Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vaudix (?) malware removal


  • This topic is locked This topic is locked
17 replies to this topic

#1 Cydista

Cydista

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 24 June 2013 - 01:06 AM

Hello all,

 

On 13 June I had a moment of intense stupidity and despite my alarm bells going off, downloaded and I'm pretty sure installed the above software from a video streaming website.  I don't stream videos, so I was ignorant about how that works. [sigh].

 

I have found and read the following forum post:

http://www.bleepingcomputer.com/forums/t/494128/veehdvaudix-plugin-malware/

 

But it gets cut off when the asker stops responding to the person helping them.

 

In any case, I ran AVG a few days later (on the 17th if it matters) and it found four threats, all named "Adware generic5" with the following four file extensions:

 

aafe
.aaqx
.aaqx (appears twice with different times of adding)
.aaff

 

Everything was put in the virus vault where I have left it (should I delete?)  I believe it is "secured".  True?

 

All was fine, until the other day in Firefox (21) I was at a shopping site, and when I clicked on the links they opened, but also opened a pop up to different websites.  I forgot to note where those websites were, but they were blank each time.

 

So, I reran AVG, and it has found nothing.  I linstalled and ran MalawareBytes last night (the 24th) and likewise it found nothing. 

 

So I tried to restore the system to a point before the Vaudix download and it told me there were problems and it was unsuccessful (hopefully I didn't make things even worse by doing this??).

 

I suspect I have some malware, but I am a novice with this sort of thing, and don't really know where to proceed.

 

I am running Windows7, 6.1.7601 Service Pack 1 Build 7601
My browser is Firefox 21, and if it means anything I have the AdplusBlock add-on.

My firewall is just the one that comes with windows and it was on, and it was set to block all incoming connections except those on the list of allowed programs, and to notify me of blocked programs.

 

Now, the firewall is blocking EVERYTHING including the allowed ones.

 

I have run DDS, and have the files saved.  For ease of reading, I'll paste the results into the next post.

 

Eagerly awaiting your thoughts and suggestions.

 

THANK YOU!!!!!!

 

 

 



BC AdBot (Login to Remove)

 


#2 Cydista

Cydista
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 24 June 2013 - 01:07 AM

DDS.TXT

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by Susan at 7:44:24 on 2013-06-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4056.1532 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SearchNewTab: {DEC1310B-ECCF-22A6-2841-00F34AEEC930} -
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SwiftToDoList] "C:\Users\Susan\AppData\Local\Swift To-Do List\Swift To-Do List.exe" -minimized
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - C:\Users\Susan\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Susan\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8DBFDA75-1708-42D8-A14B-F583FD31AD94} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B943965B-F2C3-4FCB-8D54-2C07E89B7A8C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B943965B-F2C3-4FCB-8D54-2C07E89B7A8C}\44F6D696E6F6D223131463 : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\
FF - prefs.js: browser.startup.homepage - hxxp://www.washingtonpost.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-05-20 17:02; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-05-20 22:05; jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack; C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack.xpi
FF - ExtSQL: 2013-05-20 22:08; {15312e9a-4905-48da-aae4-15b24bdc2a24}; C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi
FF - ExtSQL: 2013-05-20 22:23; ALone-live@ya.ru; C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\ALone-live@ya.ru
FF - ExtSQL: 2013-05-20 22:56; support@lastpass.com; C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\support@lastpass.com
FF - ExtSQL: 2013-05-25 10:06; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-25 10:08; adblockpopups@jessehakanen.net; C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-06-13 13:48; ua.opr@dv-y.com; C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\ua.opr@dv-y.com
FF - ExtSQL: 2013-06-13 13:59; w97s@mlbgiyia.org; C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\w97s@mlbgiyia.org
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-22 55024]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-22 45856]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-24 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-21 1015984]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-6-13 172704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-24 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-6-16 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-16 1255736]
.
=============== Created Last 30 ================
.
2013-06-24 00:01:43    --------    d-----w-    C:\Users\Susan\AppData\Roaming\Malwarebytes
2013-06-24 00:01:31    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-06-24 00:01:29    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-06-24 00:01:29    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-24 00:01:16    --------    d-----w-    C:\Users\Susan\AppData\Local\Programs
2013-06-23 23:53:14    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C890183-9AC6-4920-93FD-6E51675B220B}\mpengine.dll
2013-06-23 13:42:50    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 05:35:48    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{39F59C0D-826D-43DA-BCC9-476BF8712F2C}\gapaengine.dll
2013-06-13 11:47:16    --------    d-----w-    C:\ProgramData\StarApp
2013-06-13 11:47:15    --------    d-----w-    C:\ProgramData\SearchNewTab
2013-06-13 11:46:58    --------    d-----w-    C:\ProgramData\Vauddix
2013-06-13 11:46:22    --------    d-----w-    C:\ProgramData\InstallMate
2013-06-12 16:06:59    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-09 20:41:00    --------    d-----w-    C:\Program Files\iPod
2013-06-09 20:40:59    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 20:40:59    --------    d-----w-    C:\Program Files\iTunes
2013-06-09 20:40:59    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-27 16:14:01    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2013-06-12 15:17:33    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 15:17:33    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-21 05:44:11    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-01 01:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-20 07:27:46    14880256    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-02 14:09:52    4550656    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
2013-03-31 22:52:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-03-29 00:53:48    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
.
============= FINISH:  7:44:50.81 ===============
 



