Jump to content

slow system and browser hijack help please


Recommended Posts

Hi,

please help clear this infection!

thanks

it involves broswer hijacking and a very slow computer with around 100 processes running sometimes

i have used malwarebytes ant-malware removal tool and spybot search and destroy

malwarebytes ant-imalware removal tool did not find anything on quick or deep scan,

spybot search and destroy removed, or claims to have, removed about 80 items but still the browser hijacking and slow computer remains a problem

thanks in advance

dds.txt

###########################################################################

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.7.2

Run by gill at 17:10:08 on 2013-06-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.1678 [GMT 1:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ================

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\nvvsvc.exe

C:\windows\SYSTEM32\WISPTIS.EXE

C:\windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\windows\system32\taskhost.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskeng.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

C:\windows\system32\taskeng.exe

C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

C:\Program Files\Samsung\EasyButtonManager\EasyButtonManager.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\windows\system32\mfevtps.exe

C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

C:\windows\system32\rundll32.exe

C:\windows\SYSTEM32\Rezip.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Users\gill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Users\gill\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Users\gill\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\DllHost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\gill\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gill\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gill\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\gill\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\McAfee Online Backup\MOBKbackup.exe

C:\Program Files\McAfee Online Backup\MOBKbackup.exe

C:\windows\system32\vssvc.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Users\gill\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\windows\System32\WUDFHost.exe

C:\Program Files\McAfee\VirusScan\mcods.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.babylon.com/?affID=119370&babsrc=HP_ss_bayi&mntrId=96D8B482FEB5CD96

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [Google Update] "c:\users\gill\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [spotify] "c:\users\gill\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart

uRun: [spotify Web Helper] "c:\users\gill\appdata\roaming\spotify\data\SpotifyWebHelper.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Conime] c:\windows\system32\conime.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"

StartupFolder: c:\users\gill\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\gill\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab

TCP: NameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{1955EEBE-D9A3-4BE9-8B5E-733BA6907402} : DHCPNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{1955EEBE-D9A3-4BE9-8B5E-733BA6907402}\16277697C6C6E65647 : DHCPNameServer = 193.36.79.100 193.36.79.101

TCP: Interfaces\{1955EEBE-D9A3-4BE9-8B5E-733BA6907402}\E45445745414258383 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{EFA0729D-2EE6-4CC0-BE39-3BBB91CE7BBD} : DHCPNameServer = 192.168.0.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

AppInit_DLLs= c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-3-12 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-23 29472]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-10-26 60920]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-23 54632]

S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [2009-12-23 10360]

S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-26 146872]

.

=============== Created Last 30 ================

.

2013-06-15 15:43:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-06-15 15:43:34 -------- d-----w- c:\program files\Spybot - Search & Destroy

2013-06-14 09:27:29 -------- d-----w- c:\users\gill\appdata\roaming\Malwarebytes

2013-06-14 09:27:00 -------- d-----w- c:\programdata\Malwarebytes

2013-06-14 09:26:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-06-14 09:26:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-06-14 09:26:26 -------- d-----w- c:\users\gill\appdata\local\Programs

2013-06-13 10:27:04 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-06-13 10:27:04 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll

2013-06-12 20:52:36 1505280 ----a-w- c:\windows\system32\d3d11.dll

2013-06-12 20:52:28 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-06-12 20:52:03 903168 ----a-w- c:\windows\system32\certutil.exe

2013-06-12 20:52:02 43008 ----a-w- c:\windows\system32\certenc.dll

2013-06-12 20:52:02 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-06-12 20:52:02 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-06-12 20:52:02 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-06-12 20:16:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-06-12 18:53:55 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-06-12 18:53:54 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-12 18:44:07 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-12 18:34:42 492544 ----a-w- c:\windows\system32\win32spl.dll

.

==================== Find3M ====================

.

2013-06-12 09:08:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-12 09:08:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-03-19 04:53:27 186368 ----a-w- c:\windows\system32\wwansvc.dll

2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 03:33:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe

.

============= FINISH: 17:13:54.62 ===============

attach.txt

#######################################################################

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 03/08/2011 22:11:18

System Uptime: 16/06/2013 16:56:55 (1 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO.,LTD | | Samsung DeskTop System

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 225 GiB total, 153.895 GiB free.

