chrischitty

Malwarebytes locks up trying to remove certain files

19 posts in this topic

Certain files cause Malewarebytes to stop responding.

 

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502
Run by peterson chitty at 21:01:06 on 2013-09-08
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8181.5054 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\vVX3000.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\peterson chitty\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\peterson chitty\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\peterson chitty\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\peterson chitty\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe
C:\PROGRA~2\PANASO~1\LocalCom\lmsrvnt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [Facebook Update] "C:\Users\peterson chitty\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [spotify Web Helper] "C:\Users\peterson chitty\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN273BWHBZ05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Akamai NetSession Interface] "C:\Users\peterson chitty\AppData\Local\Akamai\netsession_win.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Panasonic Device Manager for Multi-Function Station software] "C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe"
mRun: [Panasonic PCFAX for Multi-Function Station software] "C:\Program Files (x86)\Panasonic\MFStation\KmPcFax.exe" -1
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\PETERS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\peterson chitty\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: DisallowRun = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:2
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}






TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4B369A32-9E02-46D7-92A9-DADC6FA1957B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A7B82C05-8671-4E74-AF22-4843D50994A4} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome


x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [smartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [VX3000] C:\Windows\vVX3000.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: ConsentPromptBehaviorUser = dword:2
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\peterson chitty\AppData\Roaming\Mozilla\Firefox\Profiles\81zdek44.default\



FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Users\peterson chitty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\peterson chitty\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: C:\Users\peterson chitty\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\peterson chitty\AppData\Roaming\Mozilla\Firefox\Profiles\81zdek44.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-07-16 18:31; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/07 11:45:05];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
R2 EMP_UDSA;EMP_UDSA;C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2013-7-5 98304]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;C:\PROGRA~2\PANASO~1\LocalCom\lmsrvnt.exe [2009-9-28 36864]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-08-21 23:02:50    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 23:02:50    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-15 13:46:43    78161360    ----a-w-    C:\Windows\System32\mrt.exe
2013-08-02 14:06:01    1706496    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35    1548288    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:54:29    17830400    ----a-w-    C:\Windows\System32\mshtml.dll
2013-07-25 03:37:25    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-25 03:35:45    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-07-25 03:31:23    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-07-25 03:30:49    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-25 03:29:41    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-07-25 03:29:21    237056    ----a-w-    C:\Windows\System32\url.dll
2013-07-25 03:29:06    86016    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-07-25 03:28:46    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-07-25 03:28:27    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-07-25 03:28:24    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-07-25 03:28:18    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-07-25 03:27:29    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-07-25 03:27:20    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-25 03:26:53    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-07-25 02:40:07    12334080    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-07-25 02:32:35    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:30:47    9738752    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-07-25 02:26:45    1104384    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-07-25 02:26:10    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:24:39    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-07-25 02:24:24    65536    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-07-25 02:23:59    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:23:51    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-07-25 02:23:30    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-07-25 02:23:27    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-07-25 02:22:47    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-07-25 02:22:35    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-25 02:22:04    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-07-17 20:01:51    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-17 19:41:34    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-10 09:47:49    677888    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55    1303552    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30    1585256    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30    1168088    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57    4691904    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04    172544    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55    98304    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55    133120    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54    992768    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33    43008    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39    234496    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-08 04:15:25    218624    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34    174592    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34    132096    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34    1276416    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04    26112    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02    2560    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-05 04:45:27    1423808    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-15 13:27:51    20480    ----a-w-    C:\Windows\System32\icaapi.dll
2013-06-15 11:38:39    29184    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
1997-06-23 10:00:00    123664    --sha-w-    C:\Windows\SysWOW64\Msjint35.dll
1997-06-23 19:06:50    24848    --sha-w-    C:\Windows\SysWOW64\Msjter35.dll
1997-06-23 19:06:50    252176    --sha-w-    C:\Windows\SysWOW64\Msrd2x35.dll
1997-06-23 19:06:50    287504    --sha-w-    C:\Windows\SysWOW64\Msxbse35.dll
.
============= FINISH: 21:01:34.06 ===============
 

