somethingd

Malwarebytes Anti-Malware has stopped working

32 posts in this topic

My computer appears to be infected. I can not run Malwarebytes or Mcafee.

Here is my DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Bria at 16:30:11 on 2012-04-26

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2155 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.523.0\ClickPotatoLiteSABHO.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265512774943

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://vetter.viewnetcam.com/bl_camera.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4C5D8FAF-A8C9-423B-8F10-FC5877ED55F7} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E1AA0074-10DF-4E53-B4CC-18CF54D8FEE4} : DhcpNameServer = 192.168.1.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO-X64: NCO 2.0 IE BHO - No File

BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO-X64: AIM Toolbar Loader - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

.

============= SERVICES / DRIVERS ===============

.

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]

R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]

R3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-8-1 89920]

S4 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-4 36864]

S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-17 40960]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]

S4 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2008-9-26 954368]

S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]

S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]

S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2009-5-27 103440]

S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]

S4 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]

S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-9-15 46392]

S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]

S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-3-28 24652]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-04-26 20:20:45 -------- d-----w- C:\Program Files (x86)\ESET

2012-04-26 18:47:37 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-04-26 18:45:14 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-26 18:45:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-26 12:09:51 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0873DF0-BE09-4EF5-8F6C-9EA7BECC92BB}\mpengine.dll

2012-04-26 07:10:26 -------- d-----w- C:\Users\Bria\AppData\Roaming\QuickScan

2012-04-26 07:04:03 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-26 00:20:37 -------- d-----w- C:\Windows\pss

2012-04-25 20:43:54 -------- d-----w- C:\Users\Bria\AppData\Roaming\LolClient

2012-04-25 03:28:12 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2012-04-25 03:28:12 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2012-04-25 03:28:10 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2012-04-25 03:16:39 -------- d-----w- C:\Riot Games

2012-04-25 02:41:31 -------- d-----w- C:\Users\Bria\AppData\Local\PMB Files

2012-04-25 02:41:25 -------- d-----w- C:\ProgramData\PMB Files

2012-04-25 02:41:00 -------- d-----w- C:\Program Files (x86)\Pando Networks

2012-04-24 00:02:06 -------- d-----w- C:\Program Files (x86)\Activision

2012-04-16 13:40:24 -------- d-sh--w- C:\Windows\ftpcache

2012-04-16 13:39:47 -------- d-----w- C:\Program Files (x86)\Saunders NCLEX-RN4e

2012-04-13 07:12:28 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-13 07:11:27 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-13 07:11:26 78848 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-13 07:11:26 5632 ----a-w- C:\Windows\System32\wmi.dll

2012-04-13 07:11:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-13 07:11:26 219136 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-13 07:11:26 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-13 07:11:25 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-12 15:14:00 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2012-04-12 15:14:00 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll

2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 16:32:47.49 ===============

Attach.zip

Share this post


Link to post
Share on other sites

Hello somethingd and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I suggest you to uninstall Viewpoint Media Player.

http://www.clickz.com/news/article.php/3561546

Step 2

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=85715&view=findpost&p=434002

Next, post the log file in your next reply with a new fresh DDS log file.

Share this post


Link to post
Share on other sites

When running chameleon the update process would give me the same error "malwarebytes has stopped working."

I tried to copy a new version from another computer and ran all the different versions. Same error.

new logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Bria at 20:07:14 on 2012-04-26

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2240 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\mobsync.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.523.0\ClickPotatoLiteSABHO.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265512774943

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://vetter.viewnetcam.com/bl_camera.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4C5D8FAF-A8C9-423B-8F10-FC5877ED55F7} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E1AA0074-10DF-4E53-B4CC-18CF54D8FEE4} : DhcpNameServer = 192.168.1.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO-X64: NCO 2.0 IE BHO - No File

BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO-X64: AIM Toolbar Loader - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

.

============= SERVICES / DRIVERS ===============

.

