Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects, hijacks, and popups


  • This topic is locked This topic is locked
10 replies to this topic

#1 art_vandelay

art_vandelay

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 21 July 2012 - 07:10 AM

Greetings. Our home pc has incessant popups, redirects, and search engine hijacks. The incessant popups are always bottom-right corner, and sometimes have "AdChoices" listed in small print. The redirects and search hijacks are intermittant. I've gone thru all the previous steps in the preparation guide.

I've attached attach.txt and ark.txt.

Thank you for your help!



Here is the DDS.txt report:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Lindholm at 4:25:49 on 2012-07-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2283 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\The Weather Channel FW\Screensaver\TWCScreensaverUpdater.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\PROGRA~2\iWon_5k\bar\1.bin\5kbarsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\vVX3000.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\sj666\hpupdate.exe
C:\Program Files (x86)\X3watch\x3watch.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\iWon_5k\bar\1.bin\5kbrmon.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {ece1a2a4-3672-46f1-82a7-d1137212d9dd} - C:\Program Files (x86)\iWon_5k\bar\1.bin\5kSrcAs.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll
TB: Fast Browser Search: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
TB: Retrogamer: {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: iWon: {94b03f0f-4130-49fc-98ac-a8a1b3a69c59} - C:\Program Files (x86)\iWon_5k\bar\1.bin\5kbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [HP Update 5370C] C:\sj666\hpupdate.exe 5370C+
mRun: [hpppta] "C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe" /ICON
mRun: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [iWon_5k Browser Plugin Loader] C:\PROGRA~2\iWon_5k\bar\1.bin\5kbrmon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Lindholm\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLRE~1.LNK - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://71.227.145.16/UltraMJCamX.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://www.silvermt.com/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.avataritag.com/app/plugin/DFusionHomeWebPlugIn.Installer.exe
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{697916C8-4473-4829-8A3C-53B2CB09E0CD} : DhcpNameServer = 192.168.20.7 192.168.20.10
TCP: Interfaces\{EFA115CF-8A60-44F7-92CD-B3CF9D03067B} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Fast Browser Search Toolbar Helper: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll
BHO-X64: XBTBPos00 - No File
TB-X64: Fast Browser Search: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll
TB-X64: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB-X64: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
TB-X64: Retrogamer: {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\4wbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: iWon: {94b03f0f-4130-49fc-98ac-a8a1b3a69c59} - C:\Program Files (x86)\iWon_5k\bar\1.bin\5kbar.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [HP Update 5370C] C:\sj666\hpupdate.exe 5370C+
mRun-x64: [hpppta] "C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe" /ICON
mRun-x64: [x3watch] "C:\Program Files (x86)\X3watch\x3watch.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [iWon_5k Browser Plugin Loader] C:\PROGRA~2\iWon_5k\bar\1.bin\5kbrmon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
Hosts: 176.9.75.3 www.google-analytics.com.
Hosts: 176.9.75.3 ad-emea.doubleclick.net.
Hosts: 176.9.75.3 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [?]
R1 bckd;bckd;C:\Windows\system32\drivers\bckd.sys --> C:\Windows\system32\drivers\bckd.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-6-5 1160824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120609.001\IDSviA64.sys [2012-6-11 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\drivers\NISx64\1301000.01C\SYMTDIV.SYS --> C:\Windows\system32\drivers\NISx64\1301000.01C\SYMTDIV.SYS [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-5-22 88576]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2011-6-10 2044688]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 iWon_5kService;iWonService;C:\PROGRA~2\iWon_5k\bar\1.bin\5kbarsvc.exe [2012-4-28 42528]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2012-5-12 138760]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe [2012-4-28 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2012-4-28 126392]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-12 138912]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9fea6c2fe4600;Google Update Service (gupdate1c9fea6c2fe4600);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-6 133104]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-6 133104]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-21 11:22:09 -------- d-----w- C:\Users\Lindholm\DoctorWeb
2012-07-21 11:12:01 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-07-21 10:38:26 -------- d-----w- C:\Autoruns
2012-07-21 06:01:43 -------- d-----w- C:\Users\Lindholm\AppData\Roaming\SUPERAntiSpyware.com
2012-07-21 06:00:38 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-21 06:00:38 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-20 15:53:16 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4470FF8-1628-452D-A620-43DE94F14BB7}\mpengine.dll
2012-07-19 07:39:15 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A83EB3F-9208-4546-8F16-E8B6C88BF7D1}\gapaengine.dll
2012-07-19 07:38:19 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-01 17:40:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-01 17:40:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-01 17:40:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-01 17:40:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-01 17:40:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-01 17:40:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-01 17:40:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-07-21 05:43:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-21 05:43:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-12 17:19:21 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-25 19:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-04-25 19:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-04-23 16:25:30 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-23 16:25:30 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-23 16:25:30 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-23 16:00:53 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
.
============= FINISH: 4:26:28.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:07:37 PM

