Jump to content

I *think* I am infected...

PBT2

By PBT2
in Resolved Malware Removal Logs

 Share

Recommended Posts

PBT2

PBT2

Posted
Posted

Hi!

 

I scanned using AVG and AdAware. Then I went went Malwarebytes and it found a few items which were cleaned up and deleted.

 

Now, I am seeing a lot of activity that is being blocked - "Successfully  blocked access to  a potentially maclicious website xx.xx.xx.xx" Type: Outgoing, Port xxxx Proces: dllhost.exe

 

How can I find out what this is?

 

Thanks.

 

PBT2

attach.txt

dds.txt

Link to post
Share on other sites
PBT2

PBT2

Posted
  • Author
Posted

Attach.txt:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/21/2011 2:03:59 PM
System Uptime: 11/27/2013 12:41:20 PM (3 hours ago)
.
Motherboard: Dell Inc. |  | 018D1Y
Processor: Pentium® Dual-Core  CPU      E5800  @ 3.20GHz | CPU 1 | 1185/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 397.794 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: X5XSEx
Device ID: ROOT\LEGACY_X5XSEX\0000
Manufacturer:
Name: X5XSEx
PNP Device ID: ROOT\LEGACY_X5XSEX\0000
Service: X5XSEx
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Security Toolbar
Best Buy pc app
Bing Bar
Bonjour
CameraHelperMsi
D3DX10
Daily Fitness Center Toolbar
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Product Registration
DirectX 9 Runtime
eBay
erLT
GoToAssist 8.0.0.514
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java 6 Update 22 (64-bit)
Java 6 Update 38
Jewel Quest III (remove only)
Junk Mail filter update
Lexmark X6100 Series
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
PhotoShowExpress
Playfin
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype Click to Call
Skypeô 5.10
Sonic CinePlayer Decoder Pack
UltimateGamesBar
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
XFINITY Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/27/2013 9:46:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.725.0).
11/27/2013 9:46:10 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center      Update Stage: Install      Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094      Signature Type: Network Inspection System      Update Type: Full      User: NT AUTHORITY\NETWORK SERVICE      Current Engine Version:       Previous Engine Version: 0.0.0.0      Error code: 0x8007042c      Error description: The dependency service or group failed to start.
11/27/2013 9:45:51 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:       Previous Engine Version:       Engine Type: Network Inspection System      User: NT AUTHORITY\NETWORK SERVICE      Error Code: 0x8007042c      Error description: The dependency service or group failed to start.
11/27/2013 9:45:51 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version:       Update Source: User      Update Stage: Install      Source Path:       Signature Type: Network Inspection System      Update Type: Full      User: NT AUTHORITY\NETWORK SERVICE      Current Engine Version:       Previous Engine Version:       Error code: 0x8007042c      Error description: The dependency service or group failed to start.
11/27/2013 9:44:46 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.163.725.0      Update Source: Microsoft Update Server      Update Stage: Install      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10100.0      Error code: 0x80070643      Error description: Fatal error during installation.
11/27/2013 9:44:29 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:       Previous Engine Version:       Engine Type: Network Inspection System      User: NT AUTHORITY\SYSTEM      Error Code: 0x8007042c      Error description: The dependency service or group failed to start.
11/27/2013 9:44:29 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version:       Update Source: User      Update Stage: Install      Source Path:       Signature Type: Network Inspection System      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version:       Error code: 0x8007042c      Error description: The dependency service or group failed to start.
11/27/2013 8:58:15 AM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
11/27/2013 8:51:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fc48ba, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112713-41090-01.
11/27/2013 8:30:43 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
11/27/2013 8:27:55 AM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
11/27/2013 12:41:59 PM, Error: Service Control Manager [7000]  - The X5XSEx service failed to start due to the following error:  The system cannot find the path specified.
11/27/2013 12:41:52 PM, Error: Service Control Manager [7000]  - The PlayfinService service failed to start due to the following error:  The system cannot find the file specified.
11/27/2013 12:41:49 PM, Error: Service Control Manager [7000]  - The UltimateGamesBarService service failed to start due to the following error:  The system cannot find the file specified.
11/27/2013 12:41:49 PM, Error: Service Control Manager [7000]  - The Daily Fitness CenterService service failed to start due to the following error:  The system cannot find the file specified.
11/27/2013 12:38:56 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
11/26/2013 8:27:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f728ba, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112613-44039-01.
.
==== End Of File ===========================
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello PBT2 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

AVG Security Toolbar

UltimateGamesBar

XFINITY Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  • Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites
PBT2

