Jump to content

Malwarebytes Locks Up


Recommended Posts

Ok I was in the malwarebytes help section and was told to come here, due to possiable being infected. Everytime I tried to run Malwarebytes it locks up once it gets into the system file scans. I have ran it in safe more and it found 22 infections, ran a online virus scan and found 17 infections.

 

But if I try to use in normal mode it locks up.

 

Win 7 Prem 2 GB of Ram Dell Inspiron LapTop

 

here are the logs requested.

attach.txt

dds.txt

Link to post
Share on other sites

Hello Brother_Jim! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

appbario12 Toolbar

Ask Toolbar

Ask Toolbar Updater

Coupon Printer for Windows

Define Ext

Inbox Toolbar

LessTabs

InternetHelper3.1 Toolbar

Search Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4

Please add in exclusions in Norton Internet Security Malwarebytes' Anti-Malware.

https://support.norton.com/sp/en/us/home/current/solutions/v54298489_NIS_Retail_2012_en_us

Please add each of the following files:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\drivers\mbam.sys

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

Make sure to click 'OK' when done.

Step 5

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 6

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • RogueKiller log
Link to post
Share on other sites

Ok I am up to step 4, but I don't see where to add this in the malware program Please add in exclusions in Norton Internet Security Malwarebytes' Anti-Malware.

I am looking but don't see a exclusions tab or where it may be. Sorry.

Sorry you meant to add it to Norton, I no longer have Norton installed I removed it, so do I attempt to run Malware again?

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 11:33:03

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)

# User : user - USER-PC

# Boot Mode : Normal

# Running from : C:\Users\user\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\ParetoLogic

Folder Deleted : C:\ProgramData\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\SearchProtect

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}

Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB05974.TBSB05974Toolbar

Key Deleted : HKLM\Software\SearchProtect

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v [unable to get version]

-\\ Google Chrome v28.0.1500.72

*************************

AdwCleaner[s1].txt - [4845 octets] - [23/07/2013 11:33:04]

########## EOF - C:\AdwCleaner[s1].txt - [4905 octets] ##########

-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.2 (07.22.2013:2)

OS: Windows 7 Home Premium x86

Ran by user on Tue 07/23/2013 at 11:28:41.56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] cltmngsvc

Successfully deleted: [service] cltmngsvc

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\bho.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\defaulttabbho.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{18b9b16e-716f-43df-a6ad-512c7d2eb983}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\defaulttab

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproducts

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{8736c681-37a0-40c6-a0f0-4c083409151c}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3279411

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289663

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{456DADC9-06DC-42DF-AD83-C3196CDB1625}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1E3D3CE-3549-430F-8822-01240E400989}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CECB5D17-5B44-4CED-8179-BD0AF911C5FC}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA7D7B9C-C5AE-405E-ACA7-F4673BED1900}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{13796C65-BBE9-4BB0-8E72-B7A26F519A0D}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"

Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\interface\{ac71b60e-94c9-4ede-ba46-e146747bb67e}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"

~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\defaulttab"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\drivercure"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\dsite"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\file scout"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\performersoft"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\registry mechanic"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\funwebproducts"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\mywebsearch"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\sweetim"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\toolbar4"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Program Files\searchprotect"

Successfully deleted: [Folder] "C:\ProgramData\ask"

Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 07/23/2013 at 11:31:19.67

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--------------------------------------------------------------------------

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : user [Admin rights]

Mode : Remove -- Date : 07/23/2013 12:34:41

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤

[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\user\AppData\Local\Temp\IHUC447.tmp.exe [x][x] -> DELETED

[V2][sUSP PATH] TidyNetwork Update : C:\Users\user\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1655GSX +++++

--- User ---

[MBR] 04fed4a20147b5da2437ac64a81ba55f

[bSP] b36e7300d4773d7b7ca0cc43aaba9b3e : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_D_07232013_123441.txt >>

RKreport[0]_S_07232013_123257.txt

-------------------------------------------------------------------

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : user [Admin rights]

Mode : Scan -- Date : 07/23/2013 12:32:57

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤

[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\user\AppData\Local\Temp\IHUC447.tmp.exe [x][x] -> FOUND

[V2][sUSP PATH] TidyNetwork Update : C:\Users\user\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1655GSX +++++

--- User ---

[MBR] 04fed4a20147b5da2437ac64a81ba55f

[bSP] b36e7300d4773d7b7ca0cc43aaba9b3e : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_07232013_123257.txt >>

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

ComboFix 13-07-24.02 - user 07/24/2013 9:17.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2010.1111 [GMT -5:00]

Running from: c:\users\user\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-06-24 to 2013-07-24 )))))))))))))))))))))))))))))))

.