Posted 21 July 2012 - 09:28 AM

Hi art_vandelay,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Regards,
M-K-D-B

#3 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:07:37 PM

Posted 21 July 2012 - 12:27 PM

Hi art_vandelay,


:welcome: to BleepingComputer.

My name is M-K-D-B and I'll help you with the cleanup of your computer.

Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





Step 1
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton Internet Security or Microsoft Security Essentials.





Step 2
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.





Step 3
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.





What you should post with your next answer:
  • the logfile from aswMBR,
  • the logfile from AdwCleaner,
  • any further information that seems to be important in your eyes.

Regards,
M-K-D-B

#4 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 21 July 2012 - 01:58 PM

Norton has been uninstalled (since it's subscription had expired anyway). Using MS Security Essentials.. aswMBR and AdwCleaner log files below.....

Thank you!


aswMBR log file
-----------------------


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-21 11:38:43
-----------------------------
11:38:43.488 OS Version: Windows x64 6.0.6002 Service Pack 2
11:38:43.488 Number of processors: 2 586 0x170A
11:38:43.489 ComputerName: MARINERS UserName: Lindholm
11:38:45.561 Initialize success
11:40:50.118 AVAST engine defs: 12072100
11:42:30.177 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:42:30.179 Disk 0 Vendor: WDC_WD5000AAKS-75A7B2 01.03B01 Size: 476940MB BusType: 3
11:42:30.182 Disk 0 MBR read successfully
11:42:30.185 Disk 0 MBR scan
11:42:30.191 Disk 0 Windows VISTA default MBR code
11:42:30.194 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
11:42:30.229 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
11:42:30.265 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461524 MB offset 31569920
11:42:30.395 Disk 0 scanning C:\Windows\system32\drivers
11:42:49.458 Service scanning
11:43:25.338 Modules scanning
11:43:25.345 Disk 0 trace - called modules:
11:43:25.403 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
11:43:25.409 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800602e790]
11:43:25.415 3 CLASSPNP.SYS[fffffa6000fd3c33] -> nt!IofCallDriver -> [0xfffffa8004b7f760]
11:43:25.420 5 acpi.sys[fffffa6000901fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040ef720]
11:43:27.680 AVAST engine scan C:\Windows
11:43:39.067 AVAST engine scan C:\Windows\system32
11:50:31.050 AVAST engine scan C:\Windows\system32\drivers
11:50:51.116 AVAST engine scan C:\Users\Lindholm
11:52:16.838 Disk 0 MBR has been saved successfully to "C:\Users\Lindholm\Desktop\MBR.dat"
11:52:16.846 The log file has been saved successfully to "C:\Users\Lindholm\Desktop\aswMBR.txt"




AdwCleaner[R1] log file
----------------------------

# AdwCleaner v1.703 - Logfile created 07/21/2012 at 11:52:58
# Updated 20/07/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Lindholm - MARINERS
# Running from : C:\Users\Lindholm\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : iWon_5kService