PBT2

Posted
  • Author
Posted

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by Lorraine at 15:36:14 on 2013-11-27
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3037.1124 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxbfcoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: <No Name>: {ee9aab28-7d67-44a3-aefc-c66aef34af76} -
uURLSearchHooks: <No Name>: {e372c287-64ea-4bec-a4a6-8771b11d539b} -
uURLSearchHooks: <No Name>: {de6c5f41-7812-41c4-8a87-30f0bfbe0a3e} -
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Assistant BHO: {19b4fdc9-b1b5-4c8e-ab5f-adcf4ebc0b0b} -
BHO: Toolbar BHO: {19c672d9-54c1-4416-aa7a-696185cb77f6} -
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
BHO: Toolbar BHO: {9d4f812f-17c3-4867-a2b5-99bd6b43a5be} -
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Toolbar BHO: {d36bfff8-a3ae-4032-a179-f29083c68ba7} -
BHO: Search Assistant BHO: {d95c8f1d-d90e-4683-87f0-abcb2c53d2ad} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Search Assistant BHO: {f599d514-765f-43c8-9347-cb54ba40073f} -
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: UltimateGamesBar: {15C23C48-F231-4557-8EEE-DA3152E2E7DD} -
TB: Playfin: {D30BC29F-19F6-40B3-A91F-D4707048ADE6} -
TB: Daily Fitness Center: {A6547405-A964-4600-8326-E91C95218964} -
TB: Playfin: {d30bc29f-19f6-40b3-a91f-d4707048ade6} -
TB: UltimateGamesBar: {15c23c48-f231-4557-8eee-da3152e2e7dd} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Daily Fitness Center: {a6547405-a964-4600-8326-e91c95218964} -
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{ABC17F29-23DA-4BEF-8A80-8A6E7C469863} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll



x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-28 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1207010.003\symds64.sys [2012-4-3 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1207010.003\symefa64.sys [2012-4-3 912504]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-8 46368]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-17 1393240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20130802.001\IDSviA64.sys [2013-8-3 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1207010.003\ironx64.sys [2012-4-3 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1207010.003\symnets.sys [2012-4-3 386168]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-28 13336]
R2 lxbf_device;lxbf_device;C:\Windows\System32\lxbfcoms.exe -service --> C:\Windows\System32\lxbfcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-27 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-27 701512]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-28 689472]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [2013-11-26 1734680]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-7-18 138912]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2011-1-29 138752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-27 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-29 236544]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DailyFitnessCenter_53Service;Daily Fitness CenterService;C:\PROGRA~2\DAILYF~2\bar\1.bin\53barsvc.exe --> C:\PROGRA~2\DAILYF~2\bar\1.bin\53barsvc.exe [?]
S2 GameNutt_2sService;UltimateGamesBarService;C:\PROGRA~2\GAMENU~2\bar\1.bin\2sbarsvc.exe --> C:\PROGRA~2\GAMENU~2\bar\1.bin\2sbarsvc.exe [?]
S2 Playfin_1tService;PlayfinService;C:\PROGRA~2\PLAYFI~1\bar\1.bin\1tbarsvc.exe --> C:\PROGRA~2\PLAYFI~1\bar\1.bin\1tbarsvc.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2010-5-14 4865568]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-22 1255736]
.
=============== Created Last 30 ================
.
2013-11-27 19:26:20    --------    d-----w-    C:\Users\Lorraine\AppData\Roaming\Malwarebytes
2013-11-27 17:41:52    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49A08733-BC04-4C7D-A175-537475E87FDE}\offreg.dll
2013-11-27 14:38:44    10285968    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49A08733-BC04-4C7D-A175-537475E87FDE}\mpengine.dll
2013-11-27 14:23:28    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-11-27 14:23:22    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-11-27 14:23:21    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2013-11-27 02:10:44    46368    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-10-09 07:07:21    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 07:07:21    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 15:37:10.35 ===============
 

Link to post
Share on other sites
PBT2

PBT2

Posted
  • Author
Posted

I uninstalled the apps 1 & 3. When I went to uninstall the UltimateGamesBar I get the error:

 

There was a problems starting c:\PROGRA~\GAMENU~2\bar\1.bin\2sBar.dll The specified module could not be found.

 

JRT is now running.

More news shortly (I hope)

 

Thanks.