#3 Cydista

Cydista
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 24 June 2013 - 01:09 AM

As per the instructions on the .attach file, I'll paste those contents here only if you request them. 

 

Thanks again!



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 24 June 2013 - 12:24 PM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.
Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.



Post up attach.txt as well.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Cydista

Cydista
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 24 June 2013 - 04:15 PM

Thanks Marius!

 

I've done as you asked, and the program found nothing.  The log is pasted below.  I do not have a file called "attach.txt".  Also there is no file called "mbar-log-2013.6.24.22:44.txt, but there is something called "system-log.txt" that was created at the right time based on the finish of the scan, so that's what I've attached.  I hope it's the right file. 

 

I don't know if it matters, but while I was waiting today, I discovered that I had also "acquired" a new search engine: local moxie, that opened when I opened a new tab (I always use the box in the upper right corner of my menubar, so it took me a few days to pick up on this).  I subsequently discovered, and removed two add-ons that had mysteriously appeared in my firefox, one was actually called vaudix. 

 

I then went through my program files and removed a couple of unknown programs.....I forget the names, but all (programs and add-ons) connected  me to an identical "We're sorry to see you go" webpage, complete with comment box and some button to click.  I just closed the pages down without interacting with them.  Given they all took me to the same place, I suspect they're from the same source.  But I don't know if I've gotten rid of everything yet.  I have had no more problems with the browser, but to paraphrase you above, just because I don't see symptoms doesn't mean there isn't something lurking about.....

 

Here's the log:

¬¬¬¬¬¬¬¬¬¬¬¬¬

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4253405184, free: 1441693696

Downloaded database version: v2013.06.24.06
Initializing...
------------ Kernel report ------------
     06/24/2013 22:02:35
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80055dc060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xfffffa80055bb060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004439060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80040bd680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004439060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004439b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004439060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80040bd680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 70E319A3

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80055dc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80055f3770, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80055dc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80055bb060, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File:  File "c:\programdata\avg2013\chjw\1c10aa4210aa232e.dat:f5845303-aef9-497c-94ef-4e797574300c" is sparse (flags = 32768)
Scan finished
 


Edited by Cydista, 24 June 2013 - 04:22 PM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 25 June 2013 - 09:37 AM

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Edited by TB-Psychotic, 25 June 2013 - 09:38 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Cydista

Cydista
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 25 June 2013 - 10:58 AM

Ok, done.  This log's pretty long.....out of curiosity, what are you looking for?  In any case, happy reading....