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]

R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]

R3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-8-1 89920]

S4 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-4 36864]

S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-17 40960]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]

S4 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2008-9-26 954368]

S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]

S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]

S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2009-5-27 103440]

S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]

S4 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]

S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-9-15 46392]

S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-04-26 22:38:15 33096 ----a-w- C:\Windows\System32\drivers\48230029.sys

2012-04-26 22:20:16 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-04-26 20:20:45 -------- d-----w- C:\Program Files (x86)\ESET

2012-04-26 18:45:14 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-26 18:45:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-26 12:09:51 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0873DF0-BE09-4EF5-8F6C-9EA7BECC92BB}\mpengine.dll

2012-04-26 07:10:26 -------- d-----w- C:\Users\Bria\AppData\Roaming\QuickScan

2012-04-26 07:04:03 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-26 00:20:37 -------- d-----w- C:\Windows\pss

2012-04-25 20:43:54 -------- d-----w- C:\Users\Bria\AppData\Roaming\LolClient

2012-04-25 03:28:12 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2012-04-25 03:28:12 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2012-04-25 03:28:10 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2012-04-25 03:16:39 -------- d-----w- C:\Riot Games

2012-04-25 02:41:31 -------- d-----w- C:\Users\Bria\AppData\Local\PMB Files

2012-04-25 02:41:25 -------- d-----w- C:\ProgramData\PMB Files

2012-04-25 02:41:00 -------- d-----w- C:\Program Files (x86)\Pando Networks

2012-04-24 00:02:06 -------- d-----w- C:\Program Files (x86)\Activision

2012-04-16 13:40:24 -------- d-sh--w- C:\Windows\ftpcache

2012-04-16 13:39:47 -------- d-----w- C:\Program Files (x86)\Saunders NCLEX-RN4e

2012-04-13 07:12:28 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-13 07:11:27 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-13 07:11:26 78848 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-13 07:11:26 5632 ----a-w- C:\Windows\System32\wmi.dll

2012-04-13 07:11:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-13 07:11:26 219136 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-13 07:11:26 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-13 07:11:25 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-12 15:14:00 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2012-04-12 15:14:00 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll

2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 20:09:53.88 ===============

Attach.txt

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

ComboFix 12-04-27.01 - Bria 04/27/2012 3:44.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1778 [GMT -4:00]

Running from: c:\users\Bria\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\ClickPotatoLite

c:\program files (x86)\ClickPotatoLite\bin\10.0.523.0\firefox\extensions\chrome.manifest

c:\program files (x86)\ClickPotatoLite\bin\10.0.523.0\firefox\extensions\install.rdf

c:\program files (x86)\ClickPotatoLite\bin\10.0.523.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll

c:\program files (x86)\DDnsFilter

c:\program files (x86)\FunWebProducts

c:\program files (x86)\Gamevance

c:\program files (x86)\Gamevance\ars.cfg

c:\program files (x86)\Gamevance\icon.ico

c:\program files (x86)\MyWebSearch

c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat

c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

c:\programdata\ClickPotatoLiteSA

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat

c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk

c:\users\Bria\AppData\Roaming\ClickPotatoLite

c:\users\Bria\Documents\~WRL0379.tmp

c:\users\Bria\Documents\~WRL0590.tmp

c:\users\Bria\Documents\~WRL0591.tmp

c:\users\Bria\Documents\~WRL1495.tmp

c:\users\Public\Documents\~WRL0001.tmp

c:\windows\0101120101464857.xe

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\SysWow64\urttemp

c:\windows\SysWow64\urttemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))

.

.

