4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x]
R4 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R4 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R4 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [2013-04-16 134744]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe [2009-03-31 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [2013-05-21 144368]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.exe [2009-10-02 656624]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - SPBBCDrv
*Deregistered* - SYMDNS
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:02]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47]
.
.
------- Supplementary Scan -------
.

Trusted Zone: $talisma_url$
Trusted Zone: amazon.com\www
TCP: DhcpNameServer = 10.0.0.1


.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cool Smiley Bar for Facebook - c:\program files\Cool Smiley Bar for Facebook\uninstall.exe
AddRemove-PlusWinks - c:\program files\Cool Smiley Bar for Facebook\uninst.exe
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\user\AppData\Local\SwvUpdater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-24  12:50:58
ComboFix-quarantined-files.txt  2013-07-24 17:50
ComboFix2.txt  2013-07-24 14:27
ComboFix3.txt  2013-07-19 19:35
.
Pre-Run: 102,627,860,480 bytes free
Post-Run: 102,581,096,448 bytes free
.
- - End Of File - - D42E0C266D5DBC8881F93E9C724F71B2
A36C5E4F47E84449FF07ED3517B43A31
 



#15 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 July 2013 - 07:36 PM

Good! :)

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#16 Brother_Jim

Brother_Jim

    New Member

  • Members
  • Pip
  • 19 posts

Posted 25 July 2013 - 01:04 PM

C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Cool Smiley Bar for Facebook\BackgroundHostPS.dll.vir Win32/Toolbar.Besttoolbars.C application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir Win64/Toolbar.DefaultTab.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir Win64/Toolbar.DefaultTab.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\FPP_Setup (1).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\FPP_Setup (2).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\FPP_Setup (3).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\FPP_Setup (4).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\FPP_Setup (5).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\FPP_Setup.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\MapsSetup (1).exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\MapsSetup (2).exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\MapsSetup.exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\Setup (1).exe a variant of Win32/ExFriendAlert.B application cleaned by deleting - quarantined
C:\Users\user\Downloads\Setup (2).exe a variant of Win32/ExFriendAlert.B application cleaned by deleting - quarantined
C:\Users\user\Downloads\setup.exe (1).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\setup.exe.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\Users\user\Downloads\uplayermediaplayer-setup (1).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\user\Downloads\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\user\Downloads\VideoPerformerSetup (1).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined
C:\Users\user\Downloads\VideoPerformerSetup (2).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined
C:\Users\user\Downloads\VideoPerformerSetup (3).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined
C:\Users\user\Downloads\VideoPerformerSetup.exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined

#17 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 25 July 2013 - 01:10 PM

Looks good, but be more careful what you download.

How are things now? :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#18 Brother_Jim

Brother_Jim

    New Member

  • Members
  • Pip
  • 19 posts

Posted 25 July 2013 - 01:49 PM

jerky but malwarebytes still locks up when running

#19 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 25 July 2013 - 02:03 PM

Try those tips:
http://forums.malwar...=1
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#20 Brother_Jim

Brother_Jim

    New Member

  • Members
  • Pip
  • 19 posts

Posted 25 July 2013 - 02:05 PM

Wished their was a way to edit a post, I just tried to run malware again, and once it got into filesystem scan it found 5 infection but locks up at this point. When it locks up I must turn off the pc and reboot. So still not sure why it locks up, while everything else will run with no problems.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users