Jump to content

Need help please and thank you


Recommended Posts

Sorry to bother you guys, but im having a problem at the moment i tend to get random ad from the host proccess window services i blv, i've googled this and took a little steps and got to the point where i used combofix and once it was completed it restarted my computer and then i got this, from this point on im not sure what i gotta do,hope this helps you help me.

ComboFix 13-02-03.03 - Manni 05/02/2013 5:23.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16347.13177 [GMT -5:00]

Running from: c:\users\Manni\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\$recycle.bin\S-1-5-21-1158334140-3666631412-3874805370-1001\$28c8ed3d9b6b76c471041a8f96eac9a0\@

c:\$recycle.bin\S-1-5-21-1158334140-3666631412-3874805370-1001\$28c8ed3d9b6b76c471041a8f96eac9a0\n

c:\users\Manni\AppData\Roaming\dabc1cc4-ff2f-4f0c-b4b7-d412d44956eb79

c:\users\Manni\AppData\Roaming\dabc1cc4-ff2f-4f0c-b4b7-d412d44956eb79\dabcccffffcbbddeb.exe

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\chrome.manifest

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\loader.xul

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\install.rdf

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf

c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf

c:\users\Manni\AppData\Roaming\onsrpi.dll

c:\users\Manni\AppData\Roaming\qugpil.dll

c:\users\Manni\AppData\Roaming\rasmf.dll

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\msvcr71.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))

.

.

2013-02-05 10:26 . 2013-02-05 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-03 02:20 . 2013-02-03 03:46 -------- d-----w- c:\program files (x86)\TERA

2013-02-03 02:20 . 2013-02-03 02:25 -------- d-----w- c:\users\Manni\AppData\Local\TERA

2013-02-01 03:59 . 2013-02-01 03:59 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-02-01 03:59 . 2013-02-01 03:59 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-31 22:49 . 2013-01-31 22:49 -------- d-----w- c:\program files (x86)\Kill3rCombo

2013-01-30 09:48 . 2013-01-30 09:48 -------- d-----w- c:\users\Manni\AppData\Local\Aeria Games

2013-01-30 09:47 . 2013-01-30 09:47 -------- d-----w- c:\programdata\Aeria Games

2013-01-30 09:45 . 2013-01-30 10:47 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin

2013-01-30 09:17 . 2013-01-30 09:18 -------- d-----w- c:\users\Manni\AppData\Local\Akamai

2013-01-30 09:17 . 2013-01-30 10:47 -------- d-----w- C:\AeriaGames

2013-01-30 05:10 . 2013-01-30 05:10 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

2013-01-30 05:10 . 2013-01-30 05:10 -------- d-----w- c:\users\Manni\AppData\Roaming\SystemRequirementsLab

2013-01-18 21:03 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A109319-3D95-454E-A790-3932CF8117C7}\mpengine.dll

2013-01-17 04:46 . 2013-01-17 04:46 -------- d-----w- C:\Webzen

2013-01-17 02:36 . 2013-01-20 19:47 -------- d-----w- c:\users\Manni\jagexcache

2013-01-17 00:28 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2013-01-17 00:28 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll

2013-01-17 00:28 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll

2013-01-17 00:28 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

2013-01-17 00:28 . 2007-04-04 23:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll

2013-01-17 00:28 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll

2013-01-17 00:27 . 2013-01-17 02:36 -------- d-----w- c:\users\Manni\AppData\Local\Warframe

2013-01-16 23:18 . 2013-01-16 23:18 -------- d-----w- c:\program files (x86)\GameFuse

2013-01-11 00:36 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-11 00:35 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-11 00:35 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-11 00:35 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2013-01-11 00:35 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2013-01-11 00:35 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-01-11 00:35 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-01 03:59 . 2012-07-17 00:40 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-02-01 03:59 . 2012-07-17 00:40 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-12 03:39 . 2012-04-06 03:45 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-12 03:39 . 2012-04-06 03:45 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-16 22:31 . 2012-07-28 09:07 67599240 ----a-w- c:\windows\system32\MRT.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Manni\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"OOTag"="c:\program files (x86)\Gateway\OOBEOffer\OOTag.exe" [2010-02-23 13856]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2012-02-07 636520]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

R1 SABKUTIL;SABKUTIL;c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-17 1255736]

R3 wolf;wolf;c:\aeriagames\Wolfteam\avital\wolf64.sys [x]

R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]

R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]

R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-23 236544]

S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2012-02-29 28264]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]

S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2012-02-07 255376]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-09-23 95760]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-02-03 59520]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-02-03 84736]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-19 1488448]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 03:39]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

Trusted Zone: aeriagames.com

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\

FF - ExtSQL: 2013-02-01 20:27; {56f8a728-00da-4134-9b9c-83270ea9ac6d}; c:\users\Manni\AppData\Roaming\Mozilla\Firefox\Profiles\zjc1bi7o.default\extensions\{56f8a728-00da-4134-9b9c-83270ea9ac6d}.xpi

FF - user.js: extensions.funmoods.hmpg - false

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtByD0FzytAyEyC0ByC0AzztN0D0Tzu0CtBzytDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=155755058

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - false

FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtByD0FzytAyEyC0ByC0AzztN0D0Tzu0CtBzytDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=155755058

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtByD0FzytAyEyC0ByC0AzztN0D0Tzu0CtBzytDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=155755058&q=

FF - user.js: extensions.funmoods.id - E840F25F9346B6A8

FF - user.js: extensions.funmoods.instlDay - 15630

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.223:46

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - download

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - download

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - true

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extentions.y2layers.installId - c2bc3d11-7ac6-49e3-aeec-7219fd060b86

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-qugpil - c:\users\Manni\AppData\Roaming\qugpil.dll

Wow6432Node-HKCU-Run-onsrpi - c:\users\Manni\AppData\Roaming\onsrpi.dll

Wow6432Node-HKCU-Run-rasmf - c:\users\Manni\AppData\Roaming\rasmf.dll

Wow6432Node-HKCU-Run-Adobe CS Manager - c:\users\Manni\AppData\Roaming\dabc1cc4-ff2f-4f0c-b4b7-d412d44956eb79\dabcccffffcbbddeb.exe

Toolbar-Locked - (no file)

AddRemove-PunkBusterSvc - c:\program files (x86)\STEAM\STEAMAPPS\COMMON\APB RELOADED\Binaries\pbsvc_apb.exe

AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - c:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

.

**************************************************************************

.

Completion time: 2013-02-05 05:53:53 - machine was rebooted

ComboFix-quarantined-files.txt 2013-02-05 10:53

.

Pre-Run: 1,878,211,551,232 bytes free

Post-Run: 1,877,987,196,928 bytes free

.

- - End Of File - - C285CBFF7A936234C2335DB135D4B747

Link to post
Share on other sites

"illegal operation attempted on registry key that has been marked for deletion" i am also getting this msg when i try to open anyting if you need the dds and attach please do ask, i was going to add that to this but i think this might help which i added from the results that were from the combofix after i restarted my computer

Link to post
Share on other sites

Wasn't to sure what i was doing to be honest, i just started combofix up then my computer restarted and like i said everything i click now says "illegal operation attempted on registry key that has been marked for deletion" i was reading someone's problem that was like mine so i continued to do what he was told to do and now im here stuck ...not sure what to do

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.