Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware after messing up?


  • This topic is locked This topic is locked
21 replies to this topic

#1 detroit6

detroit6

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 11 May 2013 - 06:06 AM

Mod edit:Moved to appropriate forum ~~ boopme

yes I know it was wrong and I am stupid and I regret it. wont happen again but since I did it everything keeps freezing inclusing browsers. if someone could check would be happy
thanks
 
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2011 10:32:19
System Uptime: 11/05/2013 11:37:39 (1 hours ago)
.
Motherboard: Dell Inc. |  | 0K216C
Processor: Intel® Core™2 Duo CPU     E6750  @ 2.66GHz | Socket 775 | 2664/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 163.919 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: GoTrusted TAP Adapter
Device ID: ROOT\NET\0000
Manufacturer: GoTrusted TAP Provider
Name: GoTrusted TAP Adapter
PNP Device ID: ROOT\NET\0000
Service: gttap1
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Leawo Video Converter version  5.1.0.0
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bitdefender Internet Security 2013
CCleaner
ConvertXtoDVD 4.0.9.322
D3DX10
EasyBCD 1.7
ERUNT 1.1j
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04]
FileHippo.com Update Checker
Full Tilt Poker
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel® Graphics Media Accelerator Driver
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Kaspersky Security Scan
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Excel Viewer 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MyFreeCodec
Nero 7 Lite 7.10.1.2
Opera 12.15
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.94
Revo Uninstaller Pro 3.0.5
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Secunia PSI (3.0.0.6005)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Segoe UI
Skitch
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.6
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
YouTube Downloader App 3.00
.
==== End Of File ===========================
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476
Run by Chris at 12:03:47 on 2013-05-11
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1290 [GMT 1:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Bitdefender\Bitdefender 2013\seccenter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [Bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DHCPNameServer = 192.168.0.203
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\fzo7gk9z.default-1368028199828\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-05-06 13:44; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: 2013-05-06 13:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-05-08 21:48; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\chris\appdata\roaming\mozilla\firefox\profiles\fzo7gk9z.default-1368028199828\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-08 22:35; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\chris\appdata\roaming\mozilla\firefox\profiles\fzo7gk9z.default-1368028199828\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-5-6 633344]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-5-6 162976]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2013-5-6 78144]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-23 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-23 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-2-7 1223704]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2013-5-6 55984]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-4-8 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-5-6 486536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-23 22856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-2-7 16024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-2-7 660504]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-5-6 66392]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-3-18 83168]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-5-6 27192]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-3-18 181344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2013-5-6 62688]
.
=============== Created Last 30 ================
.
2013-05-11 10:42:13    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-05-10 14:55:55    6906960    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{33ac6641-dbcf-4fe0-8d2a-fb5b846fcccc}\mpengine.dll
2013-05-08 21:15:24    --------    d-----w-    c:\users\chris\appdata\local\temp
2013-05-07 22:18:54    6906960    ------w-    c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2013-05-07 17:42:15    --------    d-----w-    c:\program files\Kaspersky Lab
2013-05-06 17:12:12    72704    ----a-w-    c:\windows\system32\drivers\bdvedisk.sys
2013-05-06 16:41:26    78144    ----a-w-    c:\windows\system32\drivers\BdfNdisf6.sys
2013-05-06 16:41:26    66392    ----a-w-    c:\windows\system32\drivers\bdsandbox.sys
2013-05-06 16:41:14    486536    ----a-w-    c:\windows\system32\drivers\avckf.sys
2013-05-06 16:41:13    633344    ----a-w-    c:\windows\system32\drivers\avc3.sys
2013-05-06 16:36:35    --------    d-----w-    c:\users\chris\appdata\roaming\Bitdefender
2013-05-06 16:36:32    --------    d-----w-    c:\programdata\Bitdefender
2013-05-06 16:34:45    162976    ----a-w-    c:\windows\system32\drivers\gzflt.sys
2013-05-06 16:34:44    343456    ----a-w-    c:\windows\system32\drivers\trufos.sys
2013-05-06 14:09:33    --------    d-----w-    c:\programdata\BDLogging
2013-05-06 14:02:38    --------    d-----w-    c:\program files\Bitdefender
2013-05-06 14:02:08    --------    d-----w-    c:\program files\common files\Bitdefender
2013-05-06 13:26:29    --------    d-----w-    c:\users\chris\appdata\local\VS Revo Group
2013-05-06 13:26:19    27192    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2013-05-06 13:26:19    --------    d-----w-    c:\programdata\VS Revo Group
2013-05-05 23:26:12    --------    d-----w-    c:\programdata\bdch
2013-05-02 21:55:23    --------    d-----w-    c:\windows\system32\catroot2(16540)
2013-05-02 21:29:47    --------    d-----w-    C:\RegBackup
2013-04-28 10:49:31    --------    d-----w-    c:\program files\Tweaking.com
2013-04-26 20:44:24    --------    d-----w-    C:\Casino
2013-04-16 19:50:49    --------    d-----w-    c:\users\chris\appdata\local\cache
2013-04-16 19:47:44    --------    d-----w-    c:\users\chris\appdata\local\FullTiltPoker
2013-04-16 19:46:42    --------    d-----w-    c:\program files\Full Tilt Poker
2013-04-15 15:40:44    --------    d-----w-    c:\programdata\Licenses
2013-04-15 15:40:40    129872    ----a-w-    c:\windows\system32\MSSTDFMT.DLL
2013-04-15 15:40:40    1070352    ----a-w-    c:\windows\system32\MSCOMCTL.OCX
2013-04-14 18:11:00    --------    d-----w-    c:\program files\trend micro
.
==================== Find3M  ====================
.
2013-05-06 13:13:38    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-06 13:13:38    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 01:06:08    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-04 13:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-22 22:23:38    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-22 22:23:38    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-11 13:25:50    3603816    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25:50    3551080    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45:04    49152    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-09 01:28:08    64000    ----a-w-    c:\windows\system32\smss.exe
2013-03-08 03:53:50    376320    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-08 03:52:22    2067968    ----a-w-    c:\windows\system32\mstscax.dll
2013-03-05 01:40:56    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-03-03 19:50:21    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-03-03 19:07:52    1082232    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-02-22 03:46:00    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-02-22 03:38:00    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-02-22 03:37:50    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-02-22 03:31:46    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-02-12 01:57:27    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 12:04:50.50 ===============

