Jump to content

Need help with persistant infection - PUM.UserWLoad & Trojan.Ransom


Recommended Posts

A couple days ago the FBI Moneypak screen popped up. Able to start the computer. Currently using it only in Safe mode with Networking. Was told to use MBAM and 2 infections are repeatedly detected:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
penn :: VAIO [administrator]

11/7/2013 11:36:51 AM
MBAM-log-2013-11-07 (11-51-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237219
Time elapsed: 13 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\penn\LOCALS~1\Temp\mscyyxou.com -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\penn\LOCALS~1\Temp\mscyyxou.com -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Any help would be appreciated. No one has been able to help me remove these 2 infections.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.45.2
Run by penn at 11:55:18 on 2013-11-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3758.2277 [GMT -8:00]
.
AV: Bitdefender Antivirus *Disabled/Outdated* {98CD50CE-5097-4098-9669-6C401FB3969C}
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Bitdefender Antispyware *Disabled/Outdated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Rovi\Rovi Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mStart Page = about:blank
uURLSearchHooks: {293e7470-fd3b-4d28-a20f-688ce8292340} - <orphaned>
uURLSearchHooks: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uWindows: Load = C:\Users\penn\LOCALS~1\Temp\mscyyxou.com
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [MegaPanel] C:\Program Files (x86)\ACNielsen\Homescan Internet Transporter\HSTrans.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFU3SEctWUxVVlUtRVMyRUctUUY3WEMtVkxDOVctUTRMWkc"&"inst=NzctNjA5MzMwMTUxLVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzUtRjlNMTBCKzEtRjlNMisxLUZMMTArMS1YTzEwKzExLUREVCs0MDItREQxMEYrMQ"&"prod=90"&"ver=10.0.1392
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SONYMS~1.LNK - C:\Program Files (x86)\Sony\MSS\3.0.271\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download All using 4shared Desktop - C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: cinemanow.com
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
Trusted Zone: sonic.com






TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{0145D661-07C6-48AF-833C-EF62E7156E9A} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 192.168.1.1
TCP: Interfaces\{B0EE257D-AFEF-4956-8BBC-3A2C71C409B8} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{FB53407B-9E9D-49DF-B851-B8A14CF67273} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{FB53407B-9E9D-49DF-B851-B8A14CF67273}\C696E6B6379737 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [bDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"


x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\penn\AppData\Roaming\Mozilla\Firefox\Profiles\p8eag0n9.default\


FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\penn\AppData\Roaming\CATALI~2\npBcsKtTcHW.dll
FF - plugin: C:\Users\penn\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll
FF - plugin: C:\Users\penn\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npPrintUtil.dll
FF - plugin: C:\Users\penn\AppData\Roaming\Mozilla\Firefox\Profiles\p8eag0n9.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\plugins\np-mswmp.dll
FF - plugin: C:\Users\penn\AppData\Roaming\Mozilla\Firefox\Profiles\p8eag0n9.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-11-01 12:04; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2012-3-20 705552]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-14 55280]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2012-7-6 93160]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2010-1-19 103944]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-31 13336]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-7-2 61440]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-3-31 93184]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-3-31 77312]
R2 RNow Service;RNow Service;C:\Program Files (x86)\Rovi\Rovi Player\RNowSvc.exe [2012-9-7 175928]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-8-6 156672]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-2 2337144]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-5-13 104960]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-31 2320920]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-5-28 67904]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-5-13 19968]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2012-12-12 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2012-12-12 587024]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-31 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-16 158976]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-3-31 12032]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-11-19 1369136]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-31 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe --> C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [?]
S3 bdsandbox;bdsandbox;C:\Windows\System32\drivers\bdsandbox.sys [2011-11-17 79952]
S3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-3-30 237328]
S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-9-22 43028328]
S3 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-3-21 75384]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-25 59392]
S3 TVICHW64;TVICHW64;C:\Windows\System32\drivers\TVicHW64.sys [2011-2-7 21200]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-14 574320]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-5 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2013-11-07 06:31:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-07 06:31:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-06 00:31:06 -------- d-----w- C:\TDSSKiller_Quarantine
2013-11-05 06:05:41 -------- d-----w- C:\ProgramData\HitmanPro
2013-11-04 00:40:53 -------- d-----w- C:\Users\penn\AppData\Roaming\Malwarebytes
2013-11-04 00:40:41 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-01 19:06:55 -------- d-----w- C:\Users\penn\AppData\Roaming\RealNetworks
2013-11-01 19:04:28 -------- d-----w- C:\ProgramData\RealNetworks
2013-11-01 19:04:28 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-11-01 19:04:00 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-10-27 18:38:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-27 18:38:18 -------- d-----w- C:\Program Files\iTunes
2013-10-27 18:38:18 -------- d-----w- C:\Program Files\iPod
2013-10-27 18:38:18 -------- d-----w- C:\Program Files (x86)\iTunes
2013-10-20 05:57:14 -------- d-----w- C:\ProgramData\Oracle
2013-10-20 05:56:28 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-11-01 19:03:17 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-10-09 20:29:30 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 20:29:30 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 11:56:34.78 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2010 9:34:06 PM
System Uptime: 11/7/2013 11:30:41 AM (0 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core i3 CPU       M 350  @ 2.27GHz | N/A | 1586/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 318.197 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP584: 10/21/2013 2:16:15 PM - Windows Update
RP585: 10/21/2013 10:19:20 PM - Windows Update
RP586: 10/27/2013 11:22:22 AM - Installed VAIO Update
RP587: 10/27/2013 11:51:00 AM - Windows Update
RP588: 10/29/2013 10:57:42 PM - Windows Update
RP589: 10/30/2013 3:31:17 PM - Windows Update
RP590: 10/31/2013 3:20:30 PM - Windows Update
RP591: 11/1/2013 3:15:48 PM - Windows Update
RP592: 11/2/2013 11:42:26 AM - Windows Update
RP593: 11/2/2013 3:08:09 PM - Windows Update
RP594: 11/5/2013 12:38:26 AM - Windows Update
RP595: 11/5/2013 3:00:30 AM - Windows Update
RP596: 11/5/2013 5:32:50 PM - Windows Update
RP597: 11/5/2013 7:46:11 PM - Windows Update
.
==== Installed Programs ======================
.
4shared Desktop
AccuWeather.com Cirrus
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Amazon Kindle
Amazon MP3 Downloader 1.0.17
Any Video Converter 3.3.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Manager for VAIO
AVG 2011
Bing Maps 3D
Bitdefender Total Security 2012
Bonjour
Canon MP Navigator EX 1.2
Catalina Savings Printer
Click to Disc MergeModules x64
Coupon Printer for Windows
CouponPrinterPlugin
CyberLink YouPaint
D3DX10
Evernote v. 4.1
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Homescan Internet Transporter
iCloud
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
iTunes
Java 7 Update 45
Java Auto Updater
Java 6 Update 18 (64-bit)
Java 6 Update 31
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Media Gallery
Media Gallery MergeModules x64
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server VSS Writer
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
Oasis2Service
Octoshape add-in for Adobe Flash Player
Opera 12.16
Palringo
PlayReady PC Runtime amd64
PMB
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
PVSonyDll
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Rovi Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Service Pack 3 for SQL Server 2008 (KB2546951)
Setting Utility Series
Setup_VEP_x64
Sony Home Network Library
Sql Server Customer Experience Improvement Program
TeamViewer 6
Typing Quick & Easy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Messenger
VAIO Movie Story MergeModules x64
VAIO Movie Story Template Data
VAIO Power Management
VAIO Sample Contents
VAIO Transfer Support
VAIO Update
VAIO Wallpaper Contents
VAIO Window Organizer
VGClientX64
VGClientX86
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VMp MergeModule x64
VU5x64
VU5x86
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/7/2013 11:32:25 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/7/2013 11:31:17 AM, Error: Service Control Manager [7000]  - The RoxioNow Service service failed to start due to the following error:  The system cannot find the file specified.
11/7/2013 11:30:22 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
11/7/2013 11:12:13 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
11/7/2013 11:10:38 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/7/2013 11:10:38 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/7/2013 11:10:32 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/7/2013 11:10:24 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/7/2013 11:10:13 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  avc3 bdfsfltr BDVEDISK discache spldr Wanarpv6
11/7/2013 11:10:12 AM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
11/5/2013 7:47:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.
11/5/2013 7:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
11/5/2013 4:03:26 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
11/5/2013 12:34:05 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/5/2013 12:34:05 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
11/3/2013 9:26:52 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
11/1/2013 3:08:30 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hey MrC!

 

Thanks for helping me out.

