Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

One Hour to Run combofix!?


  • This topic is locked This topic is locked
36 replies to this topic

#1 megalith

megalith

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 22 April 2013 - 10:27 AM

Hello there folks,this is my first post and hoping someone may help?
I noticed my laptop has suddenly started crawling whilst loading pages,opening ffox,opening emails,videos etc.etc.It 'feels like' something is running behind and delaying start ups on emails and vids for seconds.
I ran combofix and started it @15:06 gmt,it finished an hour later @16:06gmt!!??
It appeared to 'stall' at stage 4 for around 15-20 mins then slowly went through the rest of the stages until it reached 50.
I uninstalled babylon toolbar months ago and went through ffox uninstall etc etc but it still shows in combofix,same as some other bits-can anyone please help?
Thanks for reading.
The scan log is attached below if this helps:
Attached File  ComboFix.txt   20.76KB   5 downloads

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

 

ComboFix 13-04-22.01 - Jack 22/04/2013  15:06:12.14.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8181.6299 [GMT 1:00]
Running from: c:\users\Jack\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-22 to 2013-04-22  )))))))))))))))))))))))))))))))
.
.
2013-04-22 15:00 . 2013-04-22 15:00    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-04-22 15:00 . 2013-04-22 15:00    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-04-22 15:00 . 2013-04-22 15:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-21 03:28 . 2013-02-15 06:06    3717632    ----a-w-    c:\windows\system32\mstscax.dll
2013-04-21 03:28 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\SysWow64\mstscax.dll
2013-04-21 03:28 . 2013-02-15 06:08    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2013-04-21 03:28 . 2013-02-15 06:02    158720    ----a-w-    c:\windows\system32\aaclient.dll
2013-04-21 03:28 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2013-04-21 03:28 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2013-04-21 03:28 . 2013-03-19 06:04    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-04-21 03:28 . 2013-03-19 05:04    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-04-21 03:28 . 2013-03-19 05:04    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-04-21 03:28 . 2013-03-19 05:46    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-04-21 03:28 . 2013-03-19 04:47    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-04-21 03:28 . 2013-03-19 03:06    112640    ----a-w-    c:\windows\system32\smss.exe
2013-04-21 03:27 . 2013-03-01 03:36    3153408    ----a-w-    c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-21 03:32 . 2011-06-22 15:53    72702784    ----a-w-    c:\windows\system32\MRT.exe
2013-04-12 18:54 . 2012-04-04 22:44    691592    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 18:54 . 2011-06-22 00:46    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-04 13:50 . 2011-06-23 09:47    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-02 12:16 . 2011-07-02 19:36    236248    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2013-03-13 19:41 . 2013-03-13 19:41    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-03-13 19:41 . 2013-03-13 19:41    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-03-13 19:41 . 2013-03-13 19:41    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-13 19:41 . 2013-03-13 19:41    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-03-13 19:41 . 2013-03-13 19:41    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-03-13 19:41 . 2013-03-13 19:41    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-03-13 19:41 . 2013-03-13 19:41    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-03-13 19:41 . 2013-03-13 19:41    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-03-13 19:41 . 2013-03-13 19:41    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-03-13 19:41 . 2013-03-13 19:41    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-03-13 19:41 . 2013-03-13 19:41    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-03-13 19:41 . 2013-03-13 19:41    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-03-13 19:41 . 2013-03-13 19:41    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-13 19:41 . 2013-03-13 19:41    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-03-13 19:41 . 2013-03-13 19:41    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-03-13 19:41 . 2013-03-13 19:41    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-03-13 19:41 . 2013-03-13 19:41    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-03-13 19:41 . 2013-03-13 19:41    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-03-13 19:41 . 2013-03-13 19:41    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-03-13 19:41 . 2013-03-13 19:41    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-03-13 19:41 . 2013-03-13 19:41    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-03-13 19:41 . 2013-03-13 19:41    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-03-13 19:41 . 2013-03-13 19:41    441856    ----a-w-    c:\windows\system32\html.iec
2013-03-13 19:41 . 2013-03-13 19:41    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-03-13 19:41 . 2013-03-13 19:41    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-03-13 19:41 . 2013-03-13 19:41    235008    ----a-w-    c:\windows\system32\url.dll
2013-03-13 19:41 . 2013-03-13 19:41    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-03-13 19:41 . 2013-03-13 19:41    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-03-13 19:41 . 2013-03-13 19:41    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-13 19:41 . 2013-03-13 19:41    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-03-13 19:41 . 2013-03-13 19:41    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-03-13 19:41 . 2013-03-13 19:41    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-03-13 19:41 . 2013-03-13 19:41    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-13 19:41 . 2013-03-13 19:41    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-03-13 19:41 . 2013-03-13 19:41    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-03-13 19:41 . 2013-03-13 19:41    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-03-13 19:41 . 2013-03-13 19:41    149504    ----a-w-    c:\windows\system32\occache.dll
