Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vaudix Class Malware Add-on Removal


  • This topic is locked This topic is locked
21 replies to this topic

#1 angelfire3383

angelfire3383

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 09 July 2013 - 09:58 AM

I have the "Vaudix Class" add on and I think it is responsible for my pop ups and for placing extra adds on sites like Google and Youtube.

 

I have followed the directions in the two posts from other users reguarding similar issues but come across a problem when it comes time to scan with a malware removal software.

 

This happens with both ESET and Malware Bytes Anti-Malware. The scan will go normally until the very last few files need to be scanned, the progress bar will be over 95% done, then it will stall. In the case of Malware Bytes, the timer stops as well. With ESET the timer continues for as long as I let it sit (nearly an hour) but the scan does not finish.

 

So, I need help. The Vaudix may not be my problem but I can't think of anything else it could be. Since I am unable to disable it in the add-on screen, it seems very suspicious.

 

Ang

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.25.2
Run by Steel at 9:50:39 on 2013-07-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4096.2624 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Vaudix Class: {C6F25059-27E7-5CB2-7079-D143BF02B6F6} -
BHO: {D9C8D61C-A7E4-4CA2-8427-CCAF098EB352} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe" /hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{EBDAA9F7-F01E-404A-9A22-34DC47F06B6D} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-30 14456]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2007-2-6 173344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R3 LVcKap64;Logitech AEC Driver;C:\Windows\System32\drivers\LVCKap64.sys [2007-2-6 1013024]
R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-6-17 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-5-5 79360]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-6 1255736]
.
=============== Created Last 30 ================
.
2013-07-08 20:14:57 -------- d-----w- C:\Program Files (x86)\ESET
2013-07-08 20:02:07 -------- d-----w- C:\$RECYCLE.BIN
2013-07-08 19:51:22 98816 ----a-w- C:\Windows\sed.exe
2013-07-08 19:51:22 256000 ----a-w- C:\Windows\PEV.exe
2013-07-08 19:51:22 208896 ----a-w- C:\Windows\MBR.exe
2013-07-08 19:44:32 -------- d-----w- C:\Windows\ERUNT
2013-07-08 19:44:26 -------- d-----w- C:\JRT
2013-07-05 14:50:12 -------- d-----w- C:\Users\Steel\AppData\Local\NVIDIA
2013-07-05 00:18:02 -------- d-----w- C:\Users\Steel\AppData\Roaming\Malwarebytes
2013-07-05 00:17:54 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-05 00:17:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-05 00:17:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 12:17:13 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-30 21:20:40 -------- d-----w- C:\Users\Steel\AppData\Roaming\LavasoftStatistics
2013-06-30 21:15:46 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-06-30 21:14:09 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-06-22 01:11:52 -------- d-----w- C:\Users\Steel\AppData\Local\CRE
2013-06-21 10:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-06-16 01:12:33 -------- d-----w- C:\Program Files\XtremeTuner Plus
2013-06-16 00:59:51 1510176 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-06-16 00:59:50 15144928 ----a-w- C:\Windows\System32\nvd3dumx.dll
2013-06-16 00:59:50 1059560 ----a-w- C:\Windows\System32\nvumdshimx.dll
2013-06-16 00:59:49 2936208 ----a-w- C:\Windows\System32\nvapi64.dll
2013-06-16 00:56:34 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-13 11:01:10 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-12 12:26:18 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 12:26:17 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 12:26:16 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 12:26:15 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-12 12:26:15 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-12 12:26:15 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-12 12:26:14 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-12 12:26:14 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-12 12:26:14 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-12 12:26:14 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 12:26:14 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-12 12:26:14 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-12 12:26:14 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M  ====================
.
2013-07-02 12:17:05 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-02 12:17:05 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-12 00:36:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 00:36:29 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-30 11:03:51 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH:  9:51:23.22 ===============
 

Attached Files


Edited by angelfire3383, 09 July 2013 - 11:19 AM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:54 PM

Posted 09 July 2013 - 03:43 PM

Good evening. :)

Given that it has an entry in your Installed Programs list, have you tried to uninstall it?