 

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : penn [Admin rights]
Mode : Scan -- Date : 11/07/2013 12:54:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\penn\LOCALS~1\Temp\mscyyxou.com [x]) -> FOUND
[sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\penn\LOCALS~1\Temp\mscyyxou.com [x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKS-55V0A0 +++++
--- User ---
[MBR] fe6b7ea41f2b1bf6643b7c9cd8c05670
[bSP] 14e0b733ba8c2beda9d827c5d64ee8e1 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10051 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20586496 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20791296 | Size: 466787 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11072013_125401.txt >>

 

 

Link to post
Share on other sites

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\penn\LOCALS~1\Temp\mscyyxou.com [x]) -> FOUND
[sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\penn\LOCALS~1\Temp\mscyyxou.com [x]) -> FOUND


Now click Delete on the right hand column under Options

-------------

Then.........


Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Here is the log from AdwCleaner. Unsure what to uncheck, if any.

 

# AdwCleaner v3.011 - Report created 07/11/2013 at 13:10:31
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : penn - VAIO
# Running from : C:\Users\penn\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
Folder Found : C:\Users\penn\AppData\Local\Google\Chrome\User Data\Default\Extensions\noebaifjopccondbkcieccphcpijhdne
Folder Found : C:\Users\penn\AppData\Roaming\Mozilla\Firefox\Profiles\p8eag0n9.default\Extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\penn\AppData\Local\Conduit
Folder Found C:\Users\penn\AppData\LocalLow\Conduit
Folder Found C:\Users\penn\AppData\LocalLow\PriceGong
Folder Found C:\Users\penn\AppData\Roaming\Mozilla\Firefox\Profiles\p8eag0n9.default\CT2233703
Folder Found C:\Users\penn\AppData\Roaming\Mozilla\Firefox\Profiles\p8eag0n9.default\Smartbar

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk ( DDNi.Caravan,Inbox )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\noebaifjopccondbkcieccphcpijhdne
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKCU\Software\Conduit
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\noebaifjopccondbkcieccphcpijhdne
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16470

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\penn\AppData\Roaming\Mozilla\Firefox\Profiles\p8eag0n9.default\prefs.js ]

Line Found : user_pref("CT2233703.1000082.isDisplayHidden", "true");

Line Found : user_pref("CT2233703.1000234.TWC_TMP_city", "SAN DIEGO");
Line Found : user_pref("CT2233703.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT2233703.1000234.TWC_locId", "USCA0982");
Line Found : user_pref("CT2233703.1000234.TWC_location", "San Diego, CA");
Line Found : user_pref("CT2233703.1000234.TWC_region", "US");
Line Found : user_pref("CT2233703.1000234.TWC_temp_dis", "f");
Line Found : user_pref("CT2233703.1000234.TWC_wind_dis", "mph");
Line Found : user_pref("CT2233703.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"63°F\",\"temperatureClear\":\"63°F\",\"highTemperature\":\"63°F\",\"lowTemperature\":\"53°F\",\"feelsLike\":\"63°F\",[...]
Line Found : user_pref("CT2233703.128830708449950102.isToggled_item0_12", "true");
Line Found : user_pref("CT2233703.CBOpenMAMSettings.enc", "MA==");
Line Found : user_pref("CT2233703.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2233703.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2233703.FirstTime", "true");
Line Found : user_pref("CT2233703.FirstTimeFF3", "true");
Line Found : user_pref("CT2233703.LoginRevertSettingsEnabled", true);
Line Found : user_pref("CT2233703.RevertSettingsEnabled", true);

