Jump to content

Malwarebytes is installed but will not open even with Chameleon


Recommended Posts

Hello ikejohn79! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

NCH EN Toolbar

RewardsArcadeSuite

Search Toolbar

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Thanks for your help!!

ComboFix 12-07-07.03 - Cindy 07/07/2012 7:27.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2407 [GMT -7:00]

Running from: c:\users\Cindy\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\CouponAlert_2pEI

c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll

c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll

c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll

c:\program files (x86)\I Want This

c:\program files (x86)\I Want This\appAPIinternalWrapper.js

c:\program files (x86)\I Want This\fb.js

c:\program files (x86)\I Want This\I Want This.dll

c:\program files (x86)\I Want This\I Want This.exe

c:\program files (x86)\I Want This\I Want This.ico

c:\program files (x86)\I Want This\I Want ThisGui.exe

c:\program files (x86)\I Want This\jquery.js

c:\program files (x86)\I Want This\json.js

c:\program files (x86)\I Want This\Uninstall.exe

c:\program files (x86)\Search Toolbar

c:\program files (x86)\Search Toolbar\SearchToolbar.dll

c:\program files (x86)\TelevisionFanaticEI

c:\users\Cindy\AppData\Local\I Want This

c:\users\Cindy\AppData\Local\I Want This\Chrome\I Want This.crx

c:\users\Cindy\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

c:\users\Cindy\AppData\Roaming\result.db

c:\users\Cindy\Norton_Removal_Tool.exe

c:\users\Trevor\AppData\Local\{05919438-749f-84f0-1361-19d593641c66}

c:\users\Trevor\AppData\Local\{05919438-749f-84f0-1361-19d593641c66}\@

c:\users\Trevor\AppData\Local\{05919438-749f-84f0-1361-19d593641c66}\n

c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66}

c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66}\@

c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66}\n

c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66}\U\00000001.@

c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66}\U\80000000.@

c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66}\U\800000cb.@

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\msnphoto.scr

.

.

((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))

.

.

2012-07-07 14:34 . 2012-07-07 14:34 -------- d-----w- c:\users\Trevor\AppData\Local\temp

2012-07-07 14:34 . 2012-07-07 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-07 03:45 . 2012-07-07 03:45 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-07 02:54 . 2012-07-07 02:57 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-07-06 18:07 . 2012-07-06 18:08 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-06 18:07 . 2012-07-06 18:08 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-07-06 18:07 . 2012-07-06 18:07 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-07-06 18:06 . 2012-07-06 18:08 -------- d-----w- c:\programdata\AVG2012

2012-07-06 18:03 . 2012-07-06 18:04 -------- d-----w- c:\programdata\MFAData

2012-07-06 18:03 . 2012-07-06 18:03 -------- d--h--w- c:\programdata\Common Files

2012-07-06 17:50 . 2012-07-06 17:50 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-06 17:50 . 2012-07-06 17:50 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-07-06 17:47 . 2012-07-06 17:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-06 17:47 . 2012-07-06 17:47 -------- d-----w- c:\programdata\Malwarebytes

2012-07-06 17:47 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-06 17:10 . 2012-07-06 18:12 -------- d-----w- c:\users\Cindy\AppData\Local\360Amigo

2012-07-06 17:10 . 2012-07-06 17:10 -------- d-----w- c:\program files\360Amigo

2012-07-03 22:41 . 2012-07-03 22:41 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

2012-07-03 21:18 . 2012-07-03 21:18 -------- d-----w- c:\programdata\Recovery

2012-07-03 21:09 . 2012-07-03 21:13 -------- d-----w- c:\users\Trevor\AppData\Roaming\NCH Software

2012-06-25 23:55 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-25 23:55 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-25 23:55 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-25 23:55 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-25 23:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-25 23:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-25 23:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-25 23:54 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-25 23:54 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-22 20:11 . 2012-06-22 20:11 -------- d-----w- c:\windows\en

2012-06-22 20:09 . 2012-06-22 20:09 -------- d-----w- c:\program files\Windows Live

2012-06-21 15:31 . 2012-06-21 15:31 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e99431c81cd4fc201\DSETUP.dll

2012-06-21 15:31 . 2012-06-21 15:31 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e99431c81cd4fc201\DXSETUP.exe