2012-04-27 08:53 . 2012-04-27 09:00 -------- d-----w- c:\users\Bria\AppData\Local\temp

2012-04-27 08:53 . 2012-04-27 08:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-26 22:20 . 2012-04-26 22:20 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-26 20:20 . 2012-04-26 20:20 -------- d-----w- c:\program files (x86)\ESET

2012-04-26 18:45 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-26 18:45 . 2012-04-26 22:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-26 07:10 . 2012-04-26 20:19 -------- d-----w- c:\users\Bria\AppData\Roaming\QuickScan

2012-04-26 07:04 . 2012-04-26 07:04 -------- d-----w- c:\programdata\Malwarebytes

2012-04-25 20:43 . 2012-04-25 20:43 -------- d-----w- c:\users\Bria\AppData\Roaming\LolClient

2012-04-25 03:28 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2012-04-25 03:28 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2012-04-25 03:28 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2012-04-25 03:16 . 2012-04-25 03:16 -------- d-----w- C:\Riot Games

2012-04-25 02:41 . 2012-04-25 22:21 -------- d-----w- c:\users\Bria\AppData\Local\PMB Files

2012-04-25 02:41 . 2012-04-25 21:53 -------- d-----w- c:\programdata\PMB Files

2012-04-25 02:41 . 2012-04-25 02:41 -------- d-----w- c:\program files (x86)\Pando Networks

2012-04-24 00:02 . 2012-04-24 00:02 -------- d-----w- c:\program files (x86)\Activision

2012-04-16 13:40 . 2012-04-16 13:40 -------- d-sh--w- c:\windows\ftpcache

2012-04-16 13:39 . 2012-04-16 13:40 -------- d-----w- c:\program files (x86)\Saunders NCLEX-RN4e

2012-04-13 07:12 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-13 07:11 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-13 07:11 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll

2012-04-13 07:11 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll

2012-04-13 07:11 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-13 07:11 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-13 07:11 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-13 07:11 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 15:14 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2012-04-12 15:14 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 08:46 . 2012-04-27 07:33 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65DD6124-AB59-4569-863D-9FA034EE59AB}\mpengine.dll

2012-02-23 14:18 . 2010-05-24 18:43 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-14 16:49 . 2012-03-14 12:36 327680 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-14 16:49 . 2012-03-14 12:36 196096 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-14 15:45 . 2012-03-14 12:36 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-02-14 15:45 . 2012-03-14 12:36 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-02-13 14:38 . 2012-03-14 12:36 2002944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-13 14:12 . 2012-03-14 12:36 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2012-02-13 14:06 . 2012-03-14 12:36 834048 ----a-w- c:\windows\system32\d2d1.dll

2012-02-13 14:03 . 2012-03-14 12:36 1555968 ----a-w- c:\windows\system32\DWrite.dll

2012-02-13 13:47 . 2012-03-14 12:36 683008 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-02-13 13:44 . 2012-03-14 12:36 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-02 15:34 . 2012-03-14 12:36 2765824 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 432640]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

ddnsfilter REG_MULTI_SZ ddnsfilter

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 01:38]

.

2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 01:38]

.

2010-06-08 c:\windows\Tasks\Install_NSS.job

- c:\windows\SysWOW64\Adobe\Shockwave 11\nssstub.exe [2010-01-27 21:01]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

SafeBoot-Symantec Antvirus

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2463042382-2951657566-2286130367-1000\Software\SecuROM\License information*]

"datasecu"=hex:e0,6a,0e,6b,5f,54,dd,ec,2c,74,12,b6,16,9f,83,55,fa,fb,99,70,97,

7c,0f,01,8c,e4,db,60,97,65,7c,7a,98,17,02,e6,1a,8b,31,74,9f,19,90,27,79,4d,\

"rkeysecu"=hex:5c,53,d9,39,b0,34,e1,5c,d1,71,87,95,ea,1c,e5,a2

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Windows Media Player\wmplayer.exe

c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

.

**************************************************************************

.

Completion time: 2012-04-27 05:13:47 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-27 09:13

.

Pre-Run: 141,153,521,664 bytes free

Post-Run: 142,696,423,424 bytes free

.

- - End Of File - - B9E53F8D9E2357B4F62A7B815DD50F53

Share this post


Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Share this post


Link to post
Share on other sites

MalwareBytes still has the same error when I try to run it. I tried in chameleon mode and the issue is still there.