 

ATTACH:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/21/2009 12:16:47 AM
System Uptime: 9/8/2013 5:58:49 AM (16 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | Benicia
Processor: Intel® Core2 Quad  CPU   Q8200  @ 2.33GHz | CPU 1 | 2333/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 583 GiB total, 352.665 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.804 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1476: 8/10/2013 8:47:10 AM - Scheduled Checkpoint
RP1477: 8/11/2013 8:07:07 AM - Scheduled Checkpoint
RP1478: 8/12/2013 9:19:30 AM - Scheduled Checkpoint
RP1479: 8/13/2013 3:38:02 PM - Scheduled Checkpoint
RP1480: 8/14/2013 9:07:04 AM - Windows Update
RP1481: 8/15/2013 7:40:58 AM - Windows Update
RP1482: 8/16/2013 8:36:20 AM - Scheduled Checkpoint
RP1483: 8/17/2013 8:15:32 AM - Scheduled Checkpoint
RP1484: 8/18/2013 8:03:46 AM - Scheduled Checkpoint
RP1485: 8/19/2013 11:41:42 AM - Scheduled Checkpoint
RP1486: 8/20/2013 2:02:09 AM - Windows Update
RP1487: 8/21/2013 5:39:54 PM - Scheduled Checkpoint
RP1488: 8/23/2013 10:55:30 AM - Scheduled Checkpoint
RP1489: 8/23/2013 12:32:50 PM - Windows Update
RP1490: 8/24/2013 9:03:37 AM - Scheduled Checkpoint
RP1491: 8/25/2013 4:09:25 PM - Scheduled Checkpoint
RP1492: 8/26/2013 8:15:13 AM - Scheduled Checkpoint
RP1493: 8/27/2013 8:40:58 AM - Windows Update
RP1494: 8/28/2013 1:41:42 PM - Scheduled Checkpoint
RP1495: 8/29/2013 9:35:32 AM - Windows Update
RP1496: 8/30/2013 8:34:30 AM - Scheduled Checkpoint
RP1497: 9/1/2013 9:35:32 AM - Scheduled Checkpoint
RP1498: 9/2/2013 9:37:50 AM - Scheduled Checkpoint
RP1499: 9/3/2013 7:26:52 AM - Windows Update
RP1500: 9/4/2013 1:02:00 PM - Scheduled Checkpoint
RP1501: 9/5/2013 9:25:00 AM - Scheduled Checkpoint
RP1502: 9/6/2013 7:56:10 AM - Windows Update
RP1503: 9/7/2013 12:18:50 PM - Scheduled Checkpoint
RP1504: 9/8/2013 7:41:02 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
Autodesk Architectural Desktop 3.3
Autodesk Design Review 2013
AutoSketch Release 10
Bonjour
CadStd
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
COMcheck 3.8.1
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
Dropbox
DWG TrueView 2013
Enhanced Multimedia Keyboard Solution
EPSON USB Display
Facebook Video Calling 1.2.0.287
File Uploader
FlipShare
Garmin BaseCamp
Garmin USB Drivers
Google Chrome
Google Earth
Google SketchUp 7
Google SketchUp 8
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Support Information
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
I.R.I.S. OCR
iCloud
IKEA Home Planner
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Juno Preloader
LabelPrint
LightScribe System Software  1.14.32.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft LifeCam
Microsoft Live Search Toolbar
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Move Media Player
MovieEdit Task
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MT_PLAT4GPS
muvee Reveal
My HP Games
NetZero Preloader
Nikon Message Center
Nikon RAW Codec
Nikon Transfer
Panasonic Multi-Function Station software
PhotoStitch
Picture Control Utility
PictureMover
Power2Go
PowerDirector
PrimoPDF -- brought to you by Nitro PDF Software
Python 2.6 pywin32-212
Python 2.6.1
QuickTime
RAW Image Task 1.2
Realtek High Definition Audio Driver
RemoteCapture Task 1.1
REScheck 4.4.4.2 (Current User)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype™ 6.6
Spelling Dictionaries Support For Adobe Reader 9
Spotify
UMPlayer 0.98 [P4]
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update Installer for WildTangent Games App
ViewNX
VoiceOver Kit
WD Diagnostics
WildTangent Games App (HP Games)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
9/4/2013 12:21:59 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4B369A32-9E02-46D7-92A9-DADC6FA1957B}. The master browser is stopping or an election is being forced.
9/1/2013 12:58:37 PM, Error: EventLog [6008]  - The previous system shutdown at 12:57:22 PM on 9/1/2013 was unexpected.
9/1/2013 1:00:18 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the FlipShare Service service to connect.
9/1/2013 1:00:18 PM, Error: Service Control Manager [7000]  - The FlipShare Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