2012-06-21 15:31 . 2012-06-21 15:31 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e99431c81cd4fc201\dsetup32.dll

2012-06-18 23:12 . 2012-06-18 23:12 -------- d-----w- c:\program files (x86)\Conduit

2012-06-18 23:11 . 2012-07-07 14:17 -------- d-----w- c:\users\Cindy\AppData\Local\Conduit

2012-06-18 23:10 . 2012-06-18 23:10 -------- d-----w- c:\users\Cindy\AppData\Local\CRE

2012-06-15 14:17 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-13 01:27 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 01:27 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 01:27 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 01:24 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 01:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-13 01:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-13 01:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-13 01:22 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 01:22 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 01:22 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-13 01:22 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-13 01:22 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 01:22 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 01:22 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 01:22 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-13 01:22 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-13 01:22 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-07 21:43 . 2012-06-07 21:43 -------- d-sh--w- c:\windows\system32\%APPDATA%

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-06 17:50 . 2010-12-09 14:45 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-23 03:50 . 2012-04-04 02:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 03:50 . 2011-05-17 14:52 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 19:07 . 2012-04-14 15:09 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0538CF1C-8419-4800-ADBB-0C00C799FDA2}]

2012-06-25 14:01 88416 ----a-w- c:\users\Cindy\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]

"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208]

"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]

"GenieoUpdaterService"="c:\users\Cindy\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" [2012-06-25 280928]

"GenieoSystemTray"="c:\users\Cindy\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [2012-06-25 564064]

"360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2012-07-06 5156128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegedit"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 136176]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-07-07 33096]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2011-01-21 7680512]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-19 4608]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-23 333928]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-23 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-30 20056]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/08/19 02:52];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-01-27 22:48 146928]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-01-04 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-16 127984]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-06 227384]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-01-22 8034368]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-07-27 8593920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:50]

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 20:15]

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 20:15]

.

2012-07-07 c:\windows\Tasks\HPCeeScheduleForCINDY-PC$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-06-21 c:\windows\Tasks\HPCeeScheduleForCindy.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-06-23 c:\windows\Tasks\HPCeeScheduleForTrevor.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-22 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-22 390680]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-22 410136]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]

"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-20 107832]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-28 172032]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-04 487424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Doxillion - c:\program files (x86)\NCH Software\Doxillion\uninst.exe

AddRemove-I Want This - c:\program files (x86)\I Want This\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,

99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43

"{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"=hex:51,66,7a,6c,4c,1d,38,12,56,9f,34,

9c,79,90,a1,0e,ec,df,cd,82,65,37,92,e0

"{5BED3930-2E9E-76D8-BACC-80DF2188D455}"=hex:51,66,7a,6c,4c,1d,38,12,5e,3a,fe,

5f,ac,60,b6,33,c5,da,c3,9f,24,d6,90,41

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{0538CF1C-8419-4800-ADBB-0C00C799FDA2}"=hex:51,66,7a,6c,4c,1d,38,12,72,cc,2b,

01,2b,ca,6e,0d,d2,ad,4f,40,c2,c7,b9,b6

"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,

15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c

"{1631550F-191D-4826-B069-D9439253D926}"=hex:51,66,7a,6c,4c,1d,38,12,61,56,22,

12,2f,57,48,0d,cf,7f,9a,03,97,0d,9d,32

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}"=hex:51,66,7a,6c,4c,1d,38,12,4e,0e,85,

66,3f,23,da,5f,34,e7,d6,f0,b0,e6,3c,2e

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{B6EF6C45-5E8D-4C3B-B580-A5073261A381}"=hex:51,66,7a,6c,4c,1d,38,12,2b,6f,fc,

b2,bf,10,55,09,ca,96,e6,47,37,3f,e7,95

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E8DAAA30-6CAA-4B58-9603-8E54238219E2}"=hex:51,66,7a,6c,4c,1d,38,12,5e,a9,c9,

ec,98,22,36,0e,e9,15,cd,14,26,dc,5d,f6

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a3,15,1c,bb,16,45,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe

.

**************************************************************************

.

Completion time: 2012-07-07 07:47:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-07 14:47

.

Pre-Run: 402,971,475,968 bytes free

Post-Run: 403,542,683,648 bytes free

.

- - End Of File - - BF51A3B6A54A83B928E3E2E2AF1638EF

Link to post
Share on other sites

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.