.

2013-07-24 14:25 . 2013-07-24 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-23 17:24 . 2013-07-23 17:24 -------- d-----w- c:\users\user\AppData\Local\SwvUpdater

2013-07-23 17:17 . 2013-07-23 17:17 -------- d-----w- c:\program files\iMesh

2013-07-23 16:54 . 2013-07-23 16:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-07-23 16:28 . 2013-07-23 16:28 -------- d-----w- c:\windows\ERUNT

2013-07-22 15:06 . 2013-07-22 15:06 -------- d-----w- c:\program files\Common Files\Java

2013-07-22 15:06 . 2013-07-22 15:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-22 15:00 . 2013-07-22 15:02 -------- d-----w- c:\users\user\AppData\Local\Adobe

2013-07-22 14:50 . 2013-07-22 14:52 -------- d-----w- c:\windows\system32\MRT

2013-07-22 14:38 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-07-22 14:38 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2013-07-22 14:38 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll

2013-07-22 14:38 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2013-07-22 14:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2013-07-22 14:18 . 2013-07-22 14:18 -------- d-----w- c:\users\user\AppData\Local\Apple

2013-07-19 22:41 . 2013-07-19 22:41 -------- d-----w- c:\program files\ESET

2013-07-19 21:46 . 2013-07-19 21:46 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes

2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\programdata\Malwarebytes

2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-07-19 21:45 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-19 19:28 . 2013-07-24 14:25 -------- d-----w- c:\users\user\AppData\Local\temp

2013-07-19 18:11 . 2013-07-19 18:11 -------- d-----w- C:\found.000

2013-07-17 19:10 . 2013-07-17 19:10 -------- d-----w- c:\users\user\AppData\Local\Acelogix

2013-07-17 16:30 . 2013-07-17 16:30 -------- d-----w- c:\program files\VS Revo Group

2013-07-17 16:25 . 2013-07-17 16:25 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com

2013-07-17 16:24 . 2013-07-17 16:26 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-07-17 16:22 . 2013-07-17 16:22 -------- d-----w- c:\program files\CCleaner

2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Acelogix

2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Ace Utilities

2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\users\user\AppData\Roaming\PlusWinks

2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\users\user\AppData\Roaming\SpeedAnalysis2

2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\program files\Cool Smiley Bar for Facebook

2013-07-11 18:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll

2013-07-11 18:41 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-11 18:41 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-07-11 18:41 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-07-11 18:41 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-11 18:41 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-11 18:41 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-11 18:41 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-11 18:41 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-11 18:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-11 18:41 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-08 16:23 . 2013-07-09 11:28 -------- d-----w- c:\program files\uPlayer

2013-07-08 16:21 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll

2013-07-08 16:21 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll

2013-07-08 16:21 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll

2013-07-08 16:21 . 2013-02-05 07:25 773968 ----a-w- c:\windows\system32\msvcr100.dll

2013-07-08 16:21 . 2013-02-05 07:25 421200 ----a-w- c:\windows\system32\msvcp100.dll

2013-07-08 16:20 . 2013-07-23 16:21 -------- d-----w- c:\users\user\AppData\Local\DefineExt

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-22 15:05 . 2012-06-20 00:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-07-22 15:02 . 2012-03-29 11:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-22 15:02 . 2011-05-16 13:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-13 02:48 . 2011-03-24 14:39 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-05-22 17:32 . 2013-05-22 17:32 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE

2013-05-13 04:45 . 2013-06-13 00:28 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 04:45 . 2013-06-13 00:28 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 04:45 . 2013-06-13 00:28 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 03:08 . 2013-06-13 00:28 903168 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-13 00:28 43008 ----a-w- c:\windows\system32\certenc.dll

2013-05-10 03:20 . 2013-06-13 00:28 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-08 05:38 . 2013-06-13 00:28 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-06 05:06 . 2013-06-13 00:28 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-06 05:06 . 2013-06-13 00:28 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts

2013-04-30 04:36 . 2013-04-30 04:36 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-04-30 04:36 . 2013-04-30 04:36 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-04-30 04:36 . 2013-04-30 04:36 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-04-30 04:36 . 2013-04-30 04:36 61952 ----a-w- c:\windows\system32\tdc.ocx