***** [Files / Folders] *****

Folder Found : C:\Users\Lindholm\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\Lindholm\AppData\LocalLow\iWon_5k
Folder Found : C:\Users\Lindholm\AppData\LocalLow\MyWebSearch
Folder Found : C:\Users\Lindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar
Folder Found : C:\Program Files (x86)\iWon_5k
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\FCTB000060231
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.DynamicBarButton
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.DynamicBarButton.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.FeedManager
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.Radio
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.Radio.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncher
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncher.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncherSettings
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncherSettings.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.UrlAlertButton
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.UrlAlertButton.1
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.XMLSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\iWon_5k.XMLSessionPlugin.1
Key Found : HKLM\SOFTWARE\iWon_5k
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\MozillaPlugins\@iWon_5k.com/Plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [iWon_5k Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [5kffxtbr@iWon_5k.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]
[x64] Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
[x64] Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
[x64] Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdate
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.DynamicBarButton
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.DynamicBarButton.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.FeedManager
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.FeedManager.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.HTMLMenu
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.HTMLMenu.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.HTMLPanel
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.HTMLPanel.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.MultipleButton
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.MultipleButton.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.PseudoTransparentPlugin
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.PseudoTransparentPlugin.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.Radio
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.Radio.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.RadioSettings
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.RadioSettings.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.ScriptButton
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.ScriptButton.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncher
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncher.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncherSettings
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncherSettings.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.ThirdPartyInstaller
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.ThirdPartyInstaller.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.UrlAlertButton
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.UrlAlertButton.1
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.XMLSessionPlugin
[x64] Key Found : HKLM\SOFTWARE\Classes\iWon_5k.XMLSessionPlugin.1
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00608A29-558D-4A88-A2DD-8CAC91328FDB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0A63654D-AD89-4235-B6FC-7A4F4FDB9E68}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0AC4CC08-F096-48C7-81FB-1B7022CA4897}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0E320947-C780-4397-A9F4-4A35A11897AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{110DFE8B-8C81-416B-8EAE-30697EA816A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EB173CA-12BE-4CD4-B9A8-03D39C15A798}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{74425656-A79C-45F4-8303-7A0AC4CDDCF5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B82380A-0311-4387-9A0B-0DB25F285C08}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8B3180A0-C99B-42FE-A59B-BD2C4690AC6F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9BEC10C3-2118-49C1-B277-65319E0120C7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E93FDBB-999D-42FE-AB2F-22DFD28767F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B0A553FF-8B39-49F2-A359-93D27A2AE73F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD2C2E87-DA80-4936-AD85-66C1431F3367}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DB4A472A-D164-44E8-A086-575B08372C13}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD6CA424-C0C1-4BDE-82E6-2312186525C6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1F44FFA-CC68-478B-931E-547FFBB6447B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : HKLM\SOFTWARE\Classes\Interface\{169349CB-5EDB-48D0-9D62-630CEFDEE9FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1D5C5714-E466-4D35-B7A6-D74D12B06614}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2736053D-1398-4791-B032-8CEF898A6208}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F4A085D-4BF0-4CAE-B668-78F1123BD706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4ECF3505-C397-4E95-BA9C-1B4921BED076}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5B9AFA9A-424A-4B0F-A665-D6DC3D51C837}
Key Found : HKLM\SOFTWARE\Classes\Interface\{62271480-66D1-42D0-A818-BE5E65C56FA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{670593B8-D230-4521-A3EF-59D400A645B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72581E0D-724E-4F3E-850C-97A7AA22695C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{744DDF68-A2C6-47D5-BDAE-146C6EA23B56}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77B7DC62-D647-4A3E-971D-723D9F49625A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{784B84DA-D5B3-46A9-8492-A9B872B37718}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7991D62C-DE2C-4F05-A12D-228BC7F357B3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D0B0305-0302-4B6B-BCE1-C4DCDCBF7239}