D: is FIXED (NTFS) - 226 GiB total, 0.005 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP905: 02/06/2013 21:26:15 - Windows Backup

RP906: 02/06/2013 23:51:09 - Windows Update

RP907: 04/06/2013 01:01:36 - Windows Update

RP908: 04/06/2013 15:15:29 - Windows Update

RP909: 05/06/2013 01:02:52 - Windows Update

RP910: 06/06/2013 03:01:37 - Windows Update

RP911: 06/06/2013 21:26:08 - Windows Update

RP912: 07/06/2013 03:00:36 - Windows Update

RP913: 07/06/2013 12:56:46 - Windows Update

RP914: 08/06/2013 21:21:16 - Windows Update

RP915: 10/06/2013 17:20:08 - Windows Backup

RP916: 10/06/2013 20:25:31 - Windows Update

RP917: 11/06/2013 10:12:04 - Windows Update

RP918: 11/06/2013 22:43:15 - Windows Update

RP919: 13/06/2013 02:06:44 - Windows Update

RP920: 13/06/2013 11:25:36 - Windows Update

RP921: 13/06/2013 22:34:19 - Windows Update

RP922: 15/06/2013 00:43:43 - Windows Update

RP923: 16/06/2013 09:38:51 - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.3

aioscnnr

Alice Greenfingers

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Client Installation Program

BlackBerry Desktop Software 6.1

BlackBerry Device Manager 6.1

Bonjour

Business Contact Manager for Outlook 2007 SP2

C4USelfUpdater

center

ChargeableUSB

CyberLink DVD Suite

CyberLink LabelPrint

CyberLink Power2Go

CyberLink PowerDirector

CyberLink PowerDVD 8

CyberLink PowerProducer

CyberLink YouCam

Dairy Dash

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox

Easy Button Manager

Easy SpeedUp Manager

essentials

Farm Frenzy 2

Game Pack

Go-Go Gourmet

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Matrix Storage Manager

iTunes

Java 7 Update 7

Java Auto Updater

JavaFX 2.1.1

Junk Mail filter update

Kalydo Player 4.06.04

Kodak AIO Printer

KODAK AiO Software

Malwarebytes Anti-Malware version 1.75.0.1300

Marvell Miniport Driver

McAfee Internet Security

McAfee Online Backup

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Small Business Connectivity Components

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

NextWindow Drivers

Nostale

NVIDIA Drivers

ocr

Paint.NET v3.5.10

PDF Reader Packages

Play Touch

PreReq

PrintProjects

QuickTime

Realtek High Definition Audio Driver

REALTEK Wireless LAN Software

Samsung Recovery Solution 4

Samsung Support Center

Samsung Update Plus

SamsungMovie

SD226 Biological Psychology

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shared C Run-time for x86

Skype Click to Call

Skype™ 6.3

Spotify

Spybot - Search & Destroy

Torch

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for PDF Reader

User Guide

WIDCOMM Bluetooth Software

Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

16/06/2013 16:59:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

16/06/2013 16:59:15, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/06/2013 16:58:38, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

16/06/2013 09:45:08, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).

15/06/2013 18:10:15, Error: Service Control Manager [7000] - The BrowserProtect service failed to start due to the following error: The system cannot find the path specified.

15/06/2013 18:02:13, Error: Service Control Manager [7034] - The WajamUpdater service terminated unexpectedly. It has done this 1 time(s).

15/06/2013 18:02:00, Error: Service Control Manager [7034] - The BrowserProtect service terminated unexpectedly. It has done this 1 time(s).

11/06/2013 22:42:01, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

10/06/2013 20:14:33, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the defragsvc service.

.

==== End Of File ===========================

Attach.zip

Link to post
Share on other sites

  • Replies 65
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and
Please don't waste my time by leaving before that
.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

hi,

thanks for you help in advance.

before runnimg RogueKiller (32 bit) you instructed me to quit all running programs and many users have installed the likes of dropbox, itunes, adobe acrobat and skype as well as many other things!

therefore i went to comply with your request and disable all startup programs so did

run dos

msconfig

and disabled 20 or so startup programs and drivers.

sorry for any unecessary concern.

thanks

nadeem aka deemyboy

then ran lRogueKiller

i'm just wondering if this has prevented any infections or little nasties from showing up.

there was a particular file program called

Conime and a quick google revealed that it was a legitiamate windows process ALTHOUGH it may have been replaced or is imitaiting a legit windows file

go here maybe(?) --> http://www.file.net/process/conime.exe.html which states

If conime.exe is located in the folder C:\Windows\System32\drivers, the security rating is 86% dangerous. The file size is 69,246 bytes (27% of all occurrences), 96,897 bytes, 96,896 bytes, 48,436 bytes or 96,899 bytes. Program has no file description. The program is not visible. It is located in the Windows folder, but it is not a Windows core file. File conime.exe is not a Windows system file. Program starts when Windows starts (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). conime.exe is able to hide itself, monitor applications, record inputs and manipulate other programs

all my above concerns may of course be in vain as the below log may show everything regardless of whether they are switched off at startup or not!