Link to post
Share on other sites
PBT2

PBT2

Posted
  • Author
Posted

From JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Lorraine on Wed 11/27/2013 at 16:22:29.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{13119113-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imside1egate.application.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{23f4e985-c768-471a-b0a5-6d4e7847b201}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{23f4e985-c768-471a-b0a5-6d4e7847b201}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D36BFFF8-A3AE-4032-A179-F29083C68BA7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D95C8F1D-D90E-4683-87F0-ABCB2C53D2AD}



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Lorraine\AppData\Roaming\w3i, llc"
Successfully deleted: [Folder] "C:\Users\Lorraine\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Lorraine\appdata\locallow\dailyfitnesscenter_53"
Successfully deleted: [Folder] "C:\Users\Lorraine\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\Lorraine\appdata\locallow\minddabble_4p"
Successfully deleted: [Folder] "C:\Users\Lorraine\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Program Files (x86)\dailyfitnesscenter_53"
Successfully deleted: [Folder] "C:\Program Files (x86)\funwebproducts"
Successfully deleted: [Folder] "C:\Program Files (x86)\iwin"
Successfully deleted: [Folder] "C:\Program Files (x86)\minddabble_4p"
Successfully deleted: [Folder] "C:\Program Files (x86)\mywebsearch"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/27/2013 at 16:30:33.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites
PBT2

PBT2

Posted
  • Author
Posted

From AdwCleaner[s0].txt (there was no[s1].txt file...

 

# AdwCleaner v3.013 - Report created 27/11/2013 at 16:40:17
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Lorraine - THEDELL
# Running from : I:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin
Folder Deleted : C:\Users\Ed\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Ed\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Ed\AppData\LocalLow\iac
Folder Deleted : C:\Users\Ed\AppData\LocalLow\MyWebSearch
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Lorraine\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


*************************

AdwCleaner[R0].txt - [4295 octets] - [27/11/2013 16:39:02]
AdwCleaner[s0].txt - [4163 octets] - [27/11/2013 16:40:17]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4223 octets] ##########
 

Link to post
Share on other sites
PBT2

PBT2

Posted
  • Author
Posted

From mbam-log: There was nothing to clean!

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.27.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Lorraine :: THEDELL [administrator]

Protection: Enabled

11/27/2013 2:27:12 PM
mbam-log-2013-11-27 (14-27-12).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 609767
Time elapsed: 58 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

I notice that you are using more than one antivirus program.

  • Norton AntiVirus
  • Microsoft Security Essentials
This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them and reboot your system.

How are things now?

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Not exactly, because they are blocked, before start do anything.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
PBT2

PBT2

Posted
  • Author
Posted

Here is the output from ComboFix:

ComboFix 13-11-27.01 - Lorraine 11/28/2013   9:44.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3037.1150 [GMT -5:00]
Running from: I:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-28 to 2013-11-28  )))))))))))))))))))))))))))))))
.
.
2013-11-28 15:03 . 2013-11-28 15:03    --------    d-----w-    c:\users\Ed\AppData\Local\temp
2013-11-28 15:03 . 2013-11-28 15:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-28 14:31 . 2013-11-28 14:31    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49A08733-BC04-4C7D-A175-537475E87FDE}\offreg.dll
2013-11-28 14:31 . 2013-11-28 14:31    46768    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49A08733-BC04-4C7D-A175-537475E87FDE}\MpKsl651f2b0c.sys
2013-11-27 21:38 . 2013-11-27 21:46    --------    d-----w-    C:\AdwCleaner
2013-11-27 21:22 . 2013-11-27 21:22    --------    d-----w-    c:\windows\ERUNT
2013-11-27 20:57 . 2013-11-27 20:57    --------    d-----w-    c:\program files (x86)\ERUNT
2013-11-27 19:26 . 2013-11-27 19:26    --------    d-----w-    c:\users\Lorraine\AppData\Roaming\Malwarebytes
2013-11-27 14:38 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49A08733-BC04-4C7D-A175-537475E87FDE}\mpengine.dll
2013-11-27 14:28 . 2013-11-27 14:28    --------    d-----w-    c:\users\Ed\AppData\Roaming\Malwarebytes
2013-11-27 14:23 . 2013-11-27 14:23    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-27 14:23 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-27 14:23 . 2013-11-27 14:23    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-27 14:23 . 2013-11-27 14:23    --------    d-----w-    c:\users\Ed\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-28 13:51 . 2011-06-05 22:08    82896128    ----a-w-    c:\windows\system32\MRT.exe
2013-11-19 10:21 . 2012-10-10 02:23    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-16 05:20 . 2013-10-26 00:24    10280728    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-09 07:07 . 2012-04-03 21:15    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 07:07 . 2011-07-27 01:49    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-02-21 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe" [2013-10-09 829832]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DailyFitnessCenter_53Service;Daily Fitness CenterService;c:\progra~2\DAILYF~2\bar\1.bin\53barsvc.exe;c:\progra~2\DAILYF~2\bar\1.bin\53barsvc.exe [x]
R2 GameNutt_2sService;UltimateGamesBarService;c:\progra~2\GAMENU~2\bar\1.bin\2sbarsvc.exe;c:\progra~2\GAMENU~2\bar\1.bin\2sbarsvc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Playfin_1tService;PlayfinService;c:\progra~2\PLAYFI~1\bar\1.bin\1tbarsvc.exe;c:\progra~2\PLAYFI~1\bar\1.bin\1tbarsvc.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 MpKsl651f2b0c;MpKsl651f2b0c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49A08733-BC04-4C7D-A175-537475E87FDE}\MpKsl651f2b0c.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49A08733-BC04-4C7D-A175-537475E87FDE}\MpKsl651f2b0c.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe;c:\windows\SYSNATIVE\lxbfcoms.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL651F2B0C
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:07]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{19b4fdc9-b1b5-4c8e-ab5f-adcf4ebc0b0b} - c:\program files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll
BHO-{19c672d9-54c1-4416-aa7a-696185cb77f6} - c:\progra~2\GAMENU~2\bar\1.bin\2sbar.dll
BHO-{9d4f812f-17c3-4867-a2b5-99bd6b43a5be} - c:\progra~2\PLAYFI~1\bar\1.bin\1tbar.dll
BHO-{f599d514-765f-43c8-9347-cb54ba40073f} - c:\program files (x86)\GameNutt_2s\bar\1.bin\2sSrcAs.dll
Toolbar-Locked - (no file)
Toolbar-{d30bc29f-19f6-40b3-a91f-d4707048ade6} - c:\program files (x86)\Playfin_1t\bar\1.bin\1tbar.dll
Toolbar-{15c23c48-f231-4557-8eee-da3152e2e7dd} - c:\program files (x86)\GameNutt_2s\bar\1.bin\2sbar.dll
Toolbar-{a6547405-a964-4600-8326-e91c95218964} - c:\program files (x86)\DailyFitnessCenter_53\bar\1.bin\53bar.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-Jewel Quest III - c:\program files (x86)\iWin\Jewel Quest III\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D30BC29F-19F6-40B3-A91F-D4707048ADE6}"=hex:51,66,7a,6c,4c,1d,38,12,f1,c1,18,
   d7,c4,57,dd,05,d6,09,97,30,75,16,e9,f2
"{15C23C48-F231-4557-8EEE-DA3152E2E7DD}"=hex:51,66,7a,6c,4c,1d,38,12,26,3f,d1,
   11,03,bc,39,00,f1,f8,99,71,57,bc,a3,c9
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{A6547405-A964-4600-8326-E91C95218964}"=hex:51,66,7a,6c,4c,1d,38,12,6b,77,47,
   a2,56,e7,6e,03,fc,30,aa,5c,90,7f,cd,70
"{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}"=hex:51,66,7a,6c,4c,1d,38,12,86,cf,88,
   4f,39,e9,44,05,d8,f7,98,d6,86,40,a6,7b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{19B4FDC9-B1B5-4C8E-AB5F-ADCF4EBC0B0B}"=hex:51,66,7a,6c,4c,1d,38,12,a7,fe,a7,
   1d,87,ff,e0,09,d4,49,ee,8f,4b,e2,4f,1f
"{19C672D9-54C1-4416-AA7A-696185CB77F6}"=hex:51,66,7a,6c,4c,1d,38,12,b7,71,d5,
   1d,f3,1a,78,01,d5,6c,2a,21,80,95,33,e2
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9D4F812F-17C3-4867-A2B5-99BD6B43A5BE}"=hex:51,66,7a,6c,4c,1d,38,12,41,82,5c,
   99,f1,59,09,0d,dd,a3,da,fd,6e,1d,e1,aa
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{BB46BE07-13EB-4C49-B0F0-FC78B9EA4983}"=hex:51,66,7a,6c,4c,1d,38,12,69,bd,55,
   bf,d9,5d,27,09,cf,e6,bf,38,bc,b4,0d,97
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D36BFFF8-A3AE-4032-A179-F29083C68BA7}"=hex:51,66,7a,6c,4c,1d,38,12,96,fc,78,
   d7,9c,ed,5c,05,de,6f,b1,d0,86,98,cf,b3
"{D95C8F1D-D90E-4683-87F0-ABCB2C53D2AD}"=hex:51,66,7a,6c,4c,1d,38,12,73,8c,4f,
   dd,3c,97,ed,03,f8,e6,e8,8b,29,0d,96,b9
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F599D514-765F-43C8-9347-CB54BA40073F}"=hex:51,66,7a,6c,4c,1d,38,12,7a,d6,8a,
   f1,6d,38,a6,06,ec,51,88,14,bf,1e,43,2b
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:22,af,f2,09,ec,5c,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-28  10:09:09
ComboFix-quarantined-files.txt  2013-11-28 15:09
.
Pre-Run: 428,808,830,976 bytes free
Post-Run: 443,000,008,704 bytes free
.
- - End Of File - - 64CF54DEA53180E386D75D2318FFC3F2
CDB4DE4BBD714F152979DA2DCBEF57EB
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.