2013-04-30 04:36 . 2013-04-30 04:36 523264 ----a-w- c:\windows\system32\vbscript.dll

2013-04-30 04:36 . 2013-04-30 04:36 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-04-30 04:36 . 2013-04-30 04:36 38400 ----a-w- c:\windows\system32\imgutil.dll

2013-04-30 04:36 . 2013-04-30 04:36 361984 ----a-w- c:\windows\system32\html.iec

2013-04-30 04:36 . 2013-04-30 04:36 23040 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-30 04:36 . 2013-04-30 04:36 185344 ----a-w- c:\windows\system32\elshyph.dll

2013-04-30 04:36 . 2013-04-30 04:36 158720 ----a-w- c:\windows\system32\msls31.dll

2013-04-30 04:36 . 2013-04-30 04:36 150528 ----a-w- c:\windows\system32\iexpress.exe

2013-04-30 04:36 . 2013-04-30 04:36 1441280 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-30 04:36 . 2013-04-30 04:36 138752 ----a-w- c:\windows\system32\wextract.exe

2013-04-30 04:36 . 2013-04-30 04:36 137216 ----a-w- c:\windows\system32\ieUnatt.exe

2013-04-30 04:36 . 2013-04-30 04:36 12800 ----a-w- c:\windows\system32\mshta.exe

2013-04-30 04:36 . 2013-04-30 04:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-04-26 04:55 . 2013-06-13 00:28 492544 ----a-w- c:\windows\system32\win32spl.dll

2013-04-25 23:30 . 2013-06-13 00:28 1505280 ----a-w- c:\windows\system32\d3d11.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

2013-04-02 08:01 1467528 ----a-w- c:\program files\Microsoft\BingBar\7.2.233.0\BingExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="c:\users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-07-17 4760816]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2008-5-10 282624]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2008-12-21 18:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2008-05-07 22:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]

2009-10-02 19:48 165104 ----a-w- c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2009-02-05 02:26 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe"

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"<NO NAME>"=

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-07-23 40776]

R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver; [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-17 1343400]

R4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x]

R4 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R4 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R4 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [2013-04-16 134744]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe [2009-03-31 81920]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]

S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [2013-05-21 144368]

S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.exe [2009-10-02 656624]

S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - TRUESIGHT

*Deregistered* - EraserUtilRebootDrv

*Deregistered* - SPBBCDrv

*Deregistered* - SYMDNS

*Deregistered* - SYMFW

*Deregistered* - SYMNDISV

*Deregistered* - SYMREDRV

*Deregistered* - SYMTDI

*Deregistered* - TrueSight

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:02]

.

2013-07-24 c:\windows\Tasks\AmiUpdXp.job

- c:\users\user\AppData\Local\SwvUpdater\Updater.exe [2013-07-23 17:24]

.

2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40]

.

2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40]

.

2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job

- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47]

.

2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job

- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47]

.

.

------- Supplementary Scan -------

.

Trusted Zone: $talisma_url$

Trusted Zone: amazon.com\www

TCP: DhcpNameServer = 10.0.0.1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-DSite - c:\users\user\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]

"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-07-24 09:27:05

ComboFix-quarantined-files.txt 2013-07-24 14:27

ComboFix2.txt 2013-07-19 19:35

.

Pre-Run: 102,558,375,936 bytes free

Post-Run: 102,565,122,048 bytes free

.

- - End Of File - - 4D4845E579B58B743D7654B894B681EC

A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

c:\windows\Tasks\AmiUpdXp.job

Folder::