So long, and thanks for all the fish.

 

 


#3 angelfire3383

angelfire3383
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 10 July 2013 - 06:49 AM

The "program" said it was installed in 2011 which was much earlier than this problem started.

 

I attempted to remove it anyway and it said "An error occurred while trying to uninstall. Would you like to remove Vaudix from the program and feature list?" (or something like that) I clicked yes.

 

The add-on is still listed in my browser list and is still unable to be disabled.

 

I am still not positive it is the culprit but seeing as others had trouble with it and it won't all itself to be disabled, it sounds like it shouldn't be there.

 

Ang



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:54 PM

Posted 10 July 2013 - 02:32 PM

Good evening. :)

Are you having the issue with any particular browser, or all of those that you have installed?


So long, and thanks for all the fish.

 

 


#5 angelfire3383

angelfire3383
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 10 July 2013 - 06:00 PM

IE is the only one used, so I haven't checked Chrome. I'm really not sure why Chrome is on there.

 

After running the scans that were suggested in the other posts about Vaudix, the adds seem to have stopped appearing on sites where they were not supposed to (ad choices was the "company" that seemed to put them on there) and the pop ups have stopped.

 

But, there is still something amiss because I have yet to be able to successfully run a complete  malware scan, as stated in the OP. It gets near done then just stalls. That sounds like something is still there messing things up.



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:54 PM

Posted 11 July 2013 - 02:33 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.

* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.
 


So long, and thanks for all the fish.

 

 


#7 angelfire3383

angelfire3383
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 12 July 2013 - 07:05 AM

I will do this as soon as possible. With my schedule the next few days, it may not be until Monday.



#8 angelfire3383

angelfire3383
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 15 July 2013 - 07:47 AM

The computer seems to be acting fine, but I would still like to complete the process to see what happens when we try the malware scan.

 

As far as the log of combofix, here you go.

 