Key Found : HKLM\SOFTWARE\Classes\Interface\{826E0DB1-7BBE-48A4-B548-31ABD5A07A78}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8442E942-AB01-47DB-8E3C-38E3E14320E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{891DFD94-5982-46EC-9B4D-1E86B07F33F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8953967E-9D15-4C6C-A1F1-D73EC0E8D0F0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8968BBE7-1429-4015-A8EF-2FD913EA5B27}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8A21CC5C-3AEF-477C-9939-AD565F0EACE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{920354F8-AA6D-4801-B277-D916472E2127}
Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A189396C-EB06-4361-A69D-1D5AC9EA9DBD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA66FB1C-413E-4053-A863-5982A55E2A44}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B140F2D1-BF2D-402A-AA19-0FC57AD53B25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD68C8B7-6214-449A-B2F3-2C99903CEAF6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F35F23E4-B079-42A2-9089-1A1BF5C1C70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0ED13B8D-5280-4751-8F0C-F780636C456E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{26D0E667-9D1F-4F4C-8742-D544DA1DCA41}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3D66476E-A7B0-4F2A-A660-1EB7DE2E0586}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48ACBBA7-2B6E-4346-A552-B6D12539A901}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{59F78F30-06B5-475B-9D1F-7843823D4370}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{73A47EE8-C7C1-4E31-8E1D-ADEFE8E2BEFC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{76BEADC5-CB64-4BF2-AF14-38031886F4FC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AAFD8D03-2188-41E5-98AA-0BF3375465C7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FCD069CE-2A5D-4881-8807-C76648319C4A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{110DFE8B-8C81-416B-8EAE-30697EA816A6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B9AFA9A-424A-4B0F-A665-D6DC3D51C837}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B140F2D1-BF2D-402A-AA19-0FC57AD53B25}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1B9C9B5-82D0-4B8F-9C29-019254E270A1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8DAA6C0-075A-4312-960C-F6827B6BB44B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A63654D-AD89-4235-B6FC-7A4F4FDB9E68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0AC4CC08-F096-48C7-81FB-1B7022CA4897}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E320947-C780-4397-A9F4-4A35A11897AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2EB173CA-12BE-4CD4-B9A8-03D39C15A798}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD6CA424-C0C1-4BDE-82E6-2312186525C6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E320947-C780-4397-A9F4-4A35A11897AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ECE1A2A4-3672-46F1-82A7-D1137212D9DD}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{169349CB-5EDB-48D0-9D62-630CEFDEE9FD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1D5C5714-E466-4D35-B7A6-D74D12B06614}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2736053D-1398-4791-B032-8CEF898A6208}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3F4A085D-4BF0-4CAE-B668-78F1123BD706}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4ECF3505-C397-4E95-BA9C-1B4921BED076}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5B9AFA9A-424A-4B0F-A665-D6DC3D51C837}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{62271480-66D1-42D0-A818-BE5E65C56FA4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{670593B8-D230-4521-A3EF-59D400A645B8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{72581E0D-724E-4F3E-850C-97A7AA22695C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{744DDF68-A2C6-47D5-BDAE-146C6EA23B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{77B7DC62-D647-4A3E-971D-723D9F49625A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{784B84DA-D5B3-46A9-8492-A9B872B37718}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{7991D62C-DE2C-4F05-A12D-228BC7F357B3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{7D0B0305-0302-4B6B-BCE1-C4DCDCBF7239}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{826E0DB1-7BBE-48A4-B548-31ABD5A07A78}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8442E942-AB01-47DB-8E3C-38E3E14320E4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{891DFD94-5982-46EC-9B4D-1E86B07F33F2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8953967E-9D15-4C6C-A1F1-D73EC0E8D0F0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8968BBE7-1429-4015-A8EF-2FD913EA5B27}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8A21CC5C-3AEF-477C-9939-AD565F0EACE9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{920354F8-AA6D-4801-B277-D916472E2127}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A189396C-EB06-4361-A69D-1D5AC9EA9DBD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AA66FB1C-413E-4053-A863-5982A55E2A44}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B140F2D1-BF2D-402A-AA19-0FC57AD53B25}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BD68C8B7-6214-449A-B2F3-2C99903CEAF6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F35F23E4-B079-42A2-9089-1A1BF5C1C70B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0ED13B8D-5280-4751-8F0C-F780636C456E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{26D0E667-9D1F-4F4C-8742-D544DA1DCA41}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3D66476E-A7B0-4F2A-A660-1EB7DE2E0586}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48ACBBA7-2B6E-4346-A552-B6D12539A901}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{59F78F30-06B5-475B-9D1F-7843823D4370}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{73A47EE8-C7C1-4E31-8E1D-ADEFE8E2BEFC}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{76BEADC5-CB64-4BF2-AF14-38031886F4FC}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AAFD8D03-2188-41E5-98AA-0BF3375465C7}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FCD069CE-2A5D-4881-8807-C76648319C4A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E320947-C780-4397-A9F4-4A35A11897AE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ECE1A2A4-3672-46F1-82A7-D1137212D9DD}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "path": "C:\\Users\\Lindholm\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll"[...]