2013-03-13 19:41 . 2013-03-13 19:41    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-03-13 19:41 . 2013-03-13 19:41    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-03-13 19:41 . 2013-03-13 19:41    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-03-13 19:41 . 2013-03-13 19:41    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-03-13 19:41 . 2013-03-13 19:41    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-03-13 19:41 . 2013-03-13 19:41    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-03-13 19:41 . 2013-03-13 19:41    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-03-13 19:41 . 2013-03-13 19:41    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-03-13 19:41 . 2013-03-13 19:41    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-03-13 19:41 . 2013-03-13 19:41    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-03-13 19:41 . 2013-03-13 19:41    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-03-13 19:41 . 2013-03-13 19:41    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-03-13 19:40 . 2013-03-13 19:40    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-13 19:40 . 2013-03-13 19:40    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-03-13 19:40 . 2013-03-13 19:40    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-13 19:40 . 2013-03-13 19:40    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-03-13 19:40 . 2013-03-13 19:40    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-03-13 19:40 . 2013-03-13 19:40    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-03-13 19:40 . 2013-03-13 19:40    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-03-13 19:40 . 2013-03-13 19:40    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-03-13 19:40 . 2013-03-13 19:40    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-03-13 19:40 . 2013-03-13 19:40    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-03-13 19:40 . 2013-03-13 19:40    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-03-13 19:40 . 2013-03-13 19:40    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-03-13 19:40 . 2013-03-13 19:40    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-13 19:40 . 2013-03-13 19:40    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-03-13 19:40 . 2013-03-13 19:40    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-13 19:40 . 2013-03-13 19:40    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-03-13 19:40 . 2013-03-13 19:40    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-03-13 19:40 . 2013-03-13 19:40    1504768    ----a-w-    c:\windows\SysWow64\d3d11.dll
2013-03-13 19:40 . 2013-03-13 19:40    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-03-13 19:40 . 2013-03-13 19:40    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2013-03-13 19:40 . 2013-03-13 19:40    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2013-03-13 19:40 . 2013-03-13 19:40    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-03-13 19:40 . 2013-03-13 19:40    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-03-13 19:40 . 2013-03-13 19:40    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-03-13 19:40 . 2013-03-13 19:40    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-03-13 19:40 . 2013-03-13 19:40    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-03-13 19:40 . 2013-03-13 19:40    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-03-13 19:40 . 2013-03-13 19:40    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-03-13 19:40 . 2013-03-13 19:40    1887232    ----a-w-    c:\windows\system32\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-03-13 18:32    1929392    ----a-w-    c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-03-13 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"FAStartup"="" [BU]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-03-13 1151152]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43    144712    ----a-w-    c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli FAPassSync
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-23 1255736]
R4 CustomSvc;Vista Session Launcher Service;c:\program files\OSD\Service1.exe [2009-02-20 13312]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2013-04-02 236248]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-13 39768]
S1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-04-05 586072]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-04-02 228600]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-04-02 357272]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/06/21 20:14];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2008-10-17 14:52 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-03 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI223C.tmp [2011-06-22 102400]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-04-02 1124184]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-01-23 7515000]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-01-23 552312]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-03-13 968880]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-07-24 23912]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-06-22 273072]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [2013-03-13 175352]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 04:24    1642448    ----a-w-    c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 20:19]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 20:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-16 487424]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\liwzt7ki.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-21 05:40; {5F590AA2-1221-4113-A6F4-A4BB62414FAC}; c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\liwzt7ki.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
FF - user.js: extensions.BabylonToolbar_i.id - 4c1a9b960000000000000026b9645254
FF - user.js: extensions.BabylonToolbar_i.hardId - 4c1a9b960000000000000026b9645254
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15306
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100489
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSI223C.tmp\" -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-22  16:06:30
ComboFix-quarantined-files.txt  2013-04-22 15:06
ComboFix2.txt  2013-04-20 03:47
ComboFix3.txt  2013-04-04 18:08
ComboFix4.txt  2013-03-13 20:32
ComboFix5.txt  2013-04-22 14:03
.
Pre-Run: 331,037,310,976 bytes free
Post-Run: 330,974,191,616 bytes free
.
- - End Of File - - 20EC181DD73B3CAEF4AA3118CDD6BF88
 


Edited by Noviciate, 22 April 2013 - 02:10 PM.
Log added from attachment.