Share this post


Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

<p> </p>

<div>

<div>ESETSmartInstaller@High as downloader log:</div>

<div>all ok</div>

<div># version=7</div>

<div># OnlineScannerApp.exe=1.0.0.1</div>

<div># OnlineScanner.ocx=1.0.0.6583</div>

<div># api_version=3.0.2</div>

<div># EOSSerial=e557aba3709060409f9c62947bb261c6</div>

<div># end=stopped</div>

<div># remove_checked=true</div>

<div># archives_checked=false</div>

<div># unwanted_checked=true</div>

<div># unsafe_checked=false</div>

<div># antistealth_checked=true</div>

<div># utc_time=2012-04-26 08:29:20</div>

<div># local_time=2012-04-26 04:29:20 (-0500, Eastern Daylight Time)</div>

<div># country="United States"</div>

<div># lang=1033</div>

<div># osver=6.0.6002 NT Service Pack 2</div>

<div># compatibility_mode=3584 16777215 100 0 0 0 0 0</div>

<div># compatibility_mode=5892 16776637 100 56 0 172070592 0 0</div>

<div># compatibility_mode=8192 67108863 100 0 0 0 0 0</div>

<div># scanned=2644</div>

<div># found=0</div>

<div># cleaned=0</div>

<div># scan_time=274</div>

<div>esets_scanner_update returned -1 esets_gle=53251</div>

<div> </div>

</div>

<div> </div>

<div>C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.MyWebSearch application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Program Files (x86)\Windows Live\Messenger\riched20.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.MyWebSearch application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Qoobox\Quarantine\C\Program Files (x86)\ClickPotatoLite\bin\10.0.523.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll.vir<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Adware.HotBar.J application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Users\Bria\Downloads\SoftonicDownloader_for_call-of-duty-4.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/SoftonicDownloader.D application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div> </div>

Share this post


Link to post
Share on other sites

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Share this post


Link to post
Share on other sites

The internet has stopped working on the laptop.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-29 06:57:54

-----------------------------

06:57:54.125 OS Version: Windows x64 6.0.6002 Service Pack 2

06:57:54.125 Number of processors: 2 586 0x301

06:57:54.125 ComputerName: BRIA-PC UserName: Bria

06:57:57.322 Initialize success

06:58:14.785 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

06:58:14.800 Disk 0 Vendor: TOSHIBA_MK2552GSX LV010M Size: 238475MB BusType: 3

06:58:14.831 Disk 0 MBR read successfully

06:58:14.847 Disk 0 MBR scan

06:58:14.847 Disk 0 Windows VISTA default MBR code

06:58:14.878 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

06:58:14.925 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236974 MB offset 3074048

06:58:15.003 Disk 0 scanning C:\Windows\system32\drivers

06:58:42.381 Service scanning

06:59:20.305 Modules scanning

06:59:20.351 Disk 0 trace - called modules:

06:59:20.414 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

06:59:20.429 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004474310]

06:59:20.461 3 CLASSPNP.SYS[fffffa60012e9c33] -> nt!IofCallDriver -> [0xfffffa80043d9770]

06:59:21.241 5 acpi.sys[fffffa60008f2fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800442d940]

06:59:21.272 Scan finished successfully

07:00:21.644 Disk 0 MBR has been saved successfully to "E:\MBR.dat"

07:00:21.737 The log file has been saved successfully to "E:\aswMBR.txt"

Share this post


Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

Farbar Service Scanner Version: 24-04-2012

Ran by Bria (administrator) on 29-04-2012 at 07:44:39

Running from "C:\Users\Bria\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

File Check:

========

C:\Windows\System32\nsisvc.dll

[2008-01-20 22:49] - [2008-01-20 22:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcsvc.dll

[2010-08-01 16:45] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys

[2012-02-15 08:52] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll

[2011-04-15 03:01] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll

[2010-08-01 16:47] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll

[2010-08-01 16:44] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2008-01-20 22:47] - [2008-01-20 22:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe

[2010-08-01 16:48] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll

[2010-08-01 16:43] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll

[2010-08-01 16:45] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll

[2009-10-05 19:14] - [2009-08-06 22:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll

[2010-08-01 16:48] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll

[2010-08-01 16:47] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll

[2010-08-01 16:46] - [2009-04-11 03:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Program Files\Windows Defender\MpSvc.dll

[2008-01-20 22:47] - [2008-01-20 22:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2010-08-01 16:48] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

Share this post


Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *afd.sys*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 08:55 on 29/04/2012 by Bria

Administrator - Elevation successful

========== filefind ==========

Searching for "*afd.sys*"

C:\Windows\System32\drivers\afd.sys --a---- 404992 bytes [12:52 15/02/2012] [14:25 03/01/2012] C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\en-US\afd.sys.mui --a---- 8192 bytes [15:13 02/11/2006] [15:13 02/11/2006] A9EB14594E52F176F33518B81F694ABC

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a5d099e339d8fb49\afd.sys.mui --a---- 8192 bytes [15:13 02/11/2006] [15:13 02/11/2006] A9EB14594E52F176F33518B81F694ABC

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys --a---- 408064 bytes [02:48 21/01/2008] [02:48 21/01/2008] DB37041AB857ABC7E179E856D8E1582C

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys --a---- 407552 bytes [01:57 16/06/2011] [13:42 21/04/2011] 9BB97042FA331A0FB4BDD98B9280A50A

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys --a---- 408064 bytes [01:57 16/06/2011] [13:47 21/04/2011] B53144D2EBB0843DD0436F5EA6953F65

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys --a---- 406016 bytes [20:48 01/08/2010] [05:44 11/04/2009] 12415CCFD3E7CEC55B5184E67B039FE4

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys --a---- 405504 bytes [01:57 16/06/2011] [14:20 21/04/2011] 0CC146C4ADDEA45791B18B1E2659F4A9

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18564_none_35b080ce141ddbe4\afd.sys --a---- 404992 bytes [12:52 15/02/2012] [14:25 03/01/2012] C4F6CE6087760AD70960C9EB130E7943

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys --a---- 405504 bytes [01:57 16/06/2011] [13:54 21/04/2011] 7B8E5F3A0626CA83B706F0738830845F

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22770_none_362b4e6b2d472f6a\afd.sys --a---- 404992 bytes [12:52 15/02/2012] [14:21 03/01/2012] 022ED7EB19DFECF39C106E0F9CF2BB19

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a5d099e339d8fb49_afd.sys.mui_ff192075 --a---- 8192 bytes [15:15 02/11/2006] [15:14 02/11/2006] A9EB14594E52F176F33518B81F694ABC

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18564_none_35b080ce141ddbe4_afd.sys_084af4a8 --a---- 404992 bytes [09:10 16/02/2012] [08:31 16/02/2012] C4F6CE6087760AD70960C9EB130E7943

-= EOF =-

Share this post


Link to post
Share on other sites

Delete your ComboFix copy, download a new fresh one and then:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys | C:\Windows\System32\drivers\afd.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 12-04-29.02 - Bria 04/29/2012 17:19:48.2.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2319 [GMT -4:00]

Running from: c:\users\Bria\Desktop\ComboFix.exe

Command switches used :: c:\users\Bria\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Bria\Favorites\Games.url

c:\windows\dxxdv34567.bat

c:\windows\fdgg34353edfgdfdf

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys --> c:\windows\System32\drivers\afd.sys

.

((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))

.

.