 

Thanks!

Share this post


Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Share this post


Link to post
Share on other sites

Hey Marius,

 

Thank you very much for your quick response.  I appreciate the help.

 

Here is the avastMBR:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-09 09:20:50
-----------------------------
09:20:50.160    OS Version: Windows x64 6.0.6002 Service Pack 2
09:20:50.160    Number of processors: 4 586 0x1707
09:20:50.161    ComputerName: PETERSONCHIT-PC  UserName: peterson chitty
09:20:52.981    Initialize success
09:22:54.511    AVAST engine defs: 13090900
09:24:39.422    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:24:39.425    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
09:24:39.625    Disk 0 MBR read successfully
09:24:39.627    Disk 0 MBR scan
09:24:39.631    Disk 0 unknown MBR code
09:24:39.641    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       597323 MB offset 63
09:24:39.692    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        13154 MB offset 1223317620
09:24:39.758    Disk 0 scanning C:\Windows\system32\drivers
09:24:53.431    Service scanning
09:25:16.425    Modules scanning
09:25:16.433    Disk 0 trace - called modules:
09:25:16.472    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys
09:25:16.476    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009abc790]
09:25:16.808    3 CLASSPNP.SYS[fffffa60011d5c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800796b050]
09:25:19.302    AVAST engine scan C:\Windows
09:25:25.702    AVAST engine scan C:\Windows\system32
09:29:31.751    AVAST engine scan C:\Windows\system32\drivers
09:29:50.382    AVAST engine scan C:\Users\peterson chitty
09:31:03.125    Disk 0 MBR has been saved successfully to "C:\Users\peterson chitty\Desktop\MBR.dat"
09:31:03.131    The log file has been saved successfully to "C:\Users\peterson chitty\Desktop\aswMBR.txt"

 

 

 

It is a little wierd because when I ran the Malware Bytes yesterday it found 28 malicious files.  When I tried to remove them it locked up and the next time I tried to run the scan it only found 8 malicious files leading me to believe that it was able to remove the rest.  It was never able to fully complete the removal and did not create a log.  The last log I have is from a month ago which shows no malicious items detected.  I was not able to find the logs at the locations you provided but I did find them by opening MBytes and clicking on the logs tab.  I did not run a scan though.  Let me know how you would like me to proceed.

 

Thank you very much

Chris

 

Share this post


Link to post
Share on other sites

Hey Marius,

 