BC AdBot (Login to Remove)

 


#2 megalith

megalith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 22 April 2013 - 11:22 AM

Hello,I posted in the wrong section earlier,I hope someone here may help?Apologies for that as I am new.
My pc is running very slow and it just took an hour to run combofix and it still appears to be the same,slow on opening pages,vids,emails etc.
Any advice please, as I am thinking of simply getting a new hard drive at the moment but funds will not allow this for a while unless there is a major infection and it can be solved
I apologise for my double post!
 
Here is the combofix text file below if it helps:
 
 
Attached File  ComboFix.txt   20.76KB   2 downloads?

Edited by nasdaq, 22 April 2013 - 12:29 PM.
Topics merged.


#3 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:21 PM

Posted 26 April 2013 - 12:42 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
 
----------------
 
Please do the following next:
 
:step1:
 
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.



:step2:
 
Please download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.pif

  • Double click on the DDS icon, allow it to run.
  • Mark the option attach.txt.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open both logfiles.
  • You can find them on your desktop as well.
  • Please post the content of those logfiles with your next answer.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
 
 
:step3:
 
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#4 megalith

megalith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 26 April 2013 - 05:33 AM

Thanks for your help!

i just ran the defogger which was very quick/immediate and it did not reboot the machine i just received this on the desktop after running it:

 

I cannot copy and paste from notepad for some reason!!??I typed exactly this from the notepad:

 

defogger_ disabled by jpshortstuff (23.01.10.1)

Log created at 11:20 on 26/04/13 (Jack)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F-=



#5 megalith

megalith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 26 April 2013 - 05:46 AM

DDS Text file:
 
I cannot copy and paste all of this dev!!There is no paste when i click on this page to paste to-i can copy from the notepad text but when i attempt a paste the function is not available as right click



#6 megalith

megalith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 27 April 2013 - 07:15 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Jack at 11:40:18 on 2013-04-26
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8181.6069 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
C:\Windows\Installer\MSI223C.tmp
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Jack\Desktop\Defogger.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [FAStartup] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1A1B7B4A-C1EA-4F31-BB31-6533442CBE46} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4CFF49A6-67D0-40D0-9212-5FF1D156B73A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4CFF49A6-67D0-40D0-9212-5FF1D156B73A}\244584F6D65684572623D275B44334 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4CFF49A6-67D0-40D0-9212-5FF1D156B73A}\9637F626162796B6 : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
STS: CAveStartButtonChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
LSA: Notification Packages =  scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-STS: CAveStartButtonChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\liwzt7ki.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-21 05:40; {5F590AA2-1221-4113-A6F4-A4BB62414FAC}; C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\liwzt7ki.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 4c1a9b960000000000000026b9645254
FF - user.js: extensions.BabylonToolbar_i.hardId - 4c1a9b960000000000000026b9645254
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15306
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:05:35
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100489
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-7-2 236248]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-7-27 39768]
R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-4-5 586072]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-2 228600]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-4-2 357272]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/06/21 20:14:29];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2008-10-17 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2012-4-24 89600]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;C:\Windows\Installer\MSI223C.tmp [2011-6-22 102400]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2013-2-4 625304]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-2 1124184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-7-25 7515000]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-7-25 552312]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-3-13 968880]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2011-6-21 23912]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2011-6-21 273072]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2013-3-13 175352]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-25 238848]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-23 1255736]
S4 CustomSvc;Vista Session Launcher Service;C:\Program Files\OSD\Service1.exe [2011-6-21 13312]
.
=============== Created Last 30 ================
.
2013-04-26 10:24:43    --------    d-----w-    C:\bleeping computer help files
2013-04-24 03:24:53    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-24 02:06:52    --------    d-----w-    C:\Program Files (x86)\EVGA Precision X
2013-04-23 03:52:26    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-04-21 03:28:25    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2013-04-21 03:28:24    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-04-21 03:28:23    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2013-04-21 03:28:23    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2013-04-21 03:28:23    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2013-04-21 03:28:23    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2013-04-21 03:28:04    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-04-21 03:28:02    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-21 03:28:02    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-04-21 03:28:01    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-04-21 03:28:01    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-04-21 03:28:01    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-04-21 03:27:55    3153408    ----a-w-    C:\Windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2013-04-12 18:54:36    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 18:54:36    691592    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 13:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-02 12:16:10    236248    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2013-03-13 19:40:26    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-13 18:32:08    39768    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-02-21 10:30:16    1766912    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07    2240512    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-21 10:14:09    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 04:12:05    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 11:41:05.61 ===============



#7 megalith

megalith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 27 April 2013 - 07:18 AM

# AdwCleaner v2.202 - Logfile created 04/27/2013 at 13:17:23
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jack - JACK-PC
# Boot Mode : Normal
# Running from : C:\Users\Jack\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\user.js
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\Jack\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Jack\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Jack\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Jack\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Jack\AppData\Roaming\Babylon
Folder Found : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\liwzt7ki.default\jetpack