Edited by boopme, 11 May 2013 - 10:05 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 14 May 2013 - 09:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists as I did not find anything bad in your DDS log.

#3 detroit6

detroit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 14 May 2013 - 11:39 AM

still frezzing. got told secuirty defender was bad by bit defender and combofix took 3 times to run

 

 Results of screen317's Security Check version 0.99.63  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.6005)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Adobe Flash Player     11.7.700.169  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1)
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Bitdefender Bitdefender 2013 updatesrv.exe  
 Bitdefender Bitdefender 2013 bdagent.exe  
 Bitdefender Bitdefender 2013 seccenter.exe  
 Bitdefender Bitdefender 2013 vsserv.exe  
 Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

# AdwCleaner v2.300 - Logfile created 05/14/2013 at 17:08:14
# Updated 28/04/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Chris - DELL-530
# Boot Mode : Normal
# Running from : C:\Users\Chris\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\Chris\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R10].txt - [1502 octets] - [22/02/2013 03:07:42]
AdwCleaner[R11].txt - [1563 octets] - [22/02/2013 20:46:31]
AdwCleaner[R12].txt - [1870 octets] - [23/02/2013 23:49:59]
AdwCleaner[R13].txt - [1637 octets] - [08/03/2013 14:33:48]
AdwCleaner[R14].txt - [1700 octets] - [09/03/2013 00:09:37]
AdwCleaner[R15].txt - [1761 octets] - [09/03/2013 00:10:20]
AdwCleaner[R16].txt - [1971 octets] - [16/03/2013 13:12:19]
AdwCleaner[R17].txt - [2120 octets] - [09/04/2013 23:50:01]
AdwCleaner[R18].txt - [1439 octets] - [14/05/2013 17:08:14]
AdwCleaner[R5].txt - [1168 octets] - [04/02/2013 19:31:11]
AdwCleaner[R6].txt - [1226 octets] - [04/02/2013 21:57:28]
AdwCleaner[R7].txt - [1322 octets] - [18/02/2013 15:12:49]
AdwCleaner[R8].txt - [1382 octets] - [18/02/2013 15:24:20]
AdwCleaner[R9].txt - [1442 octets] - [18/02/2013 17:01:01]
AdwCleaner[S10].txt - [2314 octets] - [21/03/2013 13:49:17]
AdwCleaner[S12].txt - [2237 octets] - [29/04/2013 00:49:53]
AdwCleaner[S6].txt - [1075 octets] - [13/01/2013 22:52:33]
AdwCleaner[S7].txt - [1626 octets] - [22/02/2013 20:46:40]
AdwCleaner[S8].txt - [1935 octets] - [23/02/2013 23:52:01]
AdwCleaner[S9].txt - [1820 octets] - [09/03/2013 00:10:27]

