Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection on machine? Win64.pachted.A


  • This topic is locked This topic is locked
5 replies to this topic

#1 TheDuke3000

TheDuke3000

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 16 March 2013 - 11:17 AM

Hello,

 

Last night I ran into some trouble with AVG telling me I had an infection that it was unable to remove, I think it was the Win64/patched.A thingy.  It was throwing up some other infections etc. and causing some issues.  However, I like to do battle with these things, somewhat cavalier.  I went round the houses and tried a manual deletion.  I got so far, looking at files like services.exe in the windows32 folder, it wouldn't let me, though I renamed the file s.exe and then had some system failure.  

 

Well I then went down the system restore route, finially getting the thing running again.  Computer said it had had some trouble, restoring, though now when I look at my AVG archive, the s.exe is in the vault.

 

Now I am still a littel suspicious and worried, though computer seems fine, sooo....I ran the combofix thing (disabled AVG) and this is my log...

 

ComboFix 13-03-16.02 - Scotty G 16/03/2013  15:52:30.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8169.6377 [GMT 0:00]
Running from: c:\users\Scotty G\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\RewardsArcade
c:\program files (x86)\RewardsArcade\appAPIinternalWrapper.js
c:\program files (x86)\RewardsArcade\fb.js
c:\program files (x86)\RewardsArcade\jquery.js
c:\program files (x86)\RewardsArcade\json.js
c:\program files (x86)\RewardsArcade\RewardsArcade.dll
c:\program files (x86)\RewardsArcade\RewardsArcade.exe
c:\program files (x86)\RewardsArcade\Uninstall.exe
c:\program files (x86)\RewardsArcade\UserConfirmation.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-16 to 2013-03-16  )))))))))))))))))))))))))))))))
.
.
2013-03-16 15:56 . 2013-03-16 15:56    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-03-16 15:56 . 2013-03-16 15:56    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-16 02:48 . 2013-03-16 02:48    --------    d-s---w-    c:\windows\SysWow64\Microsoft
2013-03-16 02:34 . 2013-03-06 23:32    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-03-16 02:33 . 2013-03-16 02:33    --------    d-----w-    c:\program files\AVAST Software
2013-03-16 02:31 . 2013-03-16 02:50    --------    d-----w-    c:\programdata\AVAST Software
2013-03-16 00:25 . 2013-03-16 00:25    --------    d-----w-    c:\users\Scotty G\AppData\Roaming\SUPERAntiSpyware.com
2013-03-16 00:25 . 2013-03-16 08:52    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-03-16 00:25 . 2013-03-16 00:25    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-03-15 22:55 . 2013-03-15 22:55    --------    d-----w-    c:\users\Scotty G\AppData\Local\Babylon
2013-03-15 22:55 . 2013-03-15 22:55    --------    d-----w-    c:\users\Scotty G\AppData\Roaming\Babylon
2013-03-15 22:55 . 2013-03-15 22:55    --------    d-----w-    c:\programdata\Babylon
2013-03-10 02:20 . 2013-03-10 02:20    --------    d-----w-    c:\programdata\SoftSafe
2013-03-10 02:20 . 2013-03-16 08:50    --------    d-----w-    c:\programdata\InstallMate
2013-03-09 01:08 . 2013-03-16 08:50    --------    d-----w-    c:\program files (x86)\PKR
2013-02-21 22:53 . 2013-03-16 08:50    --------    d-----w-    c:\program files\iPod
2013-02-21 22:53 . 2013-03-16 08:50    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-21 22:53 . 2013-03-16 08:50    --------    d-----w-    c:\program files\iTunes
2013-02-20 02:43 . 2013-03-16 08:50    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-02-20 02:43 . 2013-02-20 02:43    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-02-20 02:43 . 2013-02-20 02:43    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-15 22:31 . 2013-02-15 22:31    186432    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 02:29 . 2011-07-14 00:05    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-06 21:50 . 2012-06-12 23:13    71024    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-06 21:50 . 2012-06-12 23:13    691568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-20 02:43 . 2011-08-24 20:11    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-01-05 05:53 . 2013-02-13 22:05    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 22:05    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 22:05    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 22:04    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 22:04    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 22:04    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 22:05    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 22:04    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 22:04    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 22:04    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 22:04    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 22:04    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 22:04    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-27 12:40 . 2012-12-27 00:55    499712    ----a-w-    c:\windows\SysWow64\msvcp71.dll
2012-12-16 17:11 . 2012-12-22 01:07    46080    ----a-w-    c:\windows\system32\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49    176936    ----a-w-    c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-03-03 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"InstantBurn"="c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2010-02-10 697640]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-01-19 75048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-27 295072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 CLBUDFbk;CyberLink InstantBurn UDF Filesystem; [x]
R3 MADFUAUDIOPHILE;Service for M-Audio Audiophile DFU;c:\windows\system32\DRIVERS\MAudioAudiophile_DFU.sys [2011-09-14 47792]
R3 MAUSBAUDIOPHILE;Service for M-Audio Audiophile;c:\windows\system32\DRIVERS\MAudioAudiophile.sys [2011-09-14 201008]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 R-Studio Agent;R-Studio Agent;_rs_agent.exe -s [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-14 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-10-07 24560]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 283200]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/07/13 17:03];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-01-19 15:10 146928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-08 122856]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-08 369640]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-19 712704]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 10:06    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1807783000-156548303-4137396208-1000Core.job
- c:\users\Scotty G\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 15:28]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1807783000-156548303-4137396208-1000UA.job
- c:\users\Scotty G\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 15:28]
.
2013-01-24 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2011-09-14 924464]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Scotty G\AppData\Roaming\Mozilla\Firefox\Profiles\492gqyza.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{597A9974-8CB0-4f41-B61F-ED065738A397} - c:\program files (x86)\RewardsArcade\RewardsArcade.dll
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-RewardsArcade - c:\program files (x86)\RewardsArcade\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\05\0f\13\03&?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-16  15:57:43
ComboFix-quarantined-files.txt  2013-03-16 15:57
.
Pre-Run: 1,833,148,510,208 bytes free
Post-Run: 1,832,927,944,704 bytes free
.
- - End Of File - - D4040D62E5AC42524B151B1C1800C8C1
 