*************************

AdwCleaner[R1].txt - [26448 octets] - [21/07/2012 11:52:58]

########## EOF - C:\AdwCleaner[R1].txt - [26577 octets] ##########

#5 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:07:37 PM

Posted 21 July 2012 - 02:30 PM

Hi art_vandelay,



Step 1
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.





Step 2
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.





Step 3
I would like you to answer the following questions as exactly and detailed as you can:
  • How is your compter running at the moment?
  • Are you still being redirected/hijacked? If so, does this happen with every internet browser you use?
  • Do you still see those pop ups?





What you should post with your next answer:
  • the logfile from AdwCleaner,
  • the logfile from ComboFix,
  • an answer to my questions.

Regards,
M-K-D-B

#6 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 21 July 2012 - 09:16 PM

I haven't noticed any redirects or popups so far. Seems to be improved! My ComboFix log file is too big (621 kb) to paste contents in here, and/or to attach it.

AdwCleaner log file
----------------------
# AdwCleaner v1.703 - Logfile created 07/21/2012 at 12:45:49
# Updated 20/07/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Lindholm - MARINERS
# Running from : C:\Users\Lindholm\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : iWon_5kService

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Lindholm\AppData\LocalLow\FunWebProducts
Deleted on reboot : C:\Users\Lindholm\AppData\LocalLow\iWon_5k
Deleted on reboot : C:\Users\Lindholm\AppData\LocalLow\MyWebSearch
Deleted on reboot : C:\Users\Lindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar
Deleted on reboot : C:\Program Files (x86)\iWon_5k
Deleted on reboot : C:\Program Files (x86)\Common Files\Software Update Utility