Line Found : user_pref("CT2233703.UserID", "UN13436905883083528");
Line Found : user_pref("CT2233703.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT2233703.autoDisableScopes", -1);
Line Found : user_pref("CT2233703.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT2233703.cbcountry_001.enc", "VVM=");
Line Found : user_pref("CT2233703.cbfirsttime.enc", "U3VuIERlYyAyMyAyMDEyIDE1OjIxOjIxIEdNVC0wODAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
Line Found : user_pref("CT2233703.defaultSearch", "true");
Line Found : user_pref("CT2233703.enableAlerts", "always");
Line Found : user_pref("CT2233703.enableFix404ByUser", "TRUE");
Line Found : user_pref("CT2233703.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT2233703.firstTimeDialogOpened", "true");
Line Found : user_pref("CT2233703.fixPageNotFoundError", "true");
Line Found : user_pref("CT2233703.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT2233703.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT2233703.fixUrls", true);
Line Found : user_pref("CT2233703.installId", "4sharedtlbr.exe");
Line Found : user_pref("CT2233703.installType", "conduitnsisintegration");
Line Found : user_pref("CT2233703.isCheckedStartAsHidden", true);
Line Found : user_pref("CT2233703.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2233703.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT2233703.isNewTabEnabled", false);
Line Found : user_pref("CT2233703.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT2233703.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2233703.keyword", true);
Line Found : user_pref("CT2233703.lastVersion", "10.14.370.524");
Line Found : user_pref("CT2233703.migrateAppsAndComponents", true);
Line Found : user_pref("CT2233703.missingMachineIdSent", "true");
Line Found : user_pref("CT2233703.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D5MQzc6SQk_E\",\"EB_MAIN_FRAME_TITLE\":\"%E2%96%B6%20Boy%20Danc[...]
Line Found : user_pref("CT2233703.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT2233703.openThankYouPage", "false");
Line Found : user_pref("CT2233703.openUninstallPage", "true");
Line Found : user_pref("CT2233703.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"12\\\\/24\\\\/2012 02\\\"}\"}");
Line Found : user_pref("CT2233703.revertSettingsEnabled", "false");
Line Found : user_pref("CT2233703.search.searchAppId", "128830708451356359");
Line Found : user_pref("CT2233703.search.searchCount", "0");
Line Found : user_pref("CT2233703.searchInNewTabEnabled", "false");
Line Found : user_pref("CT2233703.searchInNewTabEnabledByUser", "false");
Line Found : user_pref("CT2233703.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT2233703.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2233703.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2233703.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT2233703.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT2233703.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2233703\"}");

Line Found : user_pref("CT2233703.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"4shared.com\"}");
Line Found : user_pref("CT2233703.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2233703.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356304860845");
Line Found : user_pref("CT2233703.serviceLayer_services_appsMetadata_lastUpdate", "1356305185117");
Line Found : user_pref("CT2233703.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356304862116");
Line Found : user_pref("CT2233703.serviceLayer_services_location_lastUpdate", "1383333022997");
Line Found : user_pref("CT2233703.serviceLayer_services_login_10.13.40.15_lastUpdate", "1362551347286");
Line Found : user_pref("CT2233703.serviceLayer_services_login_10.14.370.524_lastUpdate", "1383333024147");
Line Found : user_pref("CT2233703.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363198920321");
Line Found : user_pref("CT2233703.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356304862003");
Line Found : user_pref("CT2233703.serviceLayer_services_searchAPI_lastUpdate", "1356304855630");
Line Found : user_pref("CT2233703.serviceLayer_services_serviceMap_lastUpdate", "1383333022693");
Line Found : user_pref("CT2233703.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356304861924");
Line Found : user_pref("CT2233703.serviceLayer_services_toolbarSettings_lastUpdate", "1383340224918");
Line Found : user_pref("CT2233703.serviceLayer_services_translation_lastUpdate", "1383333022983");
Line Found : user_pref("CT2233703.serviceLayer_services_userApps_lastUpdate", "1356304878047");
Line Found : user_pref("CT2233703.settingsINI", true);
Line Found : user_pref("CT2233703.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT2233703.smartbar.CTID", "CT2233703");
Line Found : user_pref("CT2233703.smartbar.Uninstall", "0");
Line Found : user_pref("CT2233703.smartbar.homepage", true);
Line Found : user_pref("CT2233703.smartbar.isHidden", true);
Line Found : user_pref("CT2233703.smartbar.toolbarName", "4shared.com ");
Line Found : user_pref("CT2233703.startPage", "userChanged");
Line Found : user_pref("CT2233703.toolbarBornServerTime", "24-12-2012");
Line Found : user_pref("CT2233703.toolbarCurrentServerTime", "1-11-2013");
Line Found : user_pref("CT2233703.toolbarLoginClientTime", "Thu Mar 14 2013 10:28:33 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT2233703_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383332901532,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT2233703");
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");



Line Found : user_pref("smartbar.machineId", "JRNXNUTUBGFSD4YR1SKZUNJN3VYQILF8OPXMNFNMRHH4OPHTLMQZ/ESU2SSCIAETNAYDK4UORC0YZMYUGSTVMG");

Line Found : user_pref("smartbar.originalSearchAddressUrl", "");
Line Found : user_pref("smartbar.originalSearchEngine", false);

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\penn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : homepage
Found : homepage

*************************

AdwCleaner[R0].txt - [13982 octets] - [07/11/2013 13:10:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14043 octets] ##########

Link to post
Share on other sites

Here are the 2 logs from AdwCleaner & Malwarebytes. Things are looking better now.