 

 

ComboFix 13-06-24.01 - Susan 06/25/2013  17:42:29.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4056.2237 [GMT 2:00]
Running from: c:\users\Susan\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\51b9b1acc85e9.tlb
c:\programdata\SearchNewTab\settings.ini
c:\users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D2E9224-908A-4BE1-82E6-F66D08D83D31}.xps
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-25 to 2013-06-25  )))))))))))))))))))))))))))))))
.
.
2013-06-25 15:48 . 2013-06-25 15:48    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-06-25 15:48 . 2013-06-25 15:48    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-25 15:48 . 2013-06-25 15:48    --------    d-----w-    c:\users\Arnaud\AppData\Local\temp
2013-06-25 05:20 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4314B6AC-E0FD-4C3F-AB31-8FE373865C41}\mpengine.dll
2013-06-24 20:02 . 2013-06-24 21:30    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-24 15:47 . 2013-06-25 08:54    --------    d-----w-    c:\users\Susan\AppData\Local\Deployment
2013-06-24 12:37 . 2013-06-24 12:37    --------    d-----w-    c:\users\Susan\AppData\Local\VirtualStore
2013-06-24 00:01 . 2013-06-24 00:01    --------    d-----w-    c:\users\Susan\AppData\Roaming\Malwarebytes
2013-06-24 00:01 . 2013-06-24 00:01    --------    d-----w-    c:\programdata\Malwarebytes
2013-06-24 00:01 . 2013-06-24 00:23    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-24 00:01 . 2013-04-04 12:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-24 00:01 . 2013-06-24 00:01    --------    d-----w-    c:\users\Susan\AppData\Local\Programs
2013-06-23 23:53 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 05:35 . 2013-06-21 05:35    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39F59C0D-826D-43DA-BCC9-476BF8712F2C}\gapaengine.dll
2013-06-13 11:47 . 2013-06-13 11:47    --------    d-----w-    c:\programdata\StarApp
2013-06-13 11:46 . 2013-06-24 00:23    --------    d-----w-    c:\programdata\Vauddix
2013-06-13 11:46 . 2013-06-13 11:47    --------    d-----w-    c:\programdata\InstallMate
2013-06-12 16:06 . 2013-05-17 00:59    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-06-09 20:41 . 2013-06-09 20:41    --------    d-----w-    c:\program files\iPod
2013-06-09 20:40 . 2013-06-24 00:23    --------    d-----w-    c:\program files\iTunes
2013-06-09 20:40 . 2013-06-24 00:23    --------    d-----w-    c:\program files (x86)\iTunes
2013-06-09 20:40 . 2013-06-09 20:41    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 16:07 . 2012-07-02 12:04    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-06-12 15:17 . 2012-06-16 06:39    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:17 . 2012-06-16 06:39    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 09:14 . 2012-07-03 14:15    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-21 05:44 . 2013-04-22 10:00    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-05-02 15:29 . 2012-06-13 20:35    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-01 06:09 . 2013-05-01 06:09    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-05-01 06:09 . 2013-05-01 06:09    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 06:09 . 2013-05-01 06:09    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-01 06:09 . 2013-05-01 06:09    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-05-01 06:09 . 2013-05-01 06:09    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 06:09 . 2013-05-01 06:09    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-05-01 06:09 . 2013-05-01 06:09    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-05-01 06:09 . 2013-05-01 06:09    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-05-01 06:09 . 2013-05-01 06:09    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-05-01 06:09 . 2013-05-01 06:09    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-05-01 06:09 . 2013-05-01 06:09    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-05-01 06:09 . 2013-05-01 06:09    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 06:09 . 2013-05-01 06:09    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 06:09 . 2013-05-01 06:09    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-05-01 06:09 . 2013-05-01 06:09    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-05-01 06:09 . 2013-05-01 06:09    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-05-01 06:09 . 2013-05-01 06:09    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-05-01 06:09 . 2013-05-01 06:09    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-05-01 06:09 . 2013-05-01 06:09    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-05-01 06:09 . 2013-05-01 06:09    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-05-01 06:09 . 2013-05-01 06:09    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-05-01 06:09 . 2013-05-01 06:09    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-05-01 06:09 . 2013-05-01 06:09    441856    ----a-w-    c:\windows\system32\html.iec
2013-05-01 06:09 . 2013-05-01 06:09    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-05-01 06:09 . 2013-05-01 06:09    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-05-01 06:09 . 2013-05-01 06:09    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-05-01 06:09 . 2013-05-01 06:09    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-05-01 06:09 . 2013-05-01 06:09    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-01 06:09 . 2013-05-01 06:09    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-01 06:09 . 2013-05-01 06:09    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-05-01 06:09 . 2013-05-01 06:09    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-05-01 06:09 . 2013-05-01 06:09    235008    ----a-w-    c:\windows\system32\url.dll
2013-05-01 06:09 . 2013-05-01 06:09    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-01 06:09 . 2013-05-01 06:09    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-05-01 06:09 . 2013-05-01 06:09    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-01 06:09 . 2013-05-01 06:09    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-01 06:09 . 2013-05-01 06:09    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-01 06:09 . 2013-05-01 06:09    149504    ----a-w-    c:\windows\system32\occache.dll
2013-05-01 06:09 . 2013-05-01 06:09    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-05-01 06:09 . 2013-05-01 06:09    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-05-01 06:09 . 2013-05-01 06:09    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-05-01 06:09 . 2013-05-01 06:09    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-01 06:09 . 2013-05-01 06:09    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-05-01 06:09 . 2013-05-01 06:09    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-05-01 06:09 . 2013-05-01 06:09    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-05-01 06:09 . 2013-05-01 06:09    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-05-01 06:09 . 2013-05-01 06:09    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 06:09 . 2013-05-01 06:09    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-01 06:09 . 2013-05-01 06:08    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-01 01:59 . 2013-05-01 01:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-20 07:27 . 2013-04-20 07:27    14880256    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
2013-04-13 05:49 . 2013-05-16 07:37    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 07:37    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 07:37    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 07:37    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 07:37    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 07:37    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 06:49    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 07:37    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 07:37    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 07:36    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-04-02 14:09 . 2013-04-02 14:09    4550656    ----a-w-    c:\windows\SysWow64\GPhotos.scr
2013-03-29 00:53 . 2013-03-29 00:53    246072    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe" [2009-09-06 1893728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SwiftToDoList"="c:\users\Susan\AppData\Local\Swift To-Do List\Swift To-Do List.exe" [2013-02-22 9202512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-05-21 1226928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-4-20 14880256]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-4-20 14880256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 15:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Susan\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Susan\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\
FF - prefs.js: browser.startup.homepage - hxxp://www.washingtonpost.com/
FF - ExtSQL: 2013-05-20 17:02; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-05-20 22:56; support@lastpass.com; c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\support@lastpass.com
FF - ExtSQL: 2013-05-25 10:06; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-25 10:08; adblockpopups@jessehakanen.net; c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-06-24 14:09; ALone-live@ya.ru; c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\ALone-live@ya.ru
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-25  17:52:20
ComboFix-quarantined-files.txt  2013-06-25 15:52
.
Pre-Run: 311,276,224,512 bytes free
Post-Run: 336,238,399,488 bytes free
.
- - End Of File - - 866806E645E3879C22408E9853CAB04E
A36C5E4F47E84449FF07ED3517B43A31
 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 25 June 2013 - 11:09 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Cydista