c:\users\user\AppData\Roaming\PlusWinks

c:\users\user\AppData\Roaming\SpeedAnalysis2

c:\program files\Cool Smiley Bar for Facebook

c:\users\user\AppData\Local\SwvUpdater

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 13-07-24.02 - user 07/24/2013  12:41:19.3.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2010.1236 [GMT -5:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\AmiUpdXp.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Cool Smiley Bar for Facebook
c:\program files\Cool Smiley Bar for Facebook\AddonsFramework.Typelib.dll
c:\program files\Cool Smiley Bar for Facebook\background.html
c:\program files\Cool Smiley Bar for Facebook\BackgroundHost.exe
c:\program files\Cool Smiley Bar for Facebook\BackgroundHost64.exe
c:\program files\Cool Smiley Bar for Facebook\BackgroundHostPS.dll
c:\program files\Cool Smiley Bar for Facebook\ButtonSite.dll
c:\program files\Cool Smiley Bar for Facebook\ButtonSite64.dll
c:\program files\Cool Smiley Bar for Facebook\config.xml
c:\program files\Cool Smiley Bar for Facebook\content.js
c:\program files\Cool Smiley Bar for Facebook\icon128.png
c:\program files\Cool Smiley Bar for Facebook\icon16.png
c:\program files\Cool Smiley Bar for Facebook\icon48.png
c:\program files\Cool Smiley Bar for Facebook\jquery-1.9.1.min.js
c:\program files\Cool Smiley Bar for Facebook\json2.min.js
c:\program files\Cool Smiley Bar for Facebook\mz\background.js
c:\program files\Cool Smiley Bar for Facebook\mz\content.js
c:\program files\Cool Smiley Bar for Facebook\ScriptHost.dll
c:\program files\Cool Smiley Bar for Facebook\uninst.exe
c:\program files\Cool Smiley Bar for Facebook\uninstall.exe
c:\program files\Cool Smiley Bar for Facebook\updater.js
c:\program files\Cool Smiley Bar for Facebook\updaterWrapper.js
c:\users\user\AppData\Local\SwvUpdater
c:\users\user\AppData\Local\SwvUpdater\status.cfg
c:\users\user\AppData\Local\SwvUpdater\Updater.exe
c:\users\user\AppData\Local\SwvUpdater\Updater.xml
c:\users\user\AppData\Roaming\PlusWinks
c:\users\user\AppData\Roaming\PlusWinks\pluswinks.crx
c:\users\user\AppData\Roaming\SpeedAnalysis2
c:\users\user\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 17:49 . 2013-07-24 17:49 -------- d-----w- c:\users\user\AppData\Local\temp
2013-07-24 17:49 . 2013-07-24 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-23 17:17 . 2013-07-23 17:17 -------- d-----w- c:\program files\iMesh
2013-07-23 16:54 . 2013-07-23 16:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-23 16:28 . 2013-07-23 16:28 -------- d-----w- c:\windows\ERUNT
2013-07-22 15:06 . 2013-07-22 15:06 -------- d-----w- c:\program files\Common Files\Java
2013-07-22 15:06 . 2013-07-22 15:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-22 15:00 . 2013-07-24 14:31 -------- d-----w- c:\users\user\AppData\Local\Adobe
2013-07-22 14:50 . 2013-07-22 14:52 -------- d-----w- c:\windows\system32\MRT
2013-07-22 14:38 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-22 14:38 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-22 14:38 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-07-22 14:38 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-22 14:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-07-22 14:18 . 2013-07-22 14:18 -------- d-----w- c:\users\user\AppData\Local\Apple
2013-07-19 22:41 . 2013-07-19 22:41 -------- d-----w- c:\program files\ESET
2013-07-19 21:46 . 2013-07-19 21:46 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\programdata\Malwarebytes
2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-19 21:45 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-19 18:11 . 2013-07-19 18:11 -------- d-----w- C:\found.000
2013-07-17 19:10 . 2013-07-17 19:10 -------- d-----w- c:\users\user\AppData\Local\Acelogix
2013-07-17 16:30 . 2013-07-17 16:30 -------- d-----w- c:\program files\VS Revo Group
2013-07-17 16:25 . 2013-07-17 16:25 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2013-07-17 16:24 . 2013-07-17 16:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-17 16:22 . 2013-07-17 16:22 -------- d-----w- c:\program files\CCleaner
2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Acelogix
2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Ace Utilities
2013-07-11 18:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 18:41 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 18:41 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 18:41 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 18:41 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 18:41 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 18:41 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 18:41 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 18:41 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 18:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 18:41 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-08 16:23 . 2013-07-09 11:28 -------- d-----w- c:\program files\uPlayer
2013-07-08 16:21 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-07-08 16:21 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-07-08 16:21 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-07-08 16:21 . 2013-02-05 07:25 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-07-08 16:21 . 2013-02-05 07:25 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-07-08 16:20 . 2013-07-23 16:21 -------- d-----w- c:\users\user\AppData\Local\DefineExt
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-22 15:05 . 2012-06-20 00:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-22 15:02 . 2012-03-29 11:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-22 15:02 . 2011-05-16 13:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 02:48 . 2011-03-24 14:39 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-22 17:32 . 2013-05-22 17:32 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-05-13 04:45 . 2013-06-13 00:28 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 00:28 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-13 00:28 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-13 00:28 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 00:28 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-13 00:28 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-13 00:28 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-13 00:28 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-13 00:28 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-30 04:36 . 2013-04-30 04:36 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 04:36 . 2013-04-30 04:36 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 04:36 . 2013-04-30 04:36 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 04:36 . 2013-04-30 04:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 04:36 . 2013-04-30 04:36 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 04:36 . 2013-04-30 04:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 04:36 . 2013-04-30 04:36 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 04:36 . 2013-04-30 04:36 361984 ----a-w- c:\windows\system32\html.iec
2013-04-30 04:36 . 2013-04-30 04:36 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 04:36 . 2013-04-30 04:36 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 04:36 . 2013-04-30 04:36 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 04:36 . 2013-04-30 04:36 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 04:36 . 2013-04-30 04:36 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 04:36 . 2013-04-30 04:36 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 04:36 . 2013-04-30 04:36 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 04:36 . 2013-04-30 04:36 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 04:36 . 2013-04-30 04:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-26 04:55 . 2013-06-13 00:28 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-13 00:28 1505280 ----a-w- c:\windows\system32\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-04-02 08:01 1467528 ----a-w- c:\program files\Microsoft\BingBar\7.2.233.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="c:\users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-07-17 4760816]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2008-5-10 282624]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-12-21 18:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-05-07 22:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
2009-10-02 19:48 165104 ----a-w- c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe"
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"<NO NAME>"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-07-23 40776]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-17 1343400]
R4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x]
R4 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R4 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R4 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [2013-04-16 134744]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe [2009-03-31 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [2013-05-21 144368]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.exe [2009-10-02 656624]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - SPBBCDrv
*Deregistered* - SYMDNS
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:02]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47]
.
.
------- Supplementary Scan -------
.