 

Can anyone tell me if I still have a problem?



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 17 March 2013 - 08:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Lets have a look.
 
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.
 
Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
 
1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
 
Double click on the DDS icon, allow it to run. 
A small box will open, with an explanation about the tool.  No input is needed, the scan is running. 
Notepad will open with the results. 
Follow the instructions that pop up for posting the results.[/list]Please note:  You may have to disable any script protection running if the scan fails to run.
 
dds_scr.gif
 
Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.===
 
Third party programs if not up to date can be the cause of infiltration an infection.
===
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===
 
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
 
Please post the logs and let me know what problem persists.


#3 TheDuke3000

TheDuke3000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 17 March 2013 - 08:38 AM

Thank you for your assitance.  The machine itself seems normal, though I am having trouble with my wireless mouse which could be unrelated.  However, here are my 3 logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.15.2
Run by Scotty G at 13:26:41 on 2013-03-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8169.6354 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\consent.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: RewardsArcade: {597A9974-8CB0-4f41-B61F-ED065738A397} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [InstantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{9A9A4C55-6156-45CD-9DE4-9975FAA77DD6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E8E2927A-B0A0-431F-A076-989A66CD3EA8} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{E8E2927A-B0A0-431F-A076-989A66CD3EA8}\3545554494F4D2445435B445F405F5E4564777F627B6 : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Linksys Wireless Manager] "C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Scotty G\AppData\Roaming\Mozilla\Firefox\Profiles\492gqyza.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Scotty G\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Scotty G\AppData\Roaming\Mozilla\Firefox\Profiles\492gqyza.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2011-7-13 24560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-19 283200]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/07/13 17:03:35];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-1-19 146928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-13 13592]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-7-13 133800]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2010-12-8 122856]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2010-12-8 369640]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-6-19 712704]
S3 MADFUAUDIOPHILE;Service for M-Audio Audiophile DFU;C:\Windows\System32\drivers\MAudioAudiophile_DFU.sys [2011-9-14 47792]
S3 MAUSBAUDIOPHILE;Service for M-Audio Audiophile;C:\Windows\System32\drivers\MAudioAudiophile.sys [2011-9-14 201008]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 R-Studio Agent;R-Studio Agent;_rs_agent.exe -s --> _rs_agent.exe -s [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-14 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
.
=============== Created Last 30 ================
.
2013-03-16 19:45:48    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-03-16 15:51:00    98816    ----a-w-    C:\Windows\sed.exe
2013-03-16 15:51:00    256000    ----a-w-    C:\Windows\PEV.exe
2013-03-16 15:51:00    208896    ----a-w-    C:\Windows\MBR.exe
2013-03-16 02:48:26    --------    d-s---w-    C:\Windows\SysWow64\Microsoft
2013-03-16 02:33:03    --------    d-----w-    C:\Program Files\AVAST Software
2013-03-16 02:31:03    --------    d-----w-    C:\ProgramData\AVAST Software
2013-03-16 00:25:29    --------    d-----w-    C:\Users\Scotty G\AppData\Roaming\SUPERAntiSpyware.com
2013-03-16 00:25:13    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-03-16 00:25:13    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-03-15 22:55:08    --------    d-----w-    C:\Users\Scotty G\AppData\Local\Babylon
2013-03-15 22:55:06    --------    d-----w-    C:\Users\Scotty G\AppData\Roaming\Babylon
2013-03-15 22:55:06    --------    d-----w-    C:\ProgramData\Babylon
2013-03-10 02:20:15    --------    d-----w-    C:\ProgramData\SoftSafe
2013-03-10 02:20:04    --------    d-----w-    C:\ProgramData\InstallMate
2013-03-09 01:08:37    --------    d-----w-    C:\Program Files (x86)\PKR
2013-02-21 22:53:11    --------    d-----w-    C:\Program Files\iPod
2013-02-21 22:53:10    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-21 22:53:10    --------    d-----w-    C:\Program Files\iTunes
2013-02-20 02:43:37    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-02-20 02:43:27    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-15 22:31:23    186432    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-03-06 21:50:12    71024    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-06 21:50:12    691568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-20 02:43:22    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-02 06:57:02    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-02 06:42:18    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-04 02:47:35    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-27 12:40:29    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
.
============= FINISH: 13:27:20.36 ===============
 