Cydista
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 25 June 2013 - 12:28 PM

Ok, done:

 

ComboFix 13-06-24.01 - Susan 06/25/2013  18:51:24.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4056.2429 [GMT 2:00]
Running from: c:\users\Susan\Downloads\ComboFix.exe
Command switches used :: c:\users\Susan\Downloads\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\InstallMate
c:\programdata\InstallMate\{AFD77942-47B9-4C42-AEA9-0F9B74345BB4}\_Setup.dll
c:\programdata\InstallMate\{AFD77942-47B9-4C42-AEA9-0F9B74345BB4}\20130613134621.log
c:\programdata\InstallMate\{AFD77942-47B9-4C42-AEA9-0F9B74345BB4}\Custom.dll
c:\programdata\InstallMate\{AFD77942-47B9-4C42-AEA9-0F9B74345BB4}\Readme.txt
c:\programdata\InstallMate\{AFD77942-47B9-4C42-AEA9-0F9B74345BB4}\Setup.dat
c:\programdata\InstallMate\{AFD77942-47B9-4C42-AEA9-0F9B74345BB4}\Setup.exe
c:\programdata\InstallMate\{AFD77942-47B9-4C42-AEA9-0F9B74345BB4}\Setup.ico
c:\programdata\InstallMate\{AFD77942-47B9-4C42-AEA9-0F9B74345BB4}\TsuDll.dll
c:\programdata\StarApp
c:\programdata\Vauddix
c:\programdata\Vauddix\51b9b19ab0366.tlb
c:\programdata\Vauddix\settings.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-25 to 2013-06-25  )))))))))))))))))))))))))))))))
.
.
2013-06-25 16:57 . 2013-06-25 16:57    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-06-25 16:57 . 2013-06-25 16:57    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-25 16:57 . 2013-06-25 16:57    --------    d-----w-    c:\users\Arnaud\AppData\Local\temp
2013-06-25 15:58 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE243A43-4D2C-44D7-AA41-F8B48A80D78E}\mpengine.dll
2013-06-24 20:02 . 2013-06-24 21:30    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-24 15:47 . 2013-06-25 08:54    --------    d-----w-    c:\users\Susan\AppData\Local\Deployment
2013-06-24 12:37 . 2013-06-24 12:37    --------    d-----w-    c:\users\Susan\AppData\Local\VirtualStore
2013-06-24 00:01 . 2013-06-24 00:01    --------    d-----w-    c:\users\Susan\AppData\Roaming\Malwarebytes
2013-06-24 00:01 . 2013-06-24 00:01    --------    d-----w-    c:\programdata\Malwarebytes
2013-06-24 00:01 . 2013-06-24 00:23    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-24 00:01 . 2013-04-04 12:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-24 00:01 . 2013-06-24 00:01    --------    d-----w-    c:\users\Susan\AppData\Local\Programs
2013-06-23 23:53 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 05:35 . 2013-06-21 05:35    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39F59C0D-826D-43DA-BCC9-476BF8712F2C}\gapaengine.dll
2013-06-12 16:07 . 2013-05-17 01:25    257536    ----a-w-    c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 16:06 . 2013-05-17 00:59    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-06-09 20:41 . 2013-06-09 20:41    --------    d-----w-    c:\program files\iPod
2013-06-09 20:40 . 2013-06-24 00:23    --------    d-----w-    c:\program files\iTunes
2013-06-09 20:40 . 2013-06-24 00:23    --------    d-----w-    c:\program files (x86)\iTunes
2013-06-09 20:40 . 2013-06-09 20:41    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-27 16:14 . 2013-05-27 16:14    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-27 16:14 . 2013-05-27 16:13    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 16:07 . 2012-07-02 12:04    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-06-12 15:17 . 2012-06-16 06:39    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:17 . 2012-06-16 06:39    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 09:14 . 2012-07-03 14:15    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-21 05:44 . 2013-04-22 10:00    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-05-02 15:29 . 2012-06-13 20:35    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-01 06:09 . 2013-05-01 06:09    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-05-01 06:09 . 2013-05-01 06:09    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 06:09 . 2013-05-01 06:09    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-01 06:09 . 2013-05-01 06:09    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-05-01 06:09 . 2013-05-01 06:09    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 06:09 . 2013-05-01 06:09    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-05-01 06:09 . 2013-05-01 06:09    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-05-01 06:09 . 2013-05-01 06:09    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-05-01 06:09 . 2013-05-01 06:09    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-05-01 06:09 . 2013-05-01 06:09    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-05-01 06:09 . 2013-05-01 06:09    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-05-01 06:09 . 2013-05-01 06:09    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 06:09 . 2013-05-01 06:09    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 06:09 . 2013-05-01 06:09    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-05-01 06:09 . 2013-05-01 06:09    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-05-01 06:09 . 2013-05-01 06:09    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-05-01 06:09 . 2013-05-01 06:09    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-05-01 06:09 . 2013-05-01 06:09    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-05-01 06:09 . 2013-05-01 06:09    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-05-01 06:09 . 2013-05-01 06:09    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-05-01 06:09 . 2013-05-01 06:09    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-05-01 06:09 . 2013-05-01 06:09    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-05-01 06:09 . 2013-05-01 06:09    441856    ----a-w-    c:\windows\system32\html.iec