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\FCTB000060231
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.Radio
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\iWon_5k.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\iWon_5k
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@iWon_5k.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [iWon_5k Browser Plugin Loader]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [5kffxtbr@iWon_5k.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00608A29-558D-4A88-A2DD-8CAC91328FDB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0A63654D-AD89-4235-B6FC-7A4F4FDB9E68}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0AC4CC08-F096-48C7-81FB-1B7022CA4897}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E320947-C780-4397-A9F4-4A35A11897AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{110DFE8B-8C81-416B-8EAE-30697EA816A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EB173CA-12BE-4CD4-B9A8-03D39C15A798}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74425656-A79C-45F4-8303-7A0AC4CDDCF5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B82380A-0311-4387-9A0B-0DB25F285C08}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B3180A0-C99B-42FE-A59B-BD2C4690AC6F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9BEC10C3-2118-49C1-B277-65319E0120C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E93FDBB-999D-42FE-AB2F-22DFD28767F3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0A553FF-8B39-49F2-A359-93D27A2AE73F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD2C2E87-DA80-4936-AD85-66C1431F3367}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB4A472A-D164-44E8-A086-575B08372C13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD6CA424-C0C1-4BDE-82E6-2312186525C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1F44FFA-CC68-478B-931E-547FFBB6447B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{169349CB-5EDB-48D0-9D62-630CEFDEE9FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1D5C5714-E466-4D35-B7A6-D74D12B06614}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2736053D-1398-4791-B032-8CEF898A6208}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F4A085D-4BF0-4CAE-B668-78F1123BD706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4ECF3505-C397-4E95-BA9C-1B4921BED076}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B9AFA9A-424A-4B0F-A665-D6DC3D51C837}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{62271480-66D1-42D0-A818-BE5E65C56FA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{670593B8-D230-4521-A3EF-59D400A645B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72581E0D-724E-4F3E-850C-97A7AA22695C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744DDF68-A2C6-47D5-BDAE-146C6EA23B56}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77B7DC62-D647-4A3E-971D-723D9F49625A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{784B84DA-D5B3-46A9-8492-A9B872B37718}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7991D62C-DE2C-4F05-A12D-228BC7F357B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D0B0305-0302-4B6B-BCE1-C4DCDCBF7239}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{826E0DB1-7BBE-48A4-B548-31ABD5A07A78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8442E942-AB01-47DB-8E3C-38E3E14320E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{891DFD94-5982-46EC-9B4D-1E86B07F33F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8953967E-9D15-4C6C-A1F1-D73EC0E8D0F0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8968BBE7-1429-4015-A8EF-2FD913EA5B27}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8A21CC5C-3AEF-477C-9939-AD565F0EACE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{920354F8-AA6D-4801-B277-D916472E2127}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A189396C-EB06-4361-A69D-1D5AC9EA9DBD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA66FB1C-413E-4053-A863-5982A55E2A44}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B140F2D1-BF2D-402A-AA19-0FC57AD53B25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD68C8B7-6214-449A-B2F3-2C99903CEAF6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F35F23E4-B079-42A2-9089-1A1BF5C1C70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0ED13B8D-5280-4751-8F0C-F780636C456E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{26D0E667-9D1F-4F4C-8742-D544DA1DCA41}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3D66476E-A7B0-4F2A-A660-1EB7DE2E0586}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48ACBBA7-2B6E-4346-A552-B6D12539A901}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{59F78F30-06B5-475B-9D1F-7843823D4370}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{73A47EE8-C7C1-4E31-8E1D-ADEFE8E2BEFC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76BEADC5-CB64-4BF2-AF14-38031886F4FC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AAFD8D03-2188-41E5-98AA-0BF3375465C7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCD069CE-2A5D-4881-8807-C76648319C4A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{110DFE8B-8C81-416B-8EAE-30697EA816A6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B9AFA9A-424A-4B0F-A665-D6DC3D51C837}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B140F2D1-BF2D-402A-AA19-0FC57AD53B25}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1B9C9B5-82D0-4B8F-9C29-019254E270A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8DAA6C0-075A-4312-960C-F6827B6BB44B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A63654D-AD89-4235-B6FC-7A4F4FDB9E68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0AC4CC08-F096-48C7-81FB-1B7022CA4897}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E320947-C780-4397-A9F4-4A35A11897AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2EB173CA-12BE-4CD4-B9A8-03D39C15A798}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD6CA424-C0C1-4BDE-82E6-2312186525C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E320947-C780-4397-A9F4-4A35A11897AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{94B03F0F-4130-49FC-98AC-A8A1B3A69C59}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ECE1A2A4-3672-46F1-82A7-D1137212D9DD}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "path": "C:\\Users\\Lindholm\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll"[...]

*************************

AdwCleaner[R1].txt - [26333 octets] - [21/07/2012 11:52:58]
AdwCleaner[S1].txt - [16165 octets] - [21/07/2012 12:45:49]

########## EOF - C:\AdwCleaner[S1].txt - [16294 octets] ##########

#7 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:07:37 PM

Posted 22 July 2012 - 05:37 AM

Hi art_vandelay,


My ComboFix log file is too big (621 kb) to paste contents in here, and/or to attach it.

I would like you to cut out the Snapshot section. After that, you should be able to post the logfile from ComboFix. :)
Regards,
M-K-D-B

#8 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 23 July 2012 - 02:13 AM

OK, here is the log file with the snapshot section removed....

