Jump to content

Random hourly Tab-out


Recommended Posts

Hey there,


 


I recently contracted SOMETHING on my computer though I cannot deduce exactly what it is. It's causing my computer to alt-tab out every hour at XX:13 exactly. I'll be in the middle of a game, or searching the web, and all of a sudden the program loses focus (causing me to close out of any full-screen apps i'm in, or have to reselect the browser window).


 


I've done some research on my own as I feel i'm fairly computer-literate, and it sounds like a common error but with no specific fix. I've tried looking at start-up programs, restarting computer, updating files and drivers, scanning with malwarebytes, super-anti-spyware, and cleaning with Ccleaner and Avira. I've even waited until XX:13 with task manager open to see if a program blips on to help identify which is causing the problem.


 


All scans turn up clean, nothing showed up in task manager, and all processes LOOK to be in order. But lo and behold, every hour on the 13th minute, tabbed i go. 


 


Any help would be greatly appreciated.


 


Kelli


 


 


After some more research, I was able to find the computer management log of what HAPPENS every time it tabs me out. But I have no earthly idea how to fix it or what to do with the information. Here's a paste:


 


Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x51a4ab8c

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f

Exception code: 0xc0000005

Fault offset: 0x0002e243

Faulting process id: 0x13a0

Faulting application start time: 0x01ce7792d738827d

Faulting application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Faulting module path: C:\Windows\SysWOW64\ntdll.dll

Report Id: 15cbafd6-e386-11e2-ad54-001e33d02f39

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

 

Actually I find that the Adobe updater for Flash is buggy myself and typically disable it and do manual updates.  Let's go ahead though since you're here and check for possible malware or rootkits.  Please run the following and post back the logs and we'll see if we can find any issues.

 

 

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder.



Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt



STEP 03

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus





STEP 04

Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.



STEP 05

button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


 

 

Thanks

Link to post
Share on other sites

Thanks for the response, AS :)

 

Once I had identified the program in question, I tried to both disable it and remove it. but the problem is that it refuses access. I've removed adobe flash in general (hoping it'd remove that file in the process), and I've attempted a more thorough removal of the file itself but i'm met with "failed" or "unable to complete task" even as an administrator. The process still runs in my task manager>services and I cant get rid of it.

 

But I will of course do what you requested. I'll post logs once i'm finished :)

Link to post
Share on other sites

MBAR scan 1

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

www.malwarebytes.org

 

Database version: v2013.07.04.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

Arcee :: ARCEE-LAPTOP [administrator]

 

7/4/2013 12:49:38 PM

mbar-log-2013-07-04 (12-49-38).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: PUP

Objects scanned: 235023

Time elapsed: 12 minute(s), 58 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 3

c:\$Recycle.Bin\S-1-5-21-70496206-3670605442-152696378-1000\$5d56122ea283704ed067af9959726d95\U (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-21-70496206-3670605442-152696378-1000\$5d56122ea283704ed067af9959726d95\L (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-21-70496206-3670605442-152696378-1000\$5d56122ea283704ed067af9959726d95 (Trojan.Siredef.C) -> Delete on reboot.

 

Files Detected: 1

c:\$Recycle.Bin\S-1-5-21-70496206-3670605442-152696378-1000\$5d56122ea283704ed067af9959726d95\@ (Trojan.Siredef.C) -> Delete on reboot.

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

MBAR scan 2

(came up absolutely clean)

 

MBAR System Log

 ---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16618
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3082809344, free: 1806598144
 
Downloaded database version: v2013.07.04.07
Initializing...
------------ Kernel report ------------
     07/04/2013 12:49:32
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\RTL8187B.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wininet.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004e80060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000074\
Lower Device Object: 0xfffffa8004e76780
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8002eca790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8002d01680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002eca790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002eca2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002eca790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002d25520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8002d01680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 68C919C9
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8004e80060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004e78040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004e80060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004e76780, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: c:\$Recycle.Bin\S-1-5-21-70496206-3670605442-152696378-1000\$5d56122ea283704ed067af9959726d95\@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-70496206-3670605442-152696378-1000\$5d56122ea283704ed067af9959726d95\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-70496206-3670605442-152696378-1000\$5d56122ea283704ed067af9959726d95\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-70496206-3670605442-152696378-1000\$5d56122ea283704ed067af9959726d95 --> [Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16618
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3082809344, free: 1605500928
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16618
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3082809344, free: 1616130048
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16618
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3082809344, free: 1614204928
 