2013-05-01 06:09 . 2013-05-01 06:09    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-05-01 06:09 . 2013-05-01 06:09    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-05-01 06:09 . 2013-05-01 06:09    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-05-01 06:09 . 2013-05-01 06:09    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-05-01 06:09 . 2013-05-01 06:09    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-01 06:09 . 2013-05-01 06:09    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-01 06:09 . 2013-05-01 06:09    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-05-01 06:09 . 2013-05-01 06:09    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-05-01 06:09 . 2013-05-01 06:09    235008    ----a-w-    c:\windows\system32\url.dll
2013-05-01 06:09 . 2013-05-01 06:09    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-01 06:09 . 2013-05-01 06:09    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-05-01 06:09 . 2013-05-01 06:09    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-01 06:09 . 2013-05-01 06:09    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-01 06:09 . 2013-05-01 06:09    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-01 06:09 . 2013-05-01 06:09    149504    ----a-w-    c:\windows\system32\occache.dll
2013-05-01 06:09 . 2013-05-01 06:09    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-05-01 06:09 . 2013-05-01 06:09    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-05-01 06:09 . 2013-05-01 06:09    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-05-01 06:09 . 2013-05-01 06:09    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-01 06:09 . 2013-05-01 06:09    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-05-01 06:09 . 2013-05-01 06:09    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-05-01 06:09 . 2013-05-01 06:09    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-05-01 06:09 . 2013-05-01 06:09    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-05-01 06:09 . 2013-05-01 06:09    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 06:09 . 2013-05-01 06:09    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-01 06:09 . 2013-05-01 06:08    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-01 01:59 . 2013-05-01 01:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-20 07:27 . 2013-04-20 07:27    14880256    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
2013-04-13 05:49 . 2013-05-16 07:37    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 07:37    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 07:37    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 07:37    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 07:37    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 07:37    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 06:49    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 07:37    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 07:37    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 07:36    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-04-02 14:09 . 2013-04-02 14:09    4550656    ----a-w-    c:\windows\SysWow64\GPhotos.scr
2013-03-29 00:53 . 2013-03-29 00:53    246072    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe" [2009-09-06 1893728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SwiftToDoList"="c:\users\Susan\AppData\Local\Swift To-Do List\Swift To-Do List.exe" [2013-02-22 9202512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-05-21 1226928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-4-20 14880256]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-4-20 14880256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-25 16:37    1165776    ----a-w-    c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 15:17]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-25 16:36]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-25 16:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Susan\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Susan\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\
FF - prefs.js: browser.startup.homepage - hxxp://www.washingtonpost.com/
FF - ExtSQL: 2013-05-20 17:02; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-05-20 22:56; support@lastpass.com; c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\support@lastpass.com
FF - ExtSQL: 2013-05-25 10:06; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-25 10:08; adblockpopups@jessehakanen.net; c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-06-24 14:09; ALone-live@ya.ru; c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\kl3wsu1i.default-1369079792430\extensions\ALone-live@ya.ru
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-{E7823D4C-88D6-3514-E66C-032C3EED837E} - c:\progra~3\INSTAL~1\{AFD77~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-25  18:59:21
ComboFix-quarantined-files.txt  2013-06-25 16:59
ComboFix2.txt  2013-06-25 15:52
.
Pre-Run: 335,748,911,104 bytes free
Post-Run: 335,699,226,624 bytes free
.
- - End Of File - - 9B46A09A69176234B1BE32AA5C00CD5C
A36C5E4F47E84449FF07ED3517B43A31
 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 25 June 2013 - 12:43 PM