 

# AdwCleaner v3.011 - Report created 07/11/2013 at 13:18:50
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : penn - VAIO
# Running from : C:\Users\penn\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\penn\AppData\Local\Conduit
Folder Deleted : C:\Users\penn\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\penn\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\penn\AppData\Roaming\Mozilla\Firefox\Profiles\p8eag0n9.default\Smartbar
Folder Deleted : C:\Users\penn\AppData\Roaming\Mozilla\Firefox\Profiles\p8eag0n9.default\CT2233703
Folder Deleted : C:\Users\penn\AppData\Roaming\Mozilla\Firefox\Profiles\p8eag0n9.default\Extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}
Folder Deleted : C:\Users\penn\AppData\Local\Google\Chrome\User Data\Default\Extensions\noebaifjopccondbkcieccphcpijhdne
File Deleted : C:\END

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\noebaifjopccondbkcieccphcpijhdne
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\noebaifjopccondbkcieccphcpijhdne
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16470

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\penn\AppData\Roaming\Mozilla\Firefox\Profiles\p8eag0n9.default\prefs.js ]

Line Deleted : user_pref("CT2233703.1000082.isDisplayHidden", "true");

Line Deleted : user_pref("CT2233703.1000234.TWC_TMP_city", "SAN DIEGO");
Line Deleted : user_pref("CT2233703.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT2233703.1000234.TWC_locId", "USCA0982");
Line Deleted : user_pref("CT2233703.1000234.TWC_location", "San Diego, CA");
Line Deleted : user_pref("CT2233703.1000234.TWC_region", "US");
Line Deleted : user_pref("CT2233703.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT2233703.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT2233703.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"63°F\",\"temperatureClear\":\"63°F\",\"highTemperature\":\"63°F\",\"lowTemperature\":\"53°F\",\"feelsLike\":\"63°F\",[...]
Line Deleted : user_pref("CT2233703.128830708449950102.isToggled_item0_12", "true");
Line Deleted : user_pref("CT2233703.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT2233703.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2233703.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2233703.FirstTime", "true");
Line Deleted : user_pref("CT2233703.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2233703.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT2233703.RevertSettingsEnabled", true);

Line Deleted : user_pref("CT2233703.UserID", "UN13436905883083528");
Line Deleted : user_pref("CT2233703.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2233703.autoDisableScopes", -1);
Line Deleted : user_pref("CT2233703.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT2233703.cbcountry_001.enc", "VVM=");
Line Deleted : user_pref("CT2233703.cbfirsttime.enc", "U3VuIERlYyAyMyAyMDEyIDE1OjIxOjIxIEdNVC0wODAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT2233703.defaultSearch", "true");
Line Deleted : user_pref("CT2233703.enableAlerts", "always");
Line Deleted : user_pref("CT2233703.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT2233703.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2233703.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2233703.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2233703.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT2233703.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2233703.fixUrls", true);
Line Deleted : user_pref("CT2233703.installId", "4sharedtlbr.exe");
Line Deleted : user_pref("CT2233703.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT2233703.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2233703.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2233703.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2233703.isNewTabEnabled", false);
Line Deleted : user_pref("CT2233703.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2233703.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2233703.keyword", true);
Line Deleted : user_pref("CT2233703.lastVersion", "10.14.370.524");
Line Deleted : user_pref("CT2233703.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2233703.missingMachineIdSent", "true");
Line Deleted : user_pref("CT2233703.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D5MQzc6SQk_E\",\"EB_MAIN_FRAME_TITLE\":\"%E2%96%B6%20Boy%20Danc[...]
Line Deleted : user_pref("CT2233703.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2233703.openThankYouPage", "false");
Line Deleted : user_pref("CT2233703.openUninstallPage", "true");
Line Deleted : user_pref("CT2233703.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"12\\\\/24\\\\/2012 02\\\"}\"}");
Line Deleted : user_pref("CT2233703.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT2233703.search.searchAppId", "128830708451356359");
Line Deleted : user_pref("CT2233703.search.searchCount", "0");
Line Deleted : user_pref("CT2233703.searchInNewTabEnabled", "false");
Line Deleted : user_pref("CT2233703.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT2233703.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2233703.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2233703.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2233703.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2233703.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2233703.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2233703\"}");

