Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox excessive ads with combofix report


  • This topic is locked This topic is locked
6 replies to this topic

#1 boylegend822

boylegend822

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 13 July 2013 - 08:47 PM

My firefox is plagued with ads. Hoping to remove them. Here is my combofix report. Pls help.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 14 July 2013 - 12:14 PM


Hello boylegend822

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 17 July 2013 - 12:29 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 boylegend822

boylegend822
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 17 July 2013 - 09:21 PM

ComboFix 13-07-13.01 - Tracy 3/2013 Sat  14:44:04.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.4044.1432 [GMT -4:00]
执行位置: c:\users\Tracy\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   被删除的档案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tracy\AppData\Roaming\SogouExplorer
.
.
(((((((((((((((((((((((((  2013-06-13 至 2013-07-13 的新的档案  )))))))))))))))))))))))))))))))
.
.
2013-07-13 18:18 . 2013-07-13 18:18    --------    d-----w-    C:\N360_BACKUP
2013-07-13 16:09 . 2013-07-13 16:09    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2013-06-26 18:48 . 2013-06-18 19:10    65536    ----a-w-    c:\program files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
2013-06-23 21:57 . 2013-06-23 21:57    0    ----a-w-    c:\windows\SysWow64\nsz6CAA.tmp
2013-06-23 21:57 . 2013-06-23 21:57    0    ----a-w-    c:\windows\system32\nse6CCA.tmp
2013-06-21 18:25 . 2013-06-21 18:26    --------    d---a-w-    C:\FactoryUpdate
2013-06-16 13:36 . 2013-06-08 12:28    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-06-16 13:36 . 2013-06-08 11:13    2706432    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-06-16 13:35 . 2013-06-08 11:41    218112    ----a-w-    c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-16 13:35 . 2013-06-08 14:08    279040    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2013-06-16 13:35 . 2013-06-08 14:08    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-06-16 13:35 . 2013-06-08 14:06    2648064    ----a-w-    c:\windows\system32\iertutil.dll
2013-06-16 13:35 . 2013-06-08 14:06    526336    ----a-w-    c:\windows\system32\ieui.dll
2013-06-16 13:35 . 2013-06-08 14:06    15404544    ----a-w-    c:\windows\system32\ieframe.dll
2013-06-16 13:35 . 2013-06-08 14:07    19233792    ----a-w-    c:\windows\system32\mshtml.dll
2013-06-14 16:24 . 2013-06-14 16:24    --------    d-----w-    c:\users\Tracy\AppData\Roaming\SogouInput
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-03 16:22 . 2012-07-27 13:16    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-03 16:22 . 2011-07-28 23:31    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 18:36 . 2012-11-03 20:39    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-05-17 01:25 . 2013-06-12 18:35    1767936    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-05-17 01:25 . 2013-06-12 18:35    2877440    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-05-17 01:25 . 2013-06-12 18:35    61440    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-05-17 01:25 . 2013-06-12 18:35    109056    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-05-17 00:59 . 2013-06-12 18:35    51712    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-05-17 00:59 . 2013-06-12 18:35    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-05-17 00:58 . 2013-06-12 18:35    603136    ----a-w-    c:\windows\system32\msfeeds.dll
2013-05-17 00:58 . 2013-06-12 18:35    855552    ----a-w-    c:\windows\system32\jscript.dll
2013-05-17 00:58 . 2013-06-12 18:35    3958784    ----a-w-    c:\windows\system32\jscript9.dll
2013-05-17 00:58 . 2013-06-12 18:35    53248    ----a-w-    c:\windows\system32\jsproxy.dll
2013-05-17 00:58 . 2013-06-12 18:35    67072    ----a-w-    c:\windows\system32\iesetup.dll
2013-05-17 00:58 . 2013-06-12 18:35    39936    ----a-w-    c:\windows\system32\iernonce.dll
2013-05-17 00:58 . 2013-06-12 18:35    136704    ----a-w-    c:\windows\system32\iesysprep.dll
2013-05-14 12:23 . 2013-06-12 18:35    89600    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-05-14 08:40 . 2013-06-12 18:35    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51 . 2013-06-12 13:22    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 13:22    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 13:22    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 13:22    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 13:22    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 13:22    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 13:22    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 13:22    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 13:22    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 13:22    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 13:22    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 13:22    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-05-10 00:53 . 2010-06-24 18:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 06:39 . 2013-06-12 13:22    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-04-30 04:35 . 2013-04-30 04:35    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 04:35 . 