 

 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 31  
 Java 7 Update 15  
 Java version out of Date!
 Adobe Flash Player 11.6.602.171  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (19.0.2)
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

# AdwCleaner v2.114 - Logfile created 03/17/2013 at 13:33:43
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Scotty G - STUDIO-DESKTOP
# Boot Mode : Normal
# Running from : C:\Users\Scotty G\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Scotty G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Scotty G\AppData\Local\Babylon
Folder Deleted : C:\Users\Scotty G\AppData\Local\Conduit
Folder Deleted : C:\Users\Scotty G\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Scotty G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Folder Deleted : C:\Users\Scotty G\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Scotty G\AppData\Local\RewardsArcade
Folder Deleted : C:\Users\Scotty G\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Scotty G\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Scotty G\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Scotty G\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Scotty G\AppData\Roaming\Mozilla\Firefox\Profiles\492gqyza.default\CT2504091
Folder Deleted : C:\Users\Scotty G\AppData\Roaming\Mozilla\Firefox\Profiles\492gqyza.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Deleted : C:\Users\Scotty G\AppData\Roaming\Mozilla\Firefox\Profiles\492gqyza.default\jetpack
Folder Deleted : C:\Users\Scotty G\AppData\Roaming\Mozilla\Firefox\Profiles\492gqyza.default\Smartbar
Folder Deleted : C:\Users\Scotty G\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\RewardsArcade
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25514C64-8321-494E-BD3E-3DBAB3F8CEBA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{597A9974-8CB0-4F41-B61F-ED065738A397}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{686BDFE6-A6ED-4CF8-B9C5-F7E2877ACF29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A63DC96D-5A6A-4C21-A838-C29096A517E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Scotty G\AppData\Roaming\Mozilla\Firefox\Profiles\492gqyza.default\prefs.js

C:\Users\Scotty G\AppData\Roaming\Mozilla\Firefox\Profiles\492gqyza.default\user.js ... Deleted !

Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2504091.FirstTime", "true");
Deleted : user_pref("CT2504091.FirstTimeFF3", "true");
Deleted : user_pref("CT2504091.UserID", "UN47609517333706697");
Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2504091.autoDisableScopes", -1);
Deleted : user_pref("CT2504091.defaultSearch", "false");
Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2504091.enableAlerts", "false");
Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2504091.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2504091.fixUrls", true);
Deleted : user_pref("CT2504091.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT2504091.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.isNewTabEnabled", false);
Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT2504091.openThankYouPage", "false");
Deleted : user_pref("CT2504091.openUninstallPage", "false");
Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
Deleted : user_pref("CT2504091.search.searchCount", "0");
Deleted : user_pref("CT2504091.searchInNewTabEnabled", "false");
Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2504091.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343604978362");
Deleted : user_pref("CT2504091.serviceLayer_services_appTracking_lastUpdate", "1343604979182");
Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1343604978262");
Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343604978744");
Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343688756548");
Deleted : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1343604978686");
Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343604978702");
Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1343604977987");
Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1343604977696");
Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343604978723");
Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1343688756307");
Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1343604978222");
Deleted : user_pref("CT2504091.settingsINI", true);
Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
Deleted : user_pref("CT2504091.startPage", "userChanged");
Deleted : user_pref("CT2504091.toolbarBornServerTime", "30-7-2012");
Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "21-10-2012");
Deleted : user_pref("CT2504091.toolbarDisabled", "true");
Deleted : user_pref("extensions.crossriderapp498.498.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp498.498.InstallationTime", 1327186332);
Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.searchUserConifrmation", false);
Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp498.498.active", true);
Deleted : user_pref("extensions.crossriderapp498.498.addressbar", "");
Deleted : user_pref("extensions.crossriderapp498.498.affid", "0");
Deleted : user_pref("extensions.crossriderapp498.498.backgroundjs", "\n\n_GPL_PID = 18;\nfunction parse_url(st[...]
Deleted : user_pref("extensions.crossriderapp498.498.backgroundver", 9);
Deleted : user_pref("extensions.crossriderapp498.498.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp498.498.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1327186332");
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22defa[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_aoi.value", "1327186332");
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.expiration", "Mon Apr 23 2012 21:08:32 GM[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.value", "%7B%22geoplugin_city%22%3A%22Har[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_parent_zoneid.value", "%2212475%22");
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_zoneid.value", "%2216513%22");
Deleted : user_pref("extensions.crossriderapp498.498.description", "RewardsArcade is a platform that allows us[...]
Deleted : user_pref("extensions.crossriderapp498.498.domain", "www.rewardsarcade.com");
Deleted : user_pref("extensions.crossriderapp498.498.emailsig", "");
Deleted : user_pref("extensions.crossriderapp498.498.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp498.498.exposesites", "");
Deleted : user_pref("extensions.crossriderapp498.498.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp498.498.group", 0);
Deleted : user_pref("extensions.crossriderapp498.498.homepage", "");
Deleted : user_pref("extensions.crossriderapp498.498.iframe", false);
Deleted : user_pref("extensions.crossriderapp498.498.js", "\n\nvar _GPL_PID = 18;\n\n(function($) {   \n\n  $.[...]
Deleted : user_pref("extensions.crossriderapp498.498.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp498.498.name", "RewardsArcade");
Deleted : user_pref("extensions.crossriderapp498.498.newtab", "");
Deleted : user_pref("extensions.crossriderapp498.498.opensearch", "");
Deleted : user_pref("extensions.crossriderapp498.498.premium", true);
Deleted : user_pref("extensions.crossriderapp498.498.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp498.498.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp498.498.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp498.498.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp498.498.thankyou", "hxxp://www.rewardsarcade.com/r.php?app_id=498[...]
Deleted : user_pref("extensions.crossriderapp498.498.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp498.498.ver", 82);
Deleted : user_pref("extensions.crossriderapp498.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp498.apps", "498");
Deleted : user_pref("extensions.crossriderapp498.bic", "1350294a8c3de16243f3d21cc2d0c55b");
Deleted : user_pref("extensions.crossriderapp498.cid", 498);
Deleted : user_pref("extensions.crossriderapp498.firstrun", false);
Deleted : user_pref("extensions.crossriderapp498.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp498.installationdate", 1327188191);
Deleted : user_pref("extensions.crossriderapp498.jsver", 3);
Deleted : user_pref("extensions.crossriderapp498.lastcheck", 22247775);
Deleted : user_pref("extensions.crossriderapp498.lastcheckitem", 22247778);
Deleted : user_pref("extensions.crossriderapp498.misc.lastBgWorkerTimer", "1334866670202");
Deleted : user_pref("extensions.crossriderapp498.misc.lastDomWorkerTimer", "1334866670202");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "ffd899e5-bfe0-4662-92d0-6bb288d792a9");

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Scotty G\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [17262 octets] - [17/03/2013 13:33:43]

########## EOF - C:\AdwCleaner[S1].txt - [17323 octets] ##########
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 17 March 2013 - 12:26 PM

Looking good.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31
Java 7 Update 15



Java 7 update 10 introduced important new security controls
You can read about it here.
http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Adobe has released security updates for Adobe Flash Player 11.6.602.171 and earlier versions for Windows, Adobe Flash Player 11.2.202.273 and earlier versions for Macintosh, and Adobe Flash Player 11.2.202.273 and earlier versions for Linux.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

If you still have problems with your mouse I suggest you reinstall it.
===

When all is well:

Time for some housekeeping

  • The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following bold text into the Run box and click OK:

    ComboFix /Uninstall

===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#5 TheDuke3000

TheDuke3000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 18 March 2013 - 05:41 PM

Many thanks for your help.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:18 PM

Posted 19 March 2013 - 08:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users