Trusted Zone: $talisma_url$
Trusted Zone: amazon.com\www
TCP: DhcpNameServer = 10.0.0.1


.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cool Smiley Bar for Facebook - c:\program files\Cool Smiley Bar for Facebook\uninstall.exe
AddRemove-PlusWinks - c:\program files\Cool Smiley Bar for Facebook\uninst.exe
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\user\AppData\Local\SwvUpdater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-24  12:50:58
ComboFix-quarantined-files.txt  2013-07-24 17:50
ComboFix2.txt  2013-07-24 14:27
ComboFix3.txt  2013-07-19 19:35
.
Pre-Run: 102,627,860,480 bytes free
Post-Run: 102,581,096,448 bytes free
.
- - End Of File - - D42E0C266D5DBC8881F93E9C724F71B2
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

Good! :)

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\Cool Smiley Bar for Facebook\BackgroundHostPS.dll.vir Win32/Toolbar.Besttoolbars.C application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir Win64/Toolbar.DefaultTab.A application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir Win64/Toolbar.DefaultTab.A application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\FPP_Setup (1).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\FPP_Setup (2).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\FPP_Setup (3).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\FPP_Setup (4).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\FPP_Setup (5).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\FPP_Setup.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\MapsSetup (1).exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\MapsSetup (2).exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\MapsSetup.exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\Setup (1).exe a variant of Win32/ExFriendAlert.B application cleaned by deleting - quarantined

C:\Users\user\Downloads\Setup (2).exe a variant of Win32/ExFriendAlert.B application cleaned by deleting - quarantined

C:\Users\user\Downloads\setup.exe (1).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\setup.exe.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined

C:\Users\user\Downloads\uplayermediaplayer-setup (1).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined

C:\Users\user\Downloads\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined

C:\Users\user\Downloads\VideoPerformerSetup (1).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined

C:\Users\user\Downloads\VideoPerformerSetup (2).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined

C:\Users\user\Downloads\VideoPerformerSetup (3).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined

C:\Users\user\Downloads\VideoPerformerSetup.exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined

Link to post
Share on other sites

Wished their was a way to edit a post, I just tried to run malware again, and once it got into filesystem scan it found 5 infection but locks up at this point. When it locks up I must turn off the pc and reboot. So still not sure why it locks up, while everything else will run with no problems.

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

Before reading this, after it locked up again, I downloaded defraggler and did a whole dick defrag. Well I tried to run malware again and this time it went all the way to the end. This is what it found.

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.07.23.05

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16635

user :: USER-PC [administrator]

7/25/2013 4:43:49 PM

mbam-log-2013-07-25 (16-43-49).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 410969

Time elapsed: 1 hour(s), 12 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 5

HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

So do I proceed with the otl download?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.