RogueKiller V8.6.0 [Jun 16 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7

Started in : Normal mode

User : gill [Admin rights]

Mode : Scan -- Date : 06/17/2013 13:07:06

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[APPINIT][sUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll [7]) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤

[V2][sUSP PATH] DSite : C:\Users\gill\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-][x] -> FOUND

[V2][sUSP PATH] EPUpdater : C:\Users\gill\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI +++++

--- User ---

[MBR] 67fe0322d82a42f3fb17115d86326485

[bSP] 15d1a3461f2ef013ad091c923af3752b : KIWI Image system MBR Code

Partition table:

0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 230400 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 503523328 | Size: 231078 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HM500JI +++++

--- User ---

[MBR] 8d6787d5ac324138b7a37d8f6a3eda2e

[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 1 | Size: 7599 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[0]_S_06172013_130706.txt >>

Link to post
Share on other sites

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

hi,

MBAR says congratulations no malware found!

but my browser - google chrome - is still hi-jacked - goes to babylon.search in url

system.log and mbar-log.txt are attached

in the case mbar-log.txt i ran mbar twice to make sure in the end but chrome is still hijacked

do you want to see earlier run mbar-log.txt at 17.00

mbar-log-2013-06-17 (18-43-06).txt

system-log.txt

Link to post
Share on other sites

Please be patient, there's a certain procedure that I use to remove any and all malware/adware from the system.

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

here's combofix report

ComboFix 13-06-17.01 - gill 17/06/2013 20:42:46.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.2026 [GMT 1:00]

Running from: c:\users\gill\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{474A9873-C1AA-4AF0-8BEF-866752457CF9}.xps

c:\users\gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{559FA022-F90F-435D-80BC-90A6B91F2628}.xps

c:\users\gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A3B252B-7410-43C5-B220-C5E00D0DA95D}.xps

c:\users\gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C3D80F0-8BA2-4357-B265-7C4F46CF583E}.xps

c:\users\gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C1056A63-7839-477E-A7FC-92E708F766E0}.xps

c:\users\gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C5A7E7BA-68B5-4A2D-95AF-CCE2405376FA}.xps

c:\users\gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E3A3A560-D7FB-4E27-877B-93919F7161DE}.xps

c:\users\gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EA1D7669-F8F8-4BE4-99BC-DF7BBAF1F8B8}.xps

c:\users\gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ED547256-0E15-4895-9B37-E0FDEF26A507}.xps

c:\users\gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FAB033D8-8446-467C-A569-95A520167766}.xps

c:\users\gill\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FC794B9A-4614-4896-AAD1-2C1D164B439A}.xps

c:\users\gill\AppData\Roaming\.#

c:\users\gill\AppData\Roaming\.#\MBX@17F0@1672760.###

c:\users\gill\AppData\Roaming\.#\MBX@17F0@1672790.###

c:\users\gill\Documents\~WRL0001.tmp

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2013-05-17 to 2013-06-17 )))))))))))))))))))))))))))))))

.

.

2013-06-17 19:50 . 2013-06-17 19:51 -------- d-----w- c:\users\gill\AppData\Local\temp

2013-06-17 19:50 . 2013-06-17 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-17 13:03 . 2013-06-17 18:38 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-15 15:43 . 2013-06-15 17:11 -------- d-----w- c:\program files\Spybot - Search & Destroy

2013-06-15 15:43 . 2013-06-15 16:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-06-14 09:27 . 2013-06-14 09:27 -------- d-----w- c:\users\gill\AppData\Roaming\Malwarebytes

2013-06-14 09:27 . 2013-06-14 09:27 -------- d-----w- c:\programdata\Malwarebytes

2013-06-14 09:26 . 2013-06-14 09:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-06-14 09:26 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-06-14 09:26 . 2013-06-14 09:26 -------- d-----w- c:\users\gill\AppData\Local\Programs

2013-06-13 10:27 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-06-13 10:27 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-06-12 20:52 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll

2013-06-12 20:52 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-06-12 20:52 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe

2013-06-12 20:52 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-06-12 20:52 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-06-12 20:52 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-06-12 20:52 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll