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Cydista

Cydista
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 25 June 2013 - 02:22 PM

Done.  The result: "No found threats", and it didn't give me the option to export any log file......

 

????



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 26 June 2013 - 05:06 AM

Yes, thats the case when no malware is found.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Cydista

Cydista
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 26 June 2013 - 11:18 AM

Hi Marius,

 

Sorry this took so long- no school on Wednesdays here, so I was out running the kids all day.

 

Looks like it deleted some files.  Good! But- I'm a bit concerned about the AVG things, since that's my virus checker.....are these craftily named malware, or something I need to reload then from AVG?

 

Here's the file:

 

# AdwCleaner v2.303 - Logfile created 06/26/2013 at 18:11:02
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Susan - SUSAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Susan\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [13438 octets] - [26/06/2013 18:09:35]
AdwCleaner[S1].txt - [13751 octets] - [26/06/2013 18:11:02]

########## EOF - C:\AdwCleaner[S1].txt - [13812 octets] ##########
 



#14 Cydista

Cydista
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 26 June 2013 - 11:30 AM

And the SecurityCheck file:

 

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
Microsoft Security Essentials     
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0)
 Mozilla Thunderbird (17.0.6)
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 26 June 2013 - 11:44 AM

You´re all clean now! :)

 

 

Adobe Reader update


Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools.
Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

Uninstall our tools.
Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users