Initializing...
------------ Kernel report ------------
     07/04/2013 13:06:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\RTL8187B.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wininet.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004e80060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000074\
Lower Device Object: 0xfffffa8004e76780
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8002eca790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8002d01680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002eca790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002eca2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002eca790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002d25520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8002d01680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 68C919C9
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8004e80060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004e78040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004e80060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004e76780, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
Link to post
Share on other sites

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Arcee on Thu 07/04/2013 at 13:18:54.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [service] browser manager 
Successfully deleted: [service] browser manager 
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-70496206-3670605442-152696378-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\browsermngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\browsermngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E5F53958-6C63-4659-8142-38C3C9A0C8DF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\browser manager"
Successfully deleted: [Folder] "C:\Users\Arcee\appdata\local\download beast"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Arcee\AppData\Roaming\mozilla\firefox\profiles\m4behf5f.default\user.js
Successfully deleted: [File] C:\Users\Arcee\AppData\Roaming\mozilla\firefox\profiles\m4behf5f.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Arcee\AppData\Roaming\mozilla\firefox\profiles\m4behf5f.default\bprotector_prefs.js
Successfully deleted: [File] "C:\Users\Arcee\AppData\Roaming\mozilla\firefox\profiles\m4behf5f.default\extensions\DivXWebPlayer@divx.com.xpi" 
Successfully deleted: [File] C:\Users\Arcee\AppData\Roaming\mozilla\firefox\profiles\m4behf5f.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Arcee\AppData\Roaming\mozilla\firefox\profiles\m4behf5f.default\searchplugins\privitize.xml
Successfully deleted: [Folder] C:\Users\Arcee\AppData\Roaming\mozilla\firefox\profiles\m4behf5f.default\jetpack
Successfully deleted the following from C:\Users\Arcee\AppData\Roaming\mozilla\firefox\profiles\m4behf5f.default\prefs.js
 
user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
user_pref("browser.search.selectedEngine", "Search The Web (privitize)");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "b07428180000000000000024d2c42ac9");
user_pref("extensions.BabylonToolbar.instlDay", "15672");
user_pref("extensions.BabylonToolbar.instlRef", "na");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.819:03:57");
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "5");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.excTlbr", false);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hpOld0", "");
user_pref("extensions.privitize.id", "b07428180000000000000024d2c42ac9");
user_pref("extensions.privitize.instlDay", "15864");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.vrsn", "1.8.21.6");
user_pref("extensions.privitize.vrsnTs", "1.8.21.60:25:16");
user_pref("extensions.privitize.vrsni", "1.8.21.6");
Emptied folder: C:\Users\Arcee\AppData\Roaming\mozilla\firefox\profiles\m4behf5f.default\minidumps [187 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/04/2013 at 13:33:26.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
ADw
 
# AdwCleaner v2.304 - Logfile created 07/04/2013 at 13:38:42
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Arcee - ARCEE-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Arcee\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\Users\Arcee\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Arcee\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\Users\Arcee\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\96d9ddb634ed49
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Wow6432Node\96d9ddb634ed49
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKU\S-1-5-21-70496206-3670605442-152696378-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Users\Arcee\AppData\Roaming\Mozilla\Firefox\Profiles\m4behf5f.default\prefs.js
 
Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7Bb9db16a4-6edc-47ec-a1f4[...]
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Arcee\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
*************************
 
AdwCleaner[R1].txt - [4009 octets] - [04/07/2013 13:37:39]
AdwCleaner[s1].txt - [3876 octets] - [04/07/2013 13:38:42]
 
########## EOF - C:\AdwCleaner[s1].txt - [3936 octets] ##########
 
 
ESET
 
C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\ProgramData\Browser Manager\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe a variant of Win32/bProtector.A application
C:\ProgramData\Browser Manager\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe a variant of Win32/bProtector.A application
C:\Users\All Users\Browser Manager\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe a variant of Win32/bProtector.A application
C:\Users\All Users\Browser Manager\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe a variant of Win32/bProtector.A application
Link to post
Share on other sites

  • Root Admin

The MBAR Anti-Rootkit tool found at least part of a nasty rootkit.  As such please run MBAR one more time and when it's finished go ahead and go into the Plugin folder where MBAR is located and run the FIXDAMAGE.EXE program and reboot the computer.