2012-04-29 21:46 . 2012-04-29 21:51 -------- d-----w- c:\users\Bria\AppData\Local\temp

2012-04-29 21:46 . 2012-04-29 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-29 21:19 . 2008-01-21 02:48 408064 ----a-w- c:\windows\SysWow64\drivers\afd.sys

2012-04-26 22:20 . 2012-04-26 22:20 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-26 20:20 . 2012-04-26 20:20 -------- d-----w- c:\program files (x86)\ESET

2012-04-26 18:45 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-26 18:45 . 2012-04-26 22:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-26 07:10 . 2012-04-26 20:19 -------- d-----w- c:\users\Bria\AppData\Roaming\QuickScan

2012-04-26 07:04 . 2012-04-26 07:04 -------- d-----w- c:\programdata\Malwarebytes

2012-04-25 20:43 . 2012-04-25 20:43 -------- d-----w- c:\users\Bria\AppData\Roaming\LolClient

2012-04-25 03:28 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2012-04-25 03:28 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2012-04-25 03:28 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2012-04-25 03:16 . 2012-04-25 03:16 -------- d-----w- C:\Riot Games

2012-04-25 02:41 . 2012-04-25 22:21 -------- d-----w- c:\users\Bria\AppData\Local\PMB Files

2012-04-25 02:41 . 2012-04-25 21:53 -------- d-----w- c:\programdata\PMB Files

2012-04-25 02:41 . 2012-04-25 02:41 -------- d-----w- c:\program files (x86)\Pando Networks

2012-04-24 00:02 . 2012-04-24 00:02 -------- d-----w- c:\program files (x86)\Activision

2012-04-16 13:40 . 2012-04-16 13:40 -------- d-sh--w- c:\windows\ftpcache

2012-04-16 13:39 . 2012-04-16 13:40 -------- d-----w- c:\program files (x86)\Saunders NCLEX-RN4e

2012-04-13 07:12 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-13 07:11 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-13 07:11 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll

2012-04-13 07:11 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll

2012-04-13 07:11 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-13 07:11 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-13 07:11 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-13 07:11 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 15:14 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2012-04-12 15:14 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 08:46 . 2012-04-27 07:33 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65DD6124-AB59-4569-863D-9FA034EE59AB}\mpengine.dll

2012-02-23 14:18 . 2010-05-24 18:43 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-14 16:49 . 2012-03-14 12:36 327680 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-14 16:49 . 2012-03-14 12:36 196096 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-14 15:45 . 2012-03-14 12:36 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-02-14 15:45 . 2012-03-14 12:36 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-02-13 14:38 . 2012-03-14 12:36 2002944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-13 14:12 . 2012-03-14 12:36 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2012-02-13 14:06 . 2012-03-14 12:36 834048 ----a-w- c:\windows\system32\d2d1.dll

2012-02-13 14:03 . 2012-03-14 12:36 1555968 ----a-w- c:\windows\system32\DWrite.dll

2012-02-13 13:47 . 2012-03-14 12:36 683008 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-02-13 13:44 . 2012-03-14 12:36 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-02 15:34 . 2012-03-14 12:36 2765824 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-27_08.59.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 02:23 . 2012-04-29 21:50 77876 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2012-04-29 21:50 84084 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-03-23 03:11 . 2012-04-27 09:00 22258 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2463042382-2951657566-2286130367-1000_UserData.bin

+ 2009-03-23 03:11 . 2012-04-29 21:50 22258 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2463042382-2951657566-2286130367-1000_UserData.bin

+ 2012-04-29 21:48 . 2012-04-29 21:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-27 08:57 . 2012-04-27 08:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-29 21:48 . 2012-04-29 21:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-27 08:57 . 2012-04-27 08:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-03-21 14:56 . 2012-04-29 20:39 334200 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2006-11-02 12:46 . 2012-04-29 11:00 613520 c:\windows\system32\perfh009.dat

- 2006-11-02 12:46 . 2012-04-26 22:37 613520 c:\windows\system32\perfh009.dat

+ 2006-11-02 12:46 . 2012-04-29 11:00 108446 c:\windows\system32\perfc009.dat

- 2006-11-02 12:46 . 2012-04-26 22:37 108446 c:\windows\system32\perfc009.dat

+ 2011-02-17 08:20 . 2012-04-29 21:46 302756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-02-17 08:20 . 2012-04-27 08:55 302756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-08-09 02:22 . 2012-04-29 10:50 576678 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2463042382-2951657566-2286130367-1000-4096.dat

- 2008-10-15 08:29 . 2012-04-27 08:55 2537664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2008-10-15 08:29 . 2012-04-29 21:46 2537664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-06-16 04:06 . 2012-04-27 08:55 2201568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2463042382-2951657566-2286130367-1000-8192.dat

+ 2011-06-16 04:06 . 2012-04-29 21:46 2201568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2463042382-2951657566-2286130367-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 432640]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

ddnsfilter REG_MULTI_SZ ddnsfilter

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 01:38]

.