I took the AVAST log before it had finished.  Here is the completed log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-09 09:20:50
-----------------------------
09:20:50.160    OS Version: Windows x64 6.0.6002 Service Pack 2
09:20:50.160    Number of processors: 4 586 0x1707
09:20:50.161    ComputerName: PETERSONCHIT-PC  UserName: peterson chitty
09:20:52.981    Initialize success
09:22:54.511    AVAST engine defs: 13090900
09:24:39.422    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:24:39.425    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
09:24:39.625    Disk 0 MBR read successfully
09:24:39.627    Disk 0 MBR scan
09:24:39.631    Disk 0 unknown MBR code
09:24:39.641    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       597323 MB offset 63
09:24:39.692    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        13154 MB offset 1223317620
09:24:39.758    Disk 0 scanning C:\Windows\system32\drivers
09:24:53.431    Service scanning
09:25:16.425    Modules scanning
09:25:16.433    Disk 0 trace - called modules:
09:25:16.472    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys
09:25:16.476    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009abc790]
09:25:16.808    3 CLASSPNP.SYS[fffffa60011d5c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800796b050]
09:25:19.302    AVAST engine scan C:\Windows
09:25:25.702    AVAST engine scan C:\Windows\system32
09:29:31.751    AVAST engine scan C:\Windows\system32\drivers
09:29:50.382    AVAST engine scan C:\Users\peterson chitty
09:31:03.125    Disk 0 MBR has been saved successfully to "C:\Users\peterson chitty\Desktop\MBR.dat"
09:31:03.131    The log file has been saved successfully to "C:\Users\peterson chitty\Desktop\aswMBR.txt"
10:23:48.540    File: C:\Users\peterson chitty\AppData\Local\Temp\3eBQUQBL.exe.part  **INFECTED** Win32:SwPatch [Wrm]
10:25:39.179    File: C:\Users\peterson chitty\AppData\Local\Temp\nsq37A.tmp\Install.dll  **INFECTED** Win32:Adware-gen [Adw]
10:59:14.424    AVAST engine scan C:\ProgramData
11:02:08.812    Scan finished successfully
11:15:38.600    Disk 0 MBR has been saved successfully to "C:\Users\peterson chitty\Desktop\MBR.dat"
11:15:38.604    The log file has been saved successfully to "C:\Users\peterson chitty\Desktop\aswMBR.txt"

 

Share this post


Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Share this post


Link to post
Share on other sites

Hey Marius,

 

Combofix Log:

 

ComboFix 13-09-10.01 - peterson chitty 09/10/2013   6:51.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8181.5992 [GMT -6:00]
Running from: c:\users\peterson chitty\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\peterson chitty\AppData\Roaming\DefaultTab\DefaultTab
c:\users\peterson chitty\AppData\Roaming\Internet Security Essentials
c:\users\peterson chitty\AppData\Roaming\Internet Security Essentials\Instructions.ini
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\cb.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\cid.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\fix.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\FS.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\SM.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\SM.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\std.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\users\peterson chitty\AppData\Roaming\Mozilla\Firefox\Profiles\81zdek44.default\searchplugins\search.xml
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-10 to 2013-09-10  )))))))))))))))))))))))))))))))
.
.
2013-09-10 13:22 . 2013-09-10 13:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-10 12:29 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1DCC665-0814-40B0-8B04-C0DFEA109E1D}\mpengine.dll
2013-09-04 23:46 . 2013-09-04 23:46    --------    d-----w-    c:\program files\iPod
2013-09-04 23:46 . 2013-09-04 23:47    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-04 23:46 . 2013-09-04 23:47    --------    d-----w-    c:\program files\iTunes
2013-08-28 18:07 . 2013-08-02 14:06    1706496    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-28 18:07 . 2013-08-02 04:09    1548288    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-08-15 13:46 . 2013-08-15 13:49    --------    d-----w-    c:\windows\system32\MRT
2013-08-14 22:35 . 2013-07-09 12:04    1585256    ----a-w-    c:\windows\system32\ntdll.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 23:02 . 2012-05-30 13:02    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 23:02 . 2011-07-05 19:47    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-15 13:46 . 2006-11-02 12:35    78161360    ----a-w-    c:\windows\system32\mrt.exe
2013-07-08 04:16 . 2013-08-14 22:35    43008    ----a-w-    c:\windows\apppatch\acwow64.dll
1997-06-23 10:00    123664    --sha-w-    c:\windows\SysWOW64\Msjint35.dll
1997-06-23 19:06    24848    --sha-w-    c:\windows\SysWOW64\Msjter35.dll
1997-06-23 19:06    252176    --sha-w-    c:\windows\SysWOW64\Msrd2x35.dll
1997-06-23 19:06    287504    --sha-w-    c:\windows\SysWOW64\Msxbse35.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\peterson chitty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\peterson chitty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\peterson chitty\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-12-01 966656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Facebook Update"="c:\users\peterson chitty\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Spotify Web Helper"="c:\users\peterson chitty\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-12 1104384]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"Akamai NetSession Interface"="c:\users\peterson chitty\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-11-27 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-16 1152296]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-16 189736]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"Panasonic Device Manager for Multi-Function Station software"="c:\program files (x86)\Panasonic\MFStation\PCCMFSDM.exe" [2008-09-22 126976]
"Panasonic PCFAX for Multi-Function Station software"="c:\program files (x86)\Panasonic\MFStation\KmPcFax.exe" [2007-08-28 757760]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"EPSON_UD_START"="c:\program files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2009-04-16 329632]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\users\peterson chitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\peterson chitty\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2008-12-18 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options]
"Debugger"=svchost.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 22:41    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 23:02]
.
2013-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3012952719-3742421575-3508026174-1000Core.job
- c:\users\peterson chitty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-01 21:10]
.
2013-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3012952719-3742421575-3508026174-1000UA.job
- c:\users\peterson chitty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-01 21:10]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05 20:38]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05 20:38]
.
2010-10-30 c:\windows\Tasks\PCDRScheduledMaintenance-Delay.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05 17:34]
.
2010-10-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05 17:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\peterson chitty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\peterson chitty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\peterson chitty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\peterson chitty\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-10 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-10 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-10 202264]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-04 182808]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\peterson chitty\AppData\Roaming\Mozilla\Firefox\Profiles\81zdek44.default\