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKU\S-1-5-21-3525824382-1956127181-1079125871-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\liwzt7ki.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100489");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "4c1a9b960000000000000026b9645254");
Found : user_pref("extensions.BabylonToolbar_i.id", "4c1a9b960000000000000026b9645254");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15306");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:05:35");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);
Found : user_pref("extensions.ghostery.blockingLog", "Redirect prevented: hxxps://s.yimg.com/lq/i/ww/eyc/p.g[...]
Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2467] : urls_to_restore_on_startup = [ "hxxp://search.fbdownloader.com/?channel=sfuk206" ]

*************************

AdwCleaner[R1].txt - [8064 octets] - [27/04/2013 13:17:23]

########## EOF - C:\AdwCleaner[R1].txt - [8124 octets] ##########



#8 megalith

megalith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 27 April 2013 - 07:21 AM

Computer is almost crawling now,web pages are taking a very long time to open etc.



#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:21 PM

Posted 28 April 2013 - 06:46 PM

Hi

 

I'm analysing your logs, and will get back to you as soon as possible.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 megalith

megalith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 28 April 2013 - 07:31 PM

Thanks Dev,when i ran the adw cleaner i didn't delete anything or do anything else,i just posted the log here.



#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:21 PM

Posted 29 April 2013 - 07:40 PM

Hi

 

I have proposed the next steps to an instructor, and am waiting to hear back.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:21 PM

Posted 30 April 2013 - 05:32 AM

Hi

Please do the following next:

:step1:

Please visit the online Jotti Virus Scanner virus.gif<--link

  • Browse to the following filepath:

    C:\Windows\Installer\MSI223C.tmp
  • Click on the Clipboard021.jpg button.
    The scanner will check the file with various AV companies.
  • Copy and paste the link to the results into a reply to this thread.
  • Repeat for:
    C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStarfortButtonChangerInProc.dll

 

:step2:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

:step3:

How is the computer running now?

 


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 megalith

megalith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 30 April 2013 - 06:29 AM

Here's jotti scan:

 

Filename: MSI45F9.tmp Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on:   Mon 20 Aug 2012 12:20:26 (CET) Permalink        

 
Additional info File size: 102400 bytes Filetype: PE32+ executable for MS Windows (console) Mono/.Net assembly MD5: ea644a529809d2218c0d7062582dd4dd SHA1: dbc6f01f3fcf86c745d0c1d64d3385e6bbd1963e


 


 

 

Here's the second path for hyperdesk dll jotti scan:

 

 

 

  AveStartButtonChangerInProc.dll Status:
Scan finished. 0 out of 22 scanners reported malware.
Scan taken on:   Tue 30 Apr 2013 13:27:14 (CET) Permalink        

 
Additional info File size: 104448 bytes Filetype: PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly MD5: 0beb228be4bd29a7448cadace06e5cff SHA1: 2de4d3e79c806640e3ef96531b94d886a739fa28


 


 



#14 megalith

megalith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 30 April 2013 - 06:44 AM

adware log after deletions:

 

# AdwCleaner v2.300 - Logfile created 04/30/2013 at 12:38:42
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jack - JACK-PC
# Boot Mode : Normal
# Running from : C:\Users\Jack\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater14.2.0

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Jack\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Jack\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jack\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Jack\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jack\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\liwzt7ki.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\liwzt7ki.default\prefs.js

C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\liwzt7ki.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100489");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "4c1a9b960000000000000026b9645254");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "4c1a9b960000000000000026b9645254");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15306");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:05:35");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2467] : urls_to_restore_on_startup = [ "hxxp://search.fbdownloader.com/?channel=sfuk206" ]

*************************

AdwCleaner[R1].txt - [8183 octets] - [27/04/2013 13:17:23]
AdwCleaner[S1].txt - [8258 octets] - [30/04/2013 12:38:42]

########## EOF - C:\AdwCleaner[S1].txt - [8318 octets] ##########



#15 megalith

megalith
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 PM

Posted 30 April 2013 - 06:48 AM

Many thanks for your kind help!

 

The pc seems OK but I feel I will only know if it's OK if i run combofix and it's back to running under ten minutes as before this it took an hour as I stated and seemed to take around 30 mins at stage 4-5!?

Should i re-run combofix to verify if it's ok now?

 

I also notice that there are still video ads on the youtube channel (at the top,usually 2)when i type in any title-my other pc has never had the ads.

Also when searching or clicking a bookmark the search pauses/locks on the top left load wheel for a few seconds before going to the page.


Edited by megalith, 30 April 2013 - 07:27 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users