2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 01:38]

.

2010-06-08 c:\windows\Tasks\Install_NSS.job

- c:\windows\SysWOW64\Adobe\Shockwave 11\nssstub.exe [2010-01-27 21:01]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]

"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2463042382-2951657566-2286130367-1000\Software\SecuROM\License information*]

"datasecu"=hex:e0,6a,0e,6b,5f,54,dd,ec,2c,74,12,b6,16,9f,83,55,fa,fb,99,70,97,

7c,0f,01,8c,e4,db,60,97,65,7c,7a,98,17,02,e6,1a,8b,31,74,9f,19,90,27,79,4d,\

"rkeysecu"=hex:5c,53,d9,39,b0,34,e1,5c,d1,71,87,95,ea,1c,e5,a2

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2012-04-29 18:03:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-29 22:03

ComboFix2.txt 2012-04-27 09:13

.

Pre-Run: 140,495,421,440 bytes free

Post-Run: 142,656,258,048 bytes free

.

- - End Of File - - F8C41B83EE46D00C3161C6E084909265

Share this post


Link to post
Share on other sites

Sounds good. :)

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Share this post


Link to post
Share on other sites

<p> </p>

<div>Status: Deleted   (events: 4)<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>4/30/2012 7:30:02 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Deleted<span class="Apple-tab-span" style="white-space:pre"> </span>adware not-a-virus:AdWare.Win32.HotBar.dh<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09C80000\4DEDF21A.VBN<span class="Apple-tab-span" style="white-space:pre"> </span>Medium<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>4/30/2012 7:30:02 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Deleted<span class="Apple-tab-span" style="white-space:pre"> </span>adware not-a-virus:AdWare.Win32.HotBar.dh<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09C80000\4DEDF21A.VBN//CryptZ<span class="Apple-tab-span" style="white-space:pre"> </span>Medium<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>4/30/2012 7:29:55 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Deleted<span class="Apple-tab-span" style="white-space:pre"> </span>adware not-a-virus:AdWare.Win32.HotBar.dh<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09C80001\4DED62FE.VBN<span class="Apple-tab-span" style="white-space:pre"> </span>Medium<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>4/30/2012 7:29:55 AM<span class="Apple-tab-span" style="white-space:pre"> </span>Deleted<span class="Apple-tab-span" style="white-space:pre"> </span>adware not-a-virus:AdWare.Win32.HotBar.dh<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09C80001\4DED62FE.VBN//CryptZ<span class="Apple-tab-span" style="white-space:pre"> </span>Medium<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div> </div>

Share this post


Link to post
Share on other sites

Status: Deleted (events: 4)

4/30/2012 7:30:02 AM Deleted adware not-a-virus:AdWare.Win32.HotBar.dh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09C80000\4DEDF21A.VBN Medium

4/30/2012 7:30:02 AM Deleted adware not-a-virus:AdWare.Win32.HotBar.dh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09C80000\4DEDF21A.VBN//CryptZ Medium

4/30/2012 7:29:55 AM Deleted adware not-a-virus:AdWare.Win32.HotBar.dh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09C80001\4DED62FE.VBN Medium

4/30/2012 7:29:55 AM Deleted adware not-a-virus:AdWare.Win32.HotBar.dh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09C80001\4DED62FE.VBN//CryptZ Medium

Share this post


Link to post
Share on other sites

Please do the following:


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Share this post


Link to post
Share on other sites

Malwarebytes still has the same problem after new clean install.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.