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller
Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 

 

 

Next, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Link to post
Share on other sites

I've attached the log from TDSS (as it's huge)

 

and here is the log from the system checker:

 

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 21.0 Firefox out of Date!  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 

TDSSKiller.2.8.18.0_04.07.2013_17.07.43_log.txt

Link to post
Share on other sites

  • Root Admin

The log shows no problems so that's good.  Did you run the FIXDAMAGE.EXE program?

 

How is the computer running now?

 

 

 

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  •  
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

 

 

Link to post
Share on other sites

Yes, I ran fix damage.

 

My computer still "loses focus" at XX:13. (I will double check again at 6:13) When I ran TDSS, it DID show that adobeflashplayerupdateSVC was a threat, but you instructed me to skip it and not remove it...and that is the program that is stealing focus at that given time. Any way to remove it?

 

nonetheless:

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Arcee (administrator) on 04-07-2013 at 17:47:05
Running from "C:\Users\Arcee\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Local Area Connection (Connected)
Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter = Wireless Network Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Arcee-Laptop
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.mi.comcast.net.
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : hsd1.mi.comcast.net.
   Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : 00-24-D2-C4-2A-C9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd15:2b3a:a8fe:0:2dd4:589a:1e1e:f205(Preferred) 
   Temporary IPv6 Address. . . . . . : fd15:2b3a:a8fe:0:89f6:c5d4:85b5:d0a8(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2dd4:589a:1e1e:f205%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, July 04, 2013 5:07:00 PM
   Lease Expires . . . . . . . . . . : Friday, July 05, 2013 5:07:00 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 218113234
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C5-BD-82-00-1E-33-D0-2F-39
   DNS Servers . . . . . . . . . . . : 75.75.76.76
                                       75.75.75.75
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : hsd1.mi.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1E-33-D0-2F-39
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd15:2b3a:a8fe:0:9443:2d06:183c:89c2(Preferred) 
   Temporary IPv6 Address. . . . . . : fd15:2b3a:a8fe:0:8de4:9425:178e:df16(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::9443:2d06:183c:89c2%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, July 04, 2013 5:06:53 PM
   Lease Expires . . . . . . . . . . : Friday, July 05, 2013 5:06:53 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234888755
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-C5-BD-82-00-1E-33-D0-2F-39
   DNS Servers . . . . . . . . . . . : 75.75.76.76
                                       75.75.75.75
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.hsd1.mi.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.mi.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:8d4:36c0:3f57:fe94(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::8d4:36c0:3f57:fe94%12(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns02.comcast.net
Address:  75.75.76.76
 
Name:    google.com
Addresses:  2607:f8b0:4009:801::1008
 173.194.46.39
 173.194.46.37
 173.194.46.34
 173.194.46.32
 173.194.46.41
 173.194.46.35
 173.194.46.33
 173.194.46.40
 173.194.46.38
 173.194.46.36
 173.194.46.46
 
 
Pinging google.com [173.194.46.71] with 32 bytes of data:
Reply from 173.194.46.71: bytes=32 time=21ms TTL=55
Reply from 173.194.46.71: bytes=32 time=23ms TTL=55
 
Ping statistics for 173.194.46.71:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 23ms, Average = 22ms
Server:  cdns02.comcast.net
Address:  75.75.76.76
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=38ms TTL=51
Reply from 98.138.253.109: bytes=32 time=39ms TTL=51
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 39ms, Average = 38ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 24 d2 c4 2a c9 ......Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
 10...00 1e 33 d0 2f 39 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.107     20
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.107    276
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    281
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    281
    192.168.1.107  255.255.255.255         On-link     192.168.1.107    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.107    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.107    276
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.107    276
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6ab8:8d4:36c0:3f57:fe94/128
                                    On-link
 10     28 fd15:2b3a:a8fe::/64      On-link
 11     33 fd15:2b3a:a8fe::/64      On-link
 11    281 fd15:2b3a:a8fe:0:2dd4:589a:1e1e:f205/128
                                    On-link
 11    281 fd15:2b3a:a8fe:0:89f6:c5d4:85b5:d0a8/128
                                    On-link
 10    276 fd15:2b3a:a8fe:0:8de4:9425:178e:df16/128
                                    On-link
 10    276 fd15:2b3a:a8fe:0:9443:2d06:183c:89c2/128
                                    On-link
 10    276 fe80::/64                On-link
 11    281 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::8d4:36c0:3f57:fe94/128
                                    On-link
 11    281 fe80::2dd4:589a:1e1e:f205/128
                                    On-link
 10    276 fe80::9443:2d06:183c:89c2/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/04/2013 05:13:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x51a4ab8c
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0xd18
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3
 