2013-04-30 04:35    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-04-30 04:35 . 2013-04-30 04:35    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-04-30 04:35 . 2013-04-30 04:35    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-04-30 04:35 . 2013-04-30 04:35    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-04-30 04:35 . 2013-04-30 04:35    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 04:35 . 2013-04-30 04:35    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 04:35 . 2013-04-30 04:35    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-04-30 04:35 . 2013-04-30 04:35    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-04-30 04:35 . 2013-04-30 04:35    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-04-30 04:35 . 2013-04-30 04:35    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-04-30 04:35 . 2013-04-30 04:35    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-04-30 04:35 . 2013-04-30 04:35    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-04-30 04:35 . 2013-04-30 04:35    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-04-30 04:35 . 2013-04-30 04:35    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-04-30 04:35 . 2013-04-30 04:35    441856    ----a-w-    c:\windows\system32\html.iec
2013-04-30 04:35 . 2013-04-30 04:35    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-04-30 04:35 . 2013-04-30 04:35    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-04-30 04:35 . 2013-04-30 04:35    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-04-30 04:35 . 2013-04-30 04:35    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-04-30 04:35 . 2013-04-30 04:35    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-04-30 04:35 . 2013-04-30 04:35    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-04-30 04:35 . 2013-04-30 04:35    235008    ----a-w-    c:\windows\system32\url.dll
2013-04-30 04:35 . 2013-04-30 04:35    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-04-30 04:35 . 2013-04-30 04:35    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-04-30 04:35 . 2013-04-30 04:35    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-04-30 04:35 . 2013-04-30 04:35    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-04-30 04:35 . 2013-04-30 04:35    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-04-30 04:35 . 2013-04-30 04:35    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-04-30 04:35 . 2013-04-30 04:35    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-04-30 04:35 . 2013-04-30 04:35    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-04-30 04:35 . 2013-04-30 04:35    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-30 04:35 . 2013-04-30 04:35    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-04-30 04:35 . 2013-04-30 04:35    149504    ----a-w-    c:\windows\system32\occache.dll
2013-04-30 04:35 . 2013-04-30 04:35    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-04-30 04:35 . 2013-04-30 04:35    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-04-30 04:35 . 2013-04-30 04:35    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-04-30 04:35 . 2013-04-30 04:35    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-04-30 04:35 . 2013-04-30 04:35    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-04-30 04:35 . 2013-04-30 04:35    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-04-30 04:35 . 2013-04-30 04:35    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-04-30 04:35 . 2013-04-30 04:35    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-04-30 04:35 . 2013-04-30 04:35    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-04-30 04:35 . 2013-04-30 04:35    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 04:35 . 2013-04-30 04:35    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-04-30 04:35 . 2013-04-30 04:35    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-04-30 04:35 . 2013-04-30 04:35    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 04:35 . 2013-04-30 04:35    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-04-30 04:35 . 2013-04-30 04:35    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-04-30 04:32 . 2013-04-30 04:32    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 04:32 . 2013-04-30 04:32    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 04:32 . 2013-04-30 04:32    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-04-30 04:32 . 2013-04-30 04:32    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 04:32 . 2013-04-30 04:32    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 04:32 . 2013-04-30 04:32    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 04:32 . 2013-04-30 04:32    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 04:32 . 2013-04-30 04:32    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-04-30 04:32 . 2013-04-30 04:32    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-04-30 04:32 . 2013-04-30 04:32    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-04-30 04:32 . 2013-04-30 04:32    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 04:32 . 2013-04-30 04:32    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 04:32 . 2013-04-30 04:32    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-04-30 04:32 . 2013-04-30 04:32    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-30 04:32 . 2013-04-30 04:32    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-04-30 04:32 . 2013-04-30 04:32    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 04:32 . 2013-04-30 04:32    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 04:32 . 2013-04-30 04:32    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 04:32 . 2013-04-30 04:32    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}]