########## EOF - C:\AdwCleaner[R18].txt - [2162 octets] ##########
 

ComboFix 13-05-14.01 - Chris 14/05/2013  17:25:17.6.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1257 [GMT 1:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Chris\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\system32\spsys.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-14 to 2013-05-14  )))))))))))))))))))))))))))))))
.
.
2013-05-14 16:34 . 2013-05-14 16:35    --------    d-----w-    c:\users\Chris\AppData\Local\temp
2013-05-14 16:34 . 2013-05-14 16:34    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-05-14 16:34 . 2013-05-14 16:34    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-10 14:55 . 2013-04-17 05:31    6906960    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{33AC6641-DBCF-4FE0-8D2A-FB5B846FCCCC}\mpengine.dll
2013-05-08 15:51 . 2013-05-08 15:51    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-05-07 17:42 . 2013-05-07 17:42    --------    d-----w-    c:\program files\Kaspersky Lab
2013-05-06 17:12 . 2013-05-06 17:12    72704    ----a-w-    c:\windows\system32\drivers\bdvedisk.sys
2013-05-06 16:41 . 2013-02-22 18:46    78144    ----a-w-    c:\windows\system32\drivers\BdfNdisf6.sys
2013-05-06 16:41 . 2012-11-12 17:11    66392    ----a-w-    c:\windows\system32\drivers\bdsandbox.sys
2013-05-06 16:41 . 2013-04-17 13:59    486536    ----a-w-    c:\windows\system32\drivers\avckf.sys
2013-05-06 16:41 . 2013-04-17 13:59    633344    ----a-w-    c:\windows\system32\drivers\avc3.sys
2013-05-06 16:36 . 2013-05-06 16:36    --------    d-----w-    c:\users\Chris\AppData\Roaming\Bitdefender
2013-05-06 16:36 . 2013-05-06 16:45    --------    d-----w-    c:\programdata\Bitdefender
2013-05-06 16:34 . 2012-10-04 13:30    162976    ----a-w-    c:\windows\system32\drivers\gzflt.sys
2013-05-06 16:34 . 2012-10-31 12:13    343456    ----a-w-    c:\windows\system32\drivers\trufos.sys
2013-05-06 14:09 . 2013-05-06 15:10    --------    d-----w-    c:\programdata\BDLogging
2013-05-06 14:02 . 2013-05-06 16:34    --------    d-----w-    c:\program files\Bitdefender
2013-05-06 14:02 . 2013-05-06 16:34    --------    d-----w-    c:\program files\Common Files\Bitdefender
2013-05-06 13:26 . 2013-05-06 13:26    --------    d-----w-    c:\users\Chris\AppData\Local\VS Revo Group
2013-05-06 13:26 . 2013-05-06 13:26    --------    d-----w-    c:\programdata\VS Revo Group
2013-05-06 13:26 . 2009-12-30 10:21    27192    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2013-05-05 23:26 . 2013-05-05 23:26    --------    d-----w-    c:\programdata\bdch
2013-05-02 21:55 . 2013-05-06 11:27    --------    d-----w-    c:\windows\system32\catroot2(16540)
2013-05-02 21:29 . 2013-05-02 21:29    --------    d-----w-    C:\RegBackup
2013-04-28 10:49 . 2013-04-28 10:49    --------    d-----w-    c:\program files\Tweaking.com
2013-04-26 20:44 . 2013-05-13 23:05    --------    d-----w-    C:\Casino
2013-04-16 19:50 . 2013-04-16 19:50    --------    d-----w-    c:\users\Chris\AppData\Local\cache
2013-04-16 19:47 . 2013-04-16 21:42    --------    d-----w-    c:\users\Chris\AppData\Local\FullTiltPoker
2013-04-16 19:46 . 2013-05-06 12:44    --------    d-----w-    c:\program files\Full Tilt Poker
2013-04-15 15:40 . 2013-05-06 12:44    --------    d-----w-    c:\programdata\Licenses
2013-04-15 15:40 . 2011-11-04 04:13    1070352    ----a-w-    c:\windows\system32\MSCOMCTL.OCX
2013-04-15 15:40 . 2009-03-24 11:52    129872    ----a-w-    c:\windows\system32\MSSTDFMT.DLL
2013-04-14 18:11 . 2013-05-06 12:44    --------    d-----w-    c:\program files\trend micro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-10 19:07 . 2011-03-28 18:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-06 13:13 . 2012-12-13 19:48    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-06 13:13 . 2012-12-13 19:48    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 01:06 . 2011-02-04 13:29    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-04 13:50 . 2013-03-22 23:05    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-22 22:23 . 2011-12-26 22:04    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-22 22:23 . 2011-12-26 22:00    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-11 13:25 . 2013-04-10 05:00    3603816    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 05:00    3551080    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 05:00    49152    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 05:00    64000    ----a-w-    c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 05:00    376320    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 05:00    2067968    ----a-w-    c:\windows\system32\mstscax.dll
2013-03-06 23:32 . 2012-09-23 23:33    228600    ----a-w-    c:\windows\system32\aswBoot.exe
2013-03-05 01:40 . 2013-04-10 05:00    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-03-03 19:50 . 2008-10-23 12:05    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-03-03 19:07 . 2013-04-10 05:00    1082232    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-02-22 03:46 . 2013-04-10 09:04    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-02-22 03:38 . 2013-04-10 09:04    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-02-22 03:37 . 2013-04-10 09:04    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 09:04    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 09:04    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-02-22 03:31 . 2013-04-10 09:04    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-04-11 22:12 . 2013-04-11 22:12    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-04-24 1611784]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-2-7 575000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-16 12:17    1642448    ----a-w-    c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 13:13]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 12:16]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 12:16]
.
.
------- Supplementary Scan -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\
FF - ExtSQL: 2013-05-06 13:44; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-05-06 13:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-05-08 21:48; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-08 22:35; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-05-11 23:31; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-14 17:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-05-14  17:37:16
ComboFix-quarantined-files.txt  2013-05-14 16:37
.
Pre-Run: 175,543,484,416 bytes free
Post-Run: 175,528,919,040 bytes free
.
- - End Of File - - E183441C964820BB46811D5E0737F95E
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 14 May 2013 - 12:52 PM