ComboFix 13-07-14.01 - Steel 07/15/2013   7:34.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4096.2878 [GMT -5:00]
Running from: c:\users\Steel\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-15 to 2013-07-15  )))))))))))))))))))))))))))))))
.
.
2013-07-15 12:44 . 2013-07-15 12:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-15 12:44 . 2013-07-15 12:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-10 13:18 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 13:17 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 13:17 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-08 20:14 . 2013-07-08 20:14 -------- d-----w- c:\program files (x86)\ESET
2013-07-08 19:44 . 2013-07-08 19:44 -------- d-----w- c:\windows\ERUNT
2013-07-08 19:44 . 2013-07-08 19:44 -------- d-----w- C:\JRT
2013-07-08 14:51 . 2013-07-11 11:08 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-05 14:50 . 2013-07-05 14:50 -------- d-----w- c:\users\Steel\AppData\Local\NVIDIA
2013-07-05 14:44 . 2013-07-05 14:44 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-07-05 00:18 . 2013-07-05 00:18 -------- d-----w- c:\users\Steel\AppData\Roaming\Malwarebytes
2013-07-05 00:17 . 2013-07-05 00:17 -------- d-----w- c:\programdata\Malwarebytes
2013-07-05 00:17 . 2013-07-05 00:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-05 00:17 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-02 12:17 . 2013-07-02 12:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-02 12:17 . 2013-07-02 12:17 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-02 12:17 . 2013-07-02 12:17 -------- d-----w- c:\program files (x86)\Java
2013-06-30 21:20 . 2013-06-30 21:20 -------- d-----w- c:\users\Steel\AppData\Roaming\LavasoftStatistics
2013-06-30 21:15 . 2013-06-30 21:15 -------- d-----w- c:\programdata\Downloaded Installations
2013-06-30 21:14 . 2013-06-30 21:14 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-26 11:29 . 2013-06-26 11:29 -------- d-----w- c:\users\Steel\AppData\Roaming\Oracle
2013-06-22 01:11 . 2013-06-22 01:11 -------- d-----w- c:\users\Steel\AppData\Local\CRE
2013-06-21 10:16 . 2013-06-21 10:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-06-16 01:12 . 2013-06-16 01:12 -------- d-----w- c:\program files\XtremeTuner Plus
2013-06-16 00:59 . 2013-01-29 08:35 1510176 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-06-16 00:59 . 2013-06-21 12:06 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-06-16 00:59 . 2013-06-21 12:06 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-06-16 00:59 . 2013-06-21 12:06 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-16 00:56 . 2013-06-20 04:17 3253909 ----a-w- c:\windows\system32\nvcoproc.bin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-02 12:17 . 2012-10-13 02:40 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-02 12:17 . 2012-10-13 02:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-21 12:06 . 2013-02-26 05:32 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-26 05:32 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-26 05:32 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 10:23 . 2011-07-03 11:45 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2011-07-03 11:45 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2011-07-03 11:45 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2011-07-03 11:45 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2011-07-03 11:45 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-12 00:36 . 2012-05-09 12:31 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 00:36 . 2011-10-24 22:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 11:23 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 12:26 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 12:26 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 12:26 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 12:26 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 12:26 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 12:26 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 12:26 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 12:26 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:26 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:26 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-08 06:39 . 2013-06-12 12:26 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-04-30 11:05 . 2013-04-30 11:05 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 11:05 . 2013-04-30 11:05 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 11:05 . 2013-04-30 11:05 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 11:05 . 2013-04-30 11:05 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 11:05 . 2013-04-30 11:05 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 11:05 . 2013-04-30 11:05 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 11:05 . 2013-04-30 11:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 11:05 . 2013-04-30 11:05 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 11:05 . 2013-04-30 11:05 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 11:05 . 2013-04-30 11:05 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 11:05 . 2013-04-30 11:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 11:05 . 2013-04-30 11:05 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 11:05 . 2013-04-30 11:05 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 11:05 . 2013-04-30 11:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 11:05 . 2013-04-30 11:05 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 11:05 . 2013-04-30 11:05 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 11:05 . 2013-04-30 11:05 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 11:05 . 2013-04-30 11:05 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 11:05 . 2013-04-30 11:05 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 11:05 . 2013-04-30 11:05 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 11:05 . 2013-04-30 11:05 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 11:05 . 2013-04-30 11:05 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 11:05 . 2013-04-30 11:05 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 11:05 . 2013-04-30 11:05 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 11:05 . 2013-04-30 11:05 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 11:05 . 2013-04-30 11:05 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 11:05 . 2013-04-30 11:05 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 11:05 . 2013-04-30 11:05 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 11:05 . 2013-04-30 11:05 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 11:05 . 2013-04-30 11:05 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 11:05 . 2013-04-30 11:05 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 11:05 . 2013-04-30 11:05 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 11:05 . 2013-04-30 11:05 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 11:05 . 2013-04-30 11:05 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 11:05 . 2013-04-30 11:05 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 11:05 . 2013-04-30 11:05 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 11:05 . 2013-04-30 11:05 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-30 11:05 . 2013-04-30 11:05 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 11:05 . 2013-04-30 11:05 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 11:05 . 2013-04-30 11:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 11:05 . 2013-04-30 11:05 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 11:05 . 2013-04-30 11:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 11:05 . 2013-04-30 11:05 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 11:05 . 2013-04-30 11:05 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 11:05 . 2013-04-30 11:05 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 11:05 . 2013-04-30 11:05 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 11:05 . 2013-04-30 11:05 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 11:05 . 2013-04-30 11:05 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 11:05 . 2013-04-30 11:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 11:03 . 2013-04-30 11:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 11:03 . 2013-04-30 11:03 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-30 11:03 . 2013-04-30 11:03 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-30 11:03 . 2013-04-30 11:03 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-30 11:03 . 2013-04-30 11:03 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-30 11:03 . 2013-04-30 11:03 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-30 11:03 . 2013-04-30 11:03 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-30 11:03 . 2013-04-30 11:03 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-30 11:03 . 2013-04-30 11:03 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-30 11:03 . 2013-04-30 11:03 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}]
c:\programdata\Vaudix\50a1846767851.ocx [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-01 3077528]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-01-12 295072]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys;c:\windows\SYSNATIVE\DRIVERS\LVcKap64.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 13:21 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 00:36]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-27 04:06]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-27 04:06]
.
2013-07-14 c:\windows\Tasks\ReclaimerUpdateFiles_Steel.job
- c:\users\Steel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-17 22:08]
.
2013-07-15 c:\windows\Tasks\ReclaimerUpdateXML_Steel.job
- c:\users\Steel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-17 22:08]
.
2013-07-11 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Steel.job
- c:\users\Steel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-17 22:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D9C8D61C-A7E4-4CA2-8427-CCAF098EB352} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-{84518F1D-E6A6-7507-ABD4-B14CBD62F542} - c:\progra~3\INSTAL~1\{53B1D~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-193701912-653148656-1276361212-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-15  07:46:36
ComboFix-quarantined-files.txt  2013-07-15 12:46
ComboFix2.txt  2013-07-08 20:06
.
Pre-Run: 345,870,000,128 bytes free
Post-Run: 346,424,537,088 bytes free
.
- - End Of File - - 328C565A27468C7BBC635AAE2EBB8EE6
A36C5E4F47E84449FF07ED3517B43A31
 