Line Deleted : user_pref("CT2233703.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"4shared.com\"}");
Line Deleted : user_pref("CT2233703.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2233703.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356304860845");
Line Deleted : user_pref("CT2233703.serviceLayer_services_appsMetadata_lastUpdate", "1356305185117");
Line Deleted : user_pref("CT2233703.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356304862116");
Line Deleted : user_pref("CT2233703.serviceLayer_services_location_lastUpdate", "1383333022997");
Line Deleted : user_pref("CT2233703.serviceLayer_services_login_10.13.40.15_lastUpdate", "1362551347286");
Line Deleted : user_pref("CT2233703.serviceLayer_services_login_10.14.370.524_lastUpdate", "1383333024147");
Line Deleted : user_pref("CT2233703.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363198920321");
Line Deleted : user_pref("CT2233703.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356304862003");
Line Deleted : user_pref("CT2233703.serviceLayer_services_searchAPI_lastUpdate", "1356304855630");
Line Deleted : user_pref("CT2233703.serviceLayer_services_serviceMap_lastUpdate", "1383333022693");
Line Deleted : user_pref("CT2233703.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356304861924");
Line Deleted : user_pref("CT2233703.serviceLayer_services_toolbarSettings_lastUpdate", "1383340224918");
Line Deleted : user_pref("CT2233703.serviceLayer_services_translation_lastUpdate", "1383333022983");
Line Deleted : user_pref("CT2233703.serviceLayer_services_userApps_lastUpdate", "1356304878047");
Line Deleted : user_pref("CT2233703.settingsINI", true);
Line Deleted : user_pref("CT2233703.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2233703.smartbar.CTID", "CT2233703");
Line Deleted : user_pref("CT2233703.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2233703.smartbar.homepage", true);
Line Deleted : user_pref("CT2233703.smartbar.isHidden", true);
Line Deleted : user_pref("CT2233703.smartbar.toolbarName", "4shared.com ");
Line Deleted : user_pref("CT2233703.startPage", "userChanged");
Line Deleted : user_pref("CT2233703.toolbarBornServerTime", "24-12-2012");
Line Deleted : user_pref("CT2233703.toolbarCurrentServerTime", "1-11-2013");
Line Deleted : user_pref("CT2233703.toolbarLoginClientTime", "Thu Mar 14 2013 10:28:33 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2233703_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383332901532,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2233703");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");



Line Deleted : user_pref("smartbar.machineId", "JRNXNUTUBGFSD4YR1SKZUNJN3VYQILF8OPXMNFNMRHH4OPHTLMQZ/ESU2SSCIAETNAYDK4UORC0YZMYUGSTVMG");

Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Line Deleted : user_pref("smartbar.originalSearchEngine", false);

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\penn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [14128 octets] - [07/11/2013 13:10:31]
AdwCleaner[s0].txt - [14256 octets] - [07/11/2013 13:18:50]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14317 octets] ##########

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.07.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
penn :: VAIO [administrator]

11/7/2013 1:24:07 PM
mbam-log-2013-11-07 (13-24-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237655
Time elapsed: 14 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Thanks for the help MrC. Sorry for the delay. Just did a full scan and everything looks good. Been trying for days to get some help from my AV tech support and was getting nowhere. You were able to help me out in a matter of hours. I appreciate your help and how quick you were to help me out. Many thanks!!!

Link to post
Share on other sites

Good........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.76 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Bitdefender Antivirus  
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 JavaFX 2.1.1   
 Java 6 Update 31 
 Java 7 Update 45 
 Adobe Flash Player 11.9.900.117 
 Adobe Reader XI 
 Mozilla Firefox 24.0 Firefox out of Date! 
 Google Chrome 30.0.1599.101 
 Google Chrome 30.0.1599.69 
````````Process Check: objlist.exe by Laurent```````` 
 Bitdefender Bitdefender 2012 vsserv.exe 
 Bitdefender Bitdefender 2012 bdagent.exe 
 Bitdefender Bitdefender 2012 updatesrv.exe 
 Bitdefender Bitdefender 2012 downloader.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JavaFX 2.1.1 <----------uninstall from your add/remove programs
Java™ 6 Update 31 <-----uninstall from your add/remove programs
Java 7 Update 45 <-----OK


------------------------------------

Mozilla Firefox 24.0 Firefox out of Date! <----please check for an update if available. (25)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.