2013-01-21 02:51    88520    ----a-w-    c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C865BED0-360E-4016-EA4A-3DF1F9FCB160}]
2013-01-21 02:20    1189392    ----a-w-    c:\program files (x86)\Thunder Network\Thunder\BBInside\{C865BED0-360E-4016-EA4A-3DF1F9FCB160}\AddressBar.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2012-11-14 11:32    251856    ----a-w-    c:\program files (x86)\Common Files\Thunder Network\Kankan\xappex.1.1.1.62.(376).dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ImeGuardCom"="c:\program files (x86)\SogouInput\Components\AddressSearch\1.0.0.1169\SGImeGuard.exe" [2013-03-29 314488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
   Ime File    REG_SZ             SOGOUPY.IME
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 ksfmonsys;ksfmonsys;c:\program files (x86)\KSafe\ksfmonsys64.sys;c:\program files (x86)\KSafe\ksfmonsys64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TcHardWare;TcHardWare;c:\program files (x86)\Tencent\QQPCMgr\6.8.2386.401\QQPCHW-x64.sys;c:\program files (x86)\Tencent\QQPCMgr\6.8.2386.401\QQPCHW-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130712.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130712.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1403010.016\SYMNETS.SYS [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe;c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 XLServicePlatform;XLServicePlatform;c:\windows\system32\svchost;c:\windows\SYSNATIVE\svchost [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
XLServicePlatform    REG_MULTI_SZ       XLServicePlatform
.
 ‘计划任务’ 文件夹 里的内容
.
2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 16:22]
.
2013-07-06 c:\windows\Tasks\HPCeeScheduleForTRACY-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-06-22 c:\windows\Tasks\HPCeeScheduleForTracy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}]
2013-01-21 02:51    628680    ----a-w-    c:\program files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.13.3882.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
.
------- 而外的扫描 -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &使用&迅雷下载 - c:\program files (x86)\Thunder Network\Thunder\BHO\geturl.htm
IE: &使用&迅雷下载全部链接 - c:\program files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
IE: &使用&迅雷离线下载 - c:\program files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
IE: &迅雷下载到手机 - http://static.u.155.com/shoulei/shouleidl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: 使用迅雷看看播放器播放 - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
IE: {{019c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
IE: {{119c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\f3mq2xjy.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=
.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-QQó??· - c:\program files (x86)\ìú??ó??·\QQGame\Uninstall.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2362385389-3999900152-277185027-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀N}廬
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\geturl.htm"
"Name"="xl_geturl"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-2362385389-3999900152-277185027-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀N}廻Q钀]
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\GetAllUrl.htm"
"Name"="xl_getallurl"
"Contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-2362385389-3999900152-277185027-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀粂縹N}廬
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\OfflineDownload.htm"
"Name"="xl_offlinedownload"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-2362385389-3999900152-277185027-1000\Software\Microsoft\Internet Explorer\MenuExt\&*艔鳀N}?RKb:g]
@Allowed: (Read) (RestrictedCode)
@="http://static.u.155.com/shoulei/shouleidl.htm"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-2362385389-3999900152-277185027-1000\Software\Q*Q*G*a*m*e* *鰱(u睌'Y\Ob]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]
"DisplayName"="QQ游戏"
"UninstallString"="c:\\Program Files (x86)\\ìúó·\\QQGame\\Uninstall.EXE"
"Publisher"="腾讯公司"
"DisplayIcon"="c:\\Program Files (x86)\\ìúó·\\QQGame\\QQGame.EXE"
"DisplayVersion"="2.5.201.90"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2013-07-13  14:57:11
ComboFix-quarantined-files.txt  2013-07-13 18:57
ComboFix2.txt  2013-04-28 20:37
.
Pre-Run: 521,266,937,856 bytes free
Post-Run: 520,995,643,392 bytes free
.
- - End Of File - - 4FF7EE8896C1F079F6BD5794A13F09EA
D41D8CD98F00B204E9800998ECF8427E
 



Sorry about all the Chinese characters. That's the default language of my unicode.



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 17 July 2013 - 09:47 PM


Hello boylegend822

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\f3mq2xjy.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=

 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 21 July 2013 - 09:30 PM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 24 July 2013 - 01:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users