2013-06-12 20:16 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-06-12 18:53 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-06-12 18:53 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-12 18:44 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-12 18:34 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-12 09:08 . 2012-04-07 09:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-12 09:08 . 2011-11-02 19:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-13 04:45 . 2013-05-16 17:52 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-16 17:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 13:45 . 2013-04-24 10:03 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 05:18 . 2013-05-16 17:50 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 05:18 . 2013-05-16 17:50 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 03:14 . 2013-05-16 17:52 2347520 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\gill\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\gill\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\gill\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\BROWSE~1\261339~1.144\{C16C1~1\BrowserProtect.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^gill^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-11-28 14:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2009-06-03 11:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKStatusMonitor]

2012-10-15 11:58 2844608 ----a-w- c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-08-06 02:35 136176 ----atw- c:\users\gill\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-12-12 13:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]

2013-03-13 17:40 1278064 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-11-05 07:15 13830760 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]

2012-01-20 20:03 719672 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

2009-04-15 14:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

2009-04-15 14:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]

2011-02-18 10:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2009-11-10 01:32 7866912 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2013-01-08 12:59 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]

2012-10-21 16:44 7901144 ----a-w- c:\users\gill\AppData\Roaming\Spotify\spotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

2012-10-21 16:44 1199576 ----a-w- c:\users\gill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-03-12 02:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2009-05-19 21:16 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2009-05-19 13:16 222504 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]

2009-05-19 13:16 222504 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]

2008-01-04 02:02 222504 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]

2008-12-03 13:15 218408 ------w- c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2009-07-21 02:39 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

.

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 167784]

R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161384]

R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-12-22 10360]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 146872]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 92632]

R3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2009-12-22 23672]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1343400]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 210608]

S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 54776]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]

S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 169320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 172416]

S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]

S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 60920]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 363080]

S3 rtl819xp;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-12-16 548352]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 09:08]

.

2013-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 02:30]

.

2013-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 02:30]

.

2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1533838109-2435717023-1915360808-1005Core.job

- c:\users\gill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:35]

.

2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1533838109-2435717023-1915360808-1005UA.job

- c:\users\gill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:35]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://isearch.babylon.com/?affID=119370&babsrc=HP_ss_bayi&mntrId=96D8B482FEB5CD96

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-Conime - c:\windows\system32\conime.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-17 20:53:26

ComboFix-quarantined-files.txt 2013-06-17 19:53

.

Pre-Run: 165,029,158,912 bytes free

Post-Run: 164,887,498,752 bytes free

.

- - End Of File - - 884B777C83CEBAB022BB7E49694918B0

933337B9CF1D440B7DD76057050B4626

Link to post
Share on other sites

OK...Next:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

before i do that

i restarted pc after combofix but it has failed to restart - stuck on starting windows screen with logo and black background for last 15 or so minutes

it played the logging on melody but hasn't advanced to the desktop!

harddrive light is still flickering so it makes me think something's going to happen

i'm reluctant to turn off the machine as this the first restart since combofix ran and i like to give things some time to sort themselves out!

it

Link to post
Share on other sites

it's taken 4 hours to get back to a visible screen!!!!

 

i had to do a restore so i'm wondering whether all the files etc. that were removed have all been replaced!

 

do i need to restart from the beginning?

 

thanks and sorry for wasting so much time!

Link to post
Share on other sites

i used the last restore point which must be the one combofix made because the display wouldn't show anything other than the starting windows screen

 

there is a folder named qoolbox

 

i looked in a few other folders within c:\qoolbox and found all the text/log files i could find

ComboFix-quarantined-files.txt

Add-Remove Programs.txt

catchme.log

Link to post
Share on other sites

aren't those files irrelevant because we've gone back to a point  BEFORE combofix was run....unless it helps you to see what combofix "fixed" last time and might have been the cause for the no display or hanging on the starting windows screen!

 

it was strange because windows had actual booted and i could type and move the mouse etc and select things but just couldn't actually SEE anything - like using your computer with the monitor unplugged!!!

Link to post
Share on other sites

also i think the dis[play hanging may not necessarily have been a combofix issue because i have also  been attempting to fix a fuzzy screen problem which is kind of proving to be driver related so i had actually disable the driver for the grapichs card which may have been why on restatrt it wouldn't display anything even tough it was fine before the restart!

 

it wouldn't even work in safe mode or on la special low res 640x480 mode!

 

i'm assuming the graphics card was re-enabled during the restore because it is enabled right now and i never re-enabled it manually 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.