Error: (07/04/2013 04:13:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x51a4ab8c
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0xbdc
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3
 
Error: (07/04/2013 03:13:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x51a4ab8c
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0x8cc
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3
 
Error: (07/04/2013 02:13:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x51a4ab8c
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0xd18
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (07/04/2013 05:13:02 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e243d1801ce78fb433a92b9C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll82950a9e-e4ee-11e2-b66a-001e33d02f39
 
Error: (07/04/2013 04:13:02 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e243bdc01ce78f2e171998cC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll2095921f-e4e6-11e2-bbee-0024d2c42ac9
 
Error: (07/04/2013 03:13:02 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e2438cc01ce78ea7fb76405C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dllbeaa3ab5-e4dd-11e2-bbee-0024d2c42ac9
 
Error: (07/04/2013 02:13:08 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e243d1801ce78e21df8d10bC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll606db3f1-e4d5-11e2-bbee-0024d2c42ac9
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-10-07 22:01:53.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-07 21:50:06.675
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-07 21:39:04.319
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-07 21:23:49.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-07 21:17:13.756
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-07 21:10:10.723
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-07 21:04:06.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-07 16:52:32.161
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-07 15:39:59.714
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-07 15:16:03.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 13.0.0.3737)
Band Manager 2.0 (Version: 02.00.0000)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.01)
Curse Client (Version: 5.1.1.792)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ERUNT 1.1j
ESET Online Scanner v3
Google Chrome (Version: 27.0.1453.116)
Google Earth Plug-in (Version: 7.1.1.1580)
Google Talk Plugin (Version: 4.1.3.13728)
Google Update Helper (Version: 1.3.21.149)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LG United Mobile Driver (Version: 3.8.1)
LG USB WML Modem Driver (Version: 1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Origin (Version: 9.1.10.2728)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Skype™ 6.5 (Version: 6.5.158)
Spotify (Version: 0.9.1.53.g876fa9df)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
The Sims™ 3 (Version: 1.50.56)
The Sims™ 3 Ambitions (Version: 4.10.1)
The Sims™ 3 Fast Lane Stuff (Version: 5.0.44)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 High-End Loft Stuff (Version: 3.0.38)
The Sims™ 3 Late Night (Version: 6.5.1)
The Sims™ 3 Master Suite Stuff (Version: 11.0.84)
The Sims™ 3 Outdoor Living Stuff (Version: 7.0.55)
The Sims™ 3 Pets (Version: 10.0.96)
The Sims™ 3 Seasons (Version: 16.0.136)
The Sims™ 3 Showtime (Version: 12.0.273)
The Sims™ 3 Supernatural (Version: 15.0.135)
The Sims™ 3 Town Life Stuff (Version: 9.0.73)
The Sims™ 3 University Life (Version: 18.0.126)
TOSHIBA Supervisor Password (Version: 2.00.03PLV)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
World of Warcraft (Version: 5.3.0.17128)
 
========================= Devices: ================================
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 45%
Total physical RAM: 2940 MB
Available physical RAM: 1595.95 MB
Total Pagefile: 5878.18 MB
Available Pagefile: 4158.03 MB
Total Virtual: 4095.88 MB
Available Virtual: 3951.7 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:225.07 GB) NTFS
4 Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ARCEE-LAPTOP
 
Administrator            Arcee                    Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****
Link to post
Share on other sites

  • Root Admin

We can remove that service but let's do it using the uninstaller. Go into your Control Panel, Programs, Add/Remove and locate the Adobe Flash player software and uninstall it.

Then run the following and reboot the computer and let me know if the FlashUpdater is gone now or not.

Next, Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

Link to post
Share on other sites

There is no Adobe Flash in my programs list. I had deleted it prior to posting on the forums (hoping that alone would fix it), so I had to skip the step using the uninstaller.