ComboFix 12-07-21.01 - Lindholm 07/21/2012 13:06:18.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2426 [GMT -7:00]
Running from: c:\users\Lindholm\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lindholm\AppData\Local\assembly\tmp
c:\users\Lindholm\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-21 18:40 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{564FFA12-F114-4A5C-8212-48A6B99A843F}\mpengine.dll
2012-07-21 11:22 . 2012-07-21 11:22 -------- d-----w- c:\users\Lindholm\DoctorWeb
2012-07-21 11:12 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-07-21 10:38 . 2012-07-21 10:38 -------- d-----w- C:\Autoruns
2012-07-21 06:01 . 2012-07-21 06:01 -------- d-----w- c:\users\Lindholm\AppData\Roaming\SUPERAntiSpyware.com
2012-07-21 06:00 . 2012-07-21 06:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-21 06:00 . 2012-07-21 06:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-20 15:53 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-19 07:39 . 2012-03-03 04:39 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A83EB3F-9208-4546-8F16-E8B6C88BF7D1}\gapaengine.dll
2012-07-01 17:40 . 2012-07-01 17:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-01 17:40 . 2012-07-01 17:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-01 17:40 . 2012-07-01 17:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-01 17:40 . 2012-07-01 17:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-01 17:40 . 2012-07-01 17:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-01 17:40 . 2012-07-01 17:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-01 17:40 . 2012-07-01 17:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-01 17:40 . 2012-07-01 17:40 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 05:43 . 2012-05-10 04:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 05:43 . 2011-10-04 01:52 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-21 05:29 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 20:46 . 2010-08-05 00:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 04:29 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 04:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 04:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 04:30 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 04:29 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 04:29 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 04:29 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 04:29 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 04:29 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 04:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 04:29 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 04:29 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 04:29 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 22:12 . 2012-06-21 04:29 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-05-01 14:29 . 2012-06-13 21:58 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-29 21:05 . 2012-04-29 21:05 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-29 21:05 . 2012-04-29 21:05 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-29 21:04 . 2012-04-29 21:04 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2012-04-25 19:11 . 2012-04-25 19:11 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-04-25 19:11 . 2012-04-25 19:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-23 16:25 . 2012-06-13 21:58 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:25 . 2012-06-13 21:58 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:25 . 2012-06-13 21:58 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-23 16:00 . 2012-06-13 21:58 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-23 16:00 . 2012-06-13 21:58 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 21:58 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-04 39408]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-06-18 10555904]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-21 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-14 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"HP Update 5370C"="c:\sj666\hpupdate.exe" [2002-02-08 32768]
"hpppta"="c:\program files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe" [2001-12-13 98304]
"x3watch"="c:\program files (x86)\X3watch\x3watch.exe" [2010-09-26 299008]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-06-06 251744]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Lindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-5-22 53248]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-05 88576]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-10 23:24]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-07 02:00]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-07 02:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-05 6963744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-14 1807600]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.drudgereport.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://71.227.145.16/UltraMJCamX.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://www.silvermt.com/activex/AMC.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.avataritag.com/app/plugin/DFusionHomeWebPlugIn.Installer.exe
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\The Weather Channel FW\Screensaver\TWCScreensaverUpdater.exe
c:\program files (x86)\Dell Remote Access\ezi_ra.exe
c:\windows\WLXPGSS.SCR
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-07-21 13:25:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-21 20:25
ComboFix2.txt 2011-10-08 23:38
ComboFix3.txt 2011-10-08 08:27
.
Pre-Run: 342,149,984,256 bytes free
Post-Run: 341,486,120,960 bytes free
.
- - End Of File - - EA5D4901B00DF2388D3A533ECA258E68

#9 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:07:37 PM

Posted 23 July 2012 - 12:10 PM

Hi art_vandelay,



I would like you to answer the following questions as exactly and detailed as you can:
  • How is your compter running at the moment?
  • Did some problems re-appear (redirects, pop-ups, hijacked browser)?
[/quote]
Regards,
M-K-D-B

#10 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:07:37 PM

Posted 26 July 2012 - 01:53 PM

Hi art_vandelay,


do you still need help with you computer?
If you don't respond within the next 48 hours, your topic will be closed.
Regards,
M-K-D-B

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:37 PM

Posted 28 July 2012 - 01:50 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users