FF - ExtSQL: 2013-07-16 18:31; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2013-09-10  07:24:44
ComboFix-quarantined-files.txt  2013-09-10 13:24
.
Pre-Run: 376,661,508,096 bytes free
Post-Run: 377,875,771,392 bytes free
.
- - End Of File - - CAF9403AB1D869FBB9B92917E3FE0AC6
03BA8F890B47C0BE359A4D5A636D214D
 

 

Thank you once again!

Share this post


Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Share this post


Link to post
Share on other sites

Hey Marius,

 

I performed the full scan.  Three objects were detected and when MBAM tried to remove them it locked up and stopped responding. 

 

Thanks once again for all your help.

 

Chris

Share this post


Link to post
Share on other sites

I was being impatient apparently it finally worked.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.08.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
peterson chitty :: PETERSONCHIT-PC [administrator]

9/11/2013 7:12:39 AM
mbam-log-2013-09-11 (07-12-39).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 518681
Time elapsed: 1 hour(s), 23 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\peterson chitty\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\peterson chitty\AppData\Roaming\OpenCandy\BA1A5F4C620147A681830D17A74A8541 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\peterson chitty\AppData\Roaming\OpenCandy\OpenCandy_BA1A5F4C620147A681830D17A74A8541 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)

(end)
 

Share this post


Link to post
Share on other sites

Hey, that looks fine! :)

 

Let´s cross check that everything has gone:

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Share this post


Link to post
Share on other sites

Hey Marius,

 

Here are the list of threats:

 

C:\Users\peterson chitty\Downloads\cbsidlm-cbsi109-Gantt_Chart_Template_for_Excel-SEO-75326607.exe    probably a variant of Win32/CNETInstaller.A application
C:\Users\peterson chitty\Downloads\VeohWebPlayerSetup_eng(2).exe    Win32/OpenCandy application
C:\Users\peterson chitty\Downloads\VeohWebPlayerSetup_eng.exe    Win32/OpenCandy application
 

 

That first one I don't think is an actual threat.  The opencandy seems to keep coming up on the scans. Thanks a bunch.