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:54 PM

Posted 15 July 2013 - 02:03 PM

Good evening.

 

I would still like to complete the process to see what happens when we try the malware scan.

So go ahead and scan.

 


So long, and thanks for all the fish.

 

 


#10 angelfire3383

angelfire3383
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 16 July 2013 - 10:33 AM

Ran the scan and it completed, which is an improvement. Didn't find any malware, which is also good.

 

Vaudix Class is still in the add-on list and still enabled and not able to be disabled but the ads are gone, so I guess its not a threat (?).

 

The computer seems to be running fine.

 

If you know something I don't about that add-on, then we can proceed. If not, thank you for your time and patience. :)



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:54 PM

Posted 16 July 2013 - 02:19 PM

Good evening. :)

Open IE, find the entry in there and double click it - you should see a little window open with some information about it in there. Click the Copy button ad then paste the results into your next reply.


So long, and thanks for all the fish.

 

 


#12 angelfire3383

angelfire3383
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 17 July 2013 - 06:51 AM

Here you go.

 

Name:                   Vaudix Class
Publisher:              Not Available
Type:                   Browser Helper Object
Architecture:           32-bit
Version:                Not available
File date:              Not available
Date last accessed:     ‎Today, ‎July ‎17, ‎2013, ‏‎6:49 AM
Class ID:               {C6F25059-27E7-5CB2-7079-D143BF02B6F6}
Use count:              59
Block count:            0
File:                   50a1846767851.ocx
Folder:                 C:\ProgramData\Vaudix
 

As far as the folder it says its in, I don't see it when I go to that directory.



#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:54 PM

Posted 17 July 2013 - 02:53 PM

Good evening. :)

Download RegScanner by NirSoft from here and save it to your Desktop  - you'll need to unzip it afterwards.
Once the folder opens, right click RegScanner.exe and select Run as administrator from the context menu that appears.
Copy and Paste the following into the Find String: box and click OK -

 

C6F25059-27E7-5CB2-7079-D143BF02B6F6

 

Once the scan has completed, the bottom of the window will stop showing changing text, click Edit > Select All then Edit > Copy Selected Items and then paste the results into your next reply.
 

 

 


So long, and thanks for all the fish.