 

I ran rogue killer. Here is the report:

 

RogueKiller V8.6.2 _x64_ [Jul  2 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Arcee [Admin rights]

Mode : Scan -- Date : 07/04/2013 18:07:35

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST9500424AS ATA Device +++++

--- User ---

[MBR] 37bbce2a3ba4f57789f6113fa1eff74b

[bSP] 6f5bdcdc8ab245bff721479db14057e5 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_07042013_180735.txt >>

 

 

 

I then restarted the computer, and checked again. adobe service is still on my computer. and again I lost focus at 6:13.

 

 

post-142351-0-10533400-1372976512_thumb.

Link to post
Share on other sites

  • Root Admin

Click on START and type in CMD.EXE and when it shows on the Menu right click over it and choose "Run as administrator"

Then type in the following and press the Enter key. You should get a success message. If so then go ahead and restart the computer and it should be gone now.

SC DELETE AdobeFlashPlayerUpdateSvc

Let me know how that works

Link to post
Share on other sites

  • Root Admin

We'll see what that says but you may need to run this to help us track it down.

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply
Link to post
Share on other sites

ahah!

 

 
Image Name                     PID Session Name        Session#    Mem Usage Status          User Name                                              CPU Time Window Title                                                            
========================= ======== ================ =========== ============ =============== ================================================== ============ ========================================================================
System Idle Process              0 Services                   0         24 K Unknown         NT AUTHORITY\SYSTEM                                     0:19:04 N/A                                                                     
System                           4 Services                   0      1,056 K Unknown         N/A                                                     0:00:15 N/A                                                                     
smss.exe                       264 Services                   0      1,092 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
csrss.exe                      392 Services                   0      5,196 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
wininit.exe                    448 Services                   0      4,420 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
csrss.exe                      464 Console                    1     10,780 K Running         NT AUTHORITY\SYSTEM                                     0:00:02 N/A                                                                     
services.exe                   500 Services                   0      9,332 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:01 N/A                                                                     
lsass.exe                      524 Services                   0     11,048 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:01 N/A                                                                     
lsm.exe                        532 Services                   0      4,292 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
winlogon.exe                   588 Console                    1      7,052 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                    692 Services                   0      9,072 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:01 N/A                                                                     
svchost.exe                    776 Services                   0      7,660 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:00 N/A                                                                     
svchost.exe                    832 Services                   0     21,500 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:01 N/A                                                                     
svchost.exe                    916 Services                   0    116,576 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:18 N/A                                                                     
svchost.exe                    940 Services                   0     16,728 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
svchost.exe                    964 Services                   0     33,704 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:02 N/A                                                                     
svchost.exe                    384 Services                   0      5,472 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                   1128 Services                   0     15,412 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:01 N/A                                                                     
spoolsv.exe                   1304 Services                   0     14,304 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
taskeng.exe                   1312 Services                   0      5,144 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
sched.exe                     1380 Services                   0        892 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                   1400 Services                   0     18,444 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:01 N/A                                                                     
SASCore64.exe                 1568 Services                   0      4,712 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
armsvc.exe                    1604 Services                   0      3,876 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
taskhost.exe                  1676 Console                    1     10,900 K Running         Arcee-Laptop\Arcee                                      0:00:00 MCI command handling window                                             
avguard.exe                   1820 Services                   0     20,568 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:44 N/A                                                                     
dwm.exe                       1828 Console                    1      5,488 K Running         Arcee-Laptop\Arcee                                      0:00:00 DWM Notification Window                                                 
AppleMobileDeviceService.     1848 Services                   0      9,200 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
explorer.exe                  1888 Console                    1     57,648 K Running         Arcee-Laptop\Arcee                                      0:00:09 N/A                                                                     
mDNSResponder.exe             1468 Services                   0      5,472 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
svchost.exe                   1552 Services                   0     13,024 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
svchost.exe                   1056 Services                   0      5,528 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
SynTPEnh.exe                  2272 Console                    1     11,380 K Running         Arcee-Laptop\Arcee                                      0:00:01 N/A                                                                     