Both Kaspersky and Bitdefender are running in real time on this computer.

Which one did you install last?

Can you disable one and test your system.

If not change please disable the other and re enable the previous one.

Test it.

p.s.
You cannot run two virus protection in real life.

#5 detroit6

detroit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 14 May 2013 - 02:45 PM

how do you mean test it

i have paid for bitdefender so take kap off- kap was just a security scan


Edited by detroit6, 14 May 2013 - 03:08 PM.


#6 detroit6

detroit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 14 May 2013 - 05:06 PM

my firewall and anti virus was left off for 5 hours without me noticing it



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 15 May 2013 - 07:32 AM

Were do we stand now?

#8 detroit6

detroit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 15 May 2013 - 09:21 AM

still freezing on firefox. can I ask if you found anthing bad?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 15 May 2013 - 09:55 AM

Remove Firefox using the Add/Remove Programs applet and reinstall it.

#10 detroit6

detroit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 15 May 2013 - 10:02 AM

okay done



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 15 May 2013 - 12:05 PM

Is everything OK?

#12 detroit6

detroit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 15 May 2013 - 12:40 PM

seems good

 

did you find anything>



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 15 May 2013 - 01:04 PM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#14 detroit6

detroit6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 15 May 2013 - 01:07 PM

comp froze when uinstalling combo fix and bitdefender told me it was dangerous

now it tells me i have a virus

local\temp\nsge4b5.tmp virus name MIDAS3


Edited by detroit6, 15 May 2013 - 01:12 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:21 PM

Posted 15 May 2013 - 01:34 PM

I know that ComboFix uses files that under a malware condition are considered bad.
But not if installed by the tool.

It seems that Bitdefender is very aggressive towards ComboFix. It may just be the new version you have or from now own we may have to suggest to remove Bitdefender to run ComboFix, too early to tell.

If you have any folder created by Combofix still on your computer just delete them.

as for the file in the \Temp folder delete it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users