 

 


#14 angelfire3383

angelfire3383
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 20 July 2013 - 06:55 AM

HKCU\Software\Microsoft\Internet Explorer\Approved Extensions {C6F25059-27E7-5CB2-7079-D143BF02B6F6} REG_BINARY 51 66 7A 6C 4C 1D 3B 1B 49 4F E9 DC D7 74 DC 18 6D 70 8E 18 BA 42 F2 EE 7/19/2013 10:28:15 PM 24 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C6F25059-27E7-5CB2-7079-D143BF02B6F6} Flags REG_DWORD 0x00000400 (1024) 7/8/2013 3:07:11 PM 4 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\iexplore Type REG_DWORD 0x00000003 (3) 7/20/2013 6:52:43 AM 4 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\iexplore Flags REG_DWORD 0x00000000 (0) 7/20/2013 6:52:43 AM 4 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\iexplore Count REG_DWORD 0x00000052 (82) 7/20/2013 6:52:43 AM 4 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\iexplore Time REG_BINARY DD 07 07 00 06 00 14 00 0B 00 34 00 2B 00 1C 02 7/20/2013 6:52:43 AM 16 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\iexplore LoadTimeArray REG_BINARY 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7/20/2013 6:52:43 AM 40 
HKLM\SOFTWARE\Classes\50a1846767851.ocx.50a1846767851.ocx.1.3\CLSID  REG_SZ {C6F25059-27E7-5CB2-7079-D143BF02B6F6} 11/12/2012 6:20:24 PM 39 
HKLM\SOFTWARE\Classes\50a1846767851.ocx.50a1846767851.ocx\CLSID  REG_SZ {C6F25059-27E7-5CB2-7079-D143BF02B6F6} 11/12/2012 6:20:24 PM 39 
HKLM\SOFTWARE\Classes\CLSID\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}  REG_SZ Vaudix Class 11/12/2012 6:20:24 PM 13 
HKLM\SOFTWARE\Classes\CLSID\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\InprocServer32  REG_SZ C:\ProgramData\Vaudix\50a1846767851.ocx 11/12/2012 6:20:24 PM 40 
HKLM\SOFTWARE\Classes\CLSID\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\InprocServer32 ThreadingModel REG_SZ Apartment 11/12/2012 6:20:24 PM 10 
HKLM\SOFTWARE\Classes\CLSID\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\ProgID  REG_SZ 50a1846767851.ocx.1.3 11/12/2012 6:20:24 PM 22 
HKLM\SOFTWARE\Classes\CLSID\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\VersionIndependentProgID  REG_SZ 50a1846767851.ocx 11/12/2012 6:20:24 PM 18 
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}  REG_SZ Vaudix Class 11/12/2012 6:20:24 PM 13 
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\InprocServer32  REG_SZ C:\ProgramData\Vaudix\50a1846767851.ocx 11/12/2012 6:20:24 PM 40 
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\InprocServer32 ThreadingModel REG_SZ Apartment 11/12/2012 6:20:24 PM 10 
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\ProgID  REG_SZ 50a1846767851.ocx.1.3 11/12/2012 6:20:24 PM 22 
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}\VersionIndependentProgID  REG_SZ 50a1846767851.ocx 11/12/2012 6:20:24 PM 18 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C6F25059-27E7-5CB2-7079-D143BF02B6F6}  REG_SZ Vaudix 7/15/2013 7:42:13 AM 7 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C6F25059-27E7-5CB2-7079-D143BF02B6F6} NoExplorer REG_DWORD 0x00000001 (1) 7/15/2013 7:42:13 AM 4 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID {C6F25059-27E7-5CB2-7079-D143BF02B6F6} REG_SZ 1 11/12/2012 6:20:24 PM 2 
 



#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:54 PM

Posted 21 July 2013 - 01:53 PM

Good evening. :)

All being well the easiest way to deal with this is to use another little tool - Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

The advantage this one has over DDS is that it can be used to remove items that appear in the log it produces.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users