hkcmd.exe                     2288 Console                    1      9,820 K Running         Arcee-Laptop\Arcee                                      0:00:00 N/A                                                                     
igfxpers.exe                  2296 Console                    1      6,564 K Running         Arcee-Laptop\Arcee                                      0:00:00 PersistWndName                                                          
itype.exe                     2312 Console                    1     12,900 K Running         Arcee-Laptop\Arcee                                      0:00:00 N/A                                                                     
ipoint.exe                    2432 Console                    1     14,560 K Running         Arcee-Laptop\Arcee                                      0:00:00 N/A                                                                     
RAVCpl64.exe                  2456 Console                    1     10,032 K Running         Arcee-Laptop\Arcee                                      0:00:00 Realtek HD Audio CPL for Vista                                          
SpotifyWebHelper.exe          2496 Console                    1      6,148 K Running         Arcee-Laptop\Arcee                                      0:00:00 N/A                                                                     
SUPERAntiSpyware.exe          2516 Console                    1        992 K Running         Arcee-Laptop\Arcee                                      0:00:02 N/A                                                                     
avgnt.exe                     1628 Console                    1      8,148 K Running         Arcee-Laptop\Arcee                                      0:00:10 N/A                                                                     
jusched.exe                   1588 Console                    1      4,372 K Not Responding  Arcee-Laptop\Arcee                                      0:00:00 OleMainThreadWndName                                                    
GoogleCrashHandler.exe        2448 Services                   0        528 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
GoogleCrashHandler64.exe      2540 Services                   0        528 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
avshadow.exe                  2364 Services                   0      3,860 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
SearchIndexer.exe             2796 Services                   0     12,836 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
FlashPlayerUpdateService.     2816 Services                   0      4,108 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
SynTPHelper.exe               3456 Console                    1      3,292 K Running         Arcee-Laptop\Arcee                                      0:00:00 N/A                                                                     
WUDFHost.exe                  3464 Services                   0      5,920 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
wmpnetwk.exe                  3540 Services                   0     27,408 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:00 N/A                                                                     
svchost.exe                   4024 Services                   0      9,148 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
WmiPrvSE.exe                  3748 Services                   0      6,288 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
chrome.exe                    3508 Console                    1    112,716 K Running         Arcee-Laptop\Arcee                                      0:00:12 Random hourly Tab-out - Malware Removal Help - Malwarebytes Forum - Goog
chrome.exe                    3720 Console                    1     52,320 K Not Responding  Arcee-Laptop\Arcee                                      0:00:04 AngleHiddenWindow                                                       
chrome.exe                    3596 Console                    1     77,416 K Not Responding  Arcee-Laptop\Arcee                                      0:00:03 N/A                                                                     
schtasks.exe                  3944 Services                   0      4,156 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
conhost.exe                    928 Services                   0      2,920 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:00 N/A                                                                     
chrome.exe                    1656 Console                    1     73,448 K Not Responding  Arcee-Laptop\Arcee                                      0:00:18 N/A                                                                     
svchost.exe                   3328 Services                   0     19,332 K Unknown         NT AUTHORITY\SYSTEM                                     0:00:04 N/A                                                                     
audiodg.exe                   1716 Services                   0     17,480 K Unknown         NT AUTHORITY\LOCAL SERVICE                              0:00:00 N/A                                                                     
cmd.exe                       1044 Console                    1      2,948 K Running         Arcee-Laptop\Arcee                                      0:00:00 Administrator: Command Prompt - tasklist  /v                            
conhost.exe                    976 Console                    1      5,812 K Running         Arcee-Laptop\Arcee                                      0:00:00 CicMarshalWnd                                                           
WmiPrvSE.exe                   412 Services                   0      6,824 K Unknown         NT AUTHORITY\NETWORK SERVICE                            0:00:00 N/A                                                                     
tasklist.exe                  2032 Console                    1      6,000 K Unknown         Arcee-Laptop\Arcee                                      0:00:00 N/A                                                                     
Link to post
Share on other sites

  • Root Admin

Can you please attach the file.

Okay do the same thing in the DOS command prompt (make sure it's with elevated admin rights as before)

Then type the following and press the enter key and reboot the computer and recheck.

SC DELETE FlashPlayerUpdateService

Let me know

Link to post
Share on other sites

  • Root Admin

Okay let's run another tool to help us with this.

Please visit this webpage for instructions on downloading and running ComboFix: How to use ComboFix

Please make sure you disable your security applications before running ComboFix.

Once Combofix has completed it will produce and open a log file. Please attach that log file to your next reply.

If needed the file can be located here: C:\combofix.txt

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Link to post
Share on other sites

  • Root Admin

Save the attached file CFScript.txt to your desktop next to Combofix

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • When the scan completes Notepad will open with with your results log open. Do a File, Exit.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

CFScript.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.