 

Chris

Share this post


Link to post
Share on other sites

 

C:\Users\peterson chitty\Downloads\VeohWebPlayerSetup_eng(2).exe    Win32/OpenCandy application

C:\Users\peterson chitty\Downloads\VeohWebPlayerSetup_eng.exe    Win32/OpenCandy application

 

These files aren´t malware but contain security risks. I would delete them immediately - your choice.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Share this post


Link to post
Share on other sites

Here is the adware cleaner log:

 

 

# AdwCleaner v3.003 - Report created 13/09/2013 at 06:43:33
# Updated 07/09/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : peterson chitty - PETERSONCHIT-PC
# Running from : C:\Users\peterson chitty\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\DefaultTab
[!] Folder Deleted : C:\Users\peterson chitty\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\peterson chitty\AppData\Local\cre
[!] Folder Deleted : C:\Users\peterson chitty\AppData\Local\SwvUpdater
[!] Folder Deleted : C:\Users\peterson chitty\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\peterson chitty\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\peterson chitty\AppData\Roaming\DefaultTab
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\peterson chitty\AppData\Roaming\Mozilla\Firefox\Profiles\81zdek44.default\searchplugins\Conduit.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268935
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3281023
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3285873
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\peterson chitty\AppData\Roaming\Mozilla\Firefox\Profiles\81zdek44.default\prefs.js ]

Line Deleted : user_pref("CT3268935_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363102064903,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3281023_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363102064866,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3285873_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363102064827,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");

Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3281023");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V1 Customized Web Search");

Line Deleted : user_pref("ct3268935.UserID", "UN40130101451353294");
Line Deleted : user_pref("extensions.crossrider.bic", "13d0f67a0a8863da015746f58af371c5");
Line Deleted : user_pref("extensions.wajam.affiliate_id", "3224");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21084\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21084");
Line Deleted : user_pref("extensions.wajam.trace_log", "1361763072418 - processInstallationUpgrade - version set to : 1.26\n1361763072419 - processBrowserLoad - Bad mappingListJsonString: null\n1361763073098 - onFla[...]
Line Deleted : user_pref("extensions.wajam.unique_id", "C26BC1A74A24251889EBD168F9663A45");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.26");

Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3281023");


Line Deleted : user_pref("smartbar.machineId", "NNJVNEYDKAERYLWZZ6FWH60A61R0H5CE5RZVMZEPMJMJVETQTEJRFVTWUUPKBHONIB+RWBAANAL9AX+24I/WWG");


Line Deleted : user_pref("smartbar.originalSearchEngine", "WhiteSmoke B Customized Web Search");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\peterson chitty\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8273 octets] - [13/09/2013 06:40:04]
AdwCleaner[s0].txt - [8117 octets] - [13/09/2013 06:43:33]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8177 octets] ##########
 

Share this post


Link to post
Share on other sites

Here is the security check log:

 

 Results of screen317's Security Check version 0.99.73  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player     11.8.800.168  
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1)
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 

Share this post


Link to post
Share on other sites

I just erased those two opencandy applications by dragging them to the recycle bin.  If I should do something different please let me know.  Thanks.

 

Chris

Share this post


Link to post
Share on other sites

Then your computer is clean now! :)

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Share this post


Link to post
Share on other sites

Hey Marius,

 

I have to thank you one more time for walking me through this whole process.  I know I never would have gotten everything on my own.  Do you work in the anti malware industry or is this just a hobby for you?  If I was going to pay for either Avast or MBAM are there pros and cons to either.  My past experiences with anti-malware software have been that they slow everything down so much that it gets very annoying which is why I switched to just scanning with MBAM once a month.  I tend to not click on anything I don't know about but I'm not the only user in the house.  Thanks again and, Happy Hunting!

 

Chris

Share this post


Link to post
Share on other sites

You´re welcome! :)

 

I´m working in the computer business but not in the anti malware industry. In these forums I work as a volunteer so it is some kind of hobby, you´re right. ;)

 

You need a realtime-scanning antivirus program as it may prevent you from being infected or (if taht isn´t possible) will indicate THAT your machine is infected to let you start countermeasures.

 

Paying for these programs is ok as they will offer more security options then. My own opinion is nevertheless that ONE (not more!) free antivirus program (I use avast!) in addition with an on demand scanner like MBAM in its free version is enough to protect a personal home use computer.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.