Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help with Trojan Horse! Keeps redirecting in a new tab!


  • This topic is locked This topic is locked
9 replies to this topic

#1 theman121

theman121

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 23 July 2013 - 06:03 PM

Hi my computer seems infested with a trojan horse virus, keeps redirecting and wont let me update java. Please Help! thank you

 

below is the log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:56:46 PM, on 7/23/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)

FIREFOX: 22.0 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Users\Stealth\Desktop\Downloads\HijackThis.exe
C:\Windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Fast Free Converter 3.0 - {B75A1838-7232-4D19-9E57-C85F4A6D4193} - C:\PROGRA~1\FASTFR~1\FASTFR~1\FASTFR~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] c:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) - https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FastFreeConverterUpdt - Unknown owner - C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - C:\altera\qprogrammer\bin\JTAGServer.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device -   - C:\Windows\system32\lxcycoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: QBCFMonitorService - Intuit - c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 11388 bytes
 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 23 July 2013 - 10:10 PM


Hello theman121

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 theman121

theman121
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 24 July 2013 - 08:30 AM

Thank You Gringo! Below are the attached txt you need.

 

MBRCheck, version 1.2.3
© 2010, AD

Command-line:            
Windows Version:        Windows 7 Home Premium Edition
Windows Information:        Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer:    Wistron
BIOS Manufacturer:        Hewlett-Packard
System Manufacturer:        Hewlett-Packard
System Product Name:        Compaq Presario CQ60 Notebook PC
Logical Drives Mask:        0x0000001c

Kernel Drivers (total 202):
  0x82E38000 \SystemRoot\system32\ntkrnlpa.exe
  0x82E01000 \SystemRoot\system32\halmacpi.dll
  0x80BAD000 \SystemRoot\system32\kdcom.dll
  0x8A617000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x8A622000 \SystemRoot\system32\PSHED.dll
  0x8A633000 \SystemRoot\system32\BOOTVID.dll
  0x8A63B000 \SystemRoot\system32\CLFS.SYS
  0x8A67D000 \SystemRoot\system32\CI.dll
  0x8A728000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8A7A9000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8A7B7000 \SystemRoot\system32\drivers\ACPI.sys
  0x8A600000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8A609000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8A82B000 \SystemRoot\system32\drivers\pci.sys
  0x8A855000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x8A860000 \SystemRoot\System32\drivers\partmgr.sys
  0x8A871000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A881000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A8CC000 \SystemRoot\system32\drivers\pciide.sys
  0x8A8D3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8A8E1000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8A8E9000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A8F4000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A90A000 \SystemRoot\system32\drivers\atapi.sys
  0x8A913000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A936000 \SystemRoot\system32\drivers\amdxata.sys
  0x8A93F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A973000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8AA12000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8AB41000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8AB6C000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AB7F000 \SystemRoot\System32\Drivers\cng.sys
  0x8ABDC000 \SystemRoot\System32\drivers\pcw.sys
  0x8ABEA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8AC08000 \SystemRoot\system32\drivers\ndis.sys
  0x8ACBF000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8ACFD000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8AE1B000 \SystemRoot\System32\drivers\tcpip.sys
  0x8AF67000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8AF98000 \SystemRoot\system32\drivers\volsnap.sys
  0x8AFD7000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AD22000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8AFDF000 \SystemRoot\System32\Drivers\mup.sys
  0x8AFEF000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8AD4F000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8AE00000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8AD81000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8ADA6000 \SystemRoot\System32\Drivers\avgrkx86.sys
  0x8AE11000 \SystemRoot\System32\Drivers\AVGIDSErHr.sys
  0x8ADDB000 \SystemRoot\system32\drivers\cdrom.sys
  0x8AC00000 \SystemRoot\System32\Drivers\Null.SYS
  0x8ABF3000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8AA00000 \SystemRoot\System32\drivers\vga.sys
  0x8A984000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8A9A5000 \SystemRoot\System32\drivers\watchdog.sys
  0x8A9B2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8A9BA000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8A9C2000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8A9CA000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8A9D5000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8A9E3000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8A800000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x9021C000 \SystemRoot\System32\Drivers\avgtdix.sys
  0x90256000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90288000 \SystemRoot\system32\drivers\afd.sys
  0x902E2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x902E9000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90308000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x90319000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x90327000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x9033A000 \SystemRoot\system32\drivers\termdd.sys
  0x9034B000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x9038C000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x90396000 \SystemRoot\system32\drivers\mssmbios.sys
  0x903A0000 \SystemRoot\System32\drivers\discache.sys
  0x903AC000 \SystemRoot\System32\Drivers\dfsc.sys
  0x903C4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x903D2000 \SystemRoot\System32\Drivers\avgmfx86.sys
  0x90A24000 \SystemRoot\System32\Drivers\avgldx86.sys
  0x90A58000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x90A79000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x90A8A000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x90A93000 \SystemRoot\system32\drivers\i8042prt.sys
  0x90AAB000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
  0x90AB4000 \SystemRoot\system32\drivers\kbdclass.sys
  0x90AC1000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x90AF1000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x90AF3000 \SystemRoot\system32\drivers\mouclass.sys
  0x90B00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x90B04000 \SystemRoot\system32\DRIVERS\nvsmu.sys
  0x90B0C000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x90B16000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x90B61000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x90B70000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x90B8F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x90B95000 \SystemRoot\system32\DRIVERS\nvmf6232.sys
  0x92A3F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x934BD000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x934BF000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x93576000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9820C000 \SystemRoot\system32\DRIVERS\athr.sys
  0x98339000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x98343000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x98350000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x98362000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x9837A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x98385000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x983A7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x983BF000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x983D6000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x983ED000 \SystemRoot\system32\drivers\swenum.sys
  0x935AF000 \SystemRoot\system32\drivers\ks.sys
  0x983EF000 \SystemRoot\system32\drivers\umbus.sys
  0x99032000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x99076000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x99087000 \SystemRoot\system32\drivers\CHDRT32.sys
  0x990C2000 \SystemRoot\system32\drivers\portcls.sys
  0x990F1000 \SystemRoot\system32\drivers\drmk.sys
  0x9910A000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x9A223000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x9A325000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x9A3DA000 \SystemRoot\system32\drivers\modem.sys
  0x9A200000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x9A3E7000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x82020000 \SystemRoot\System32\win32k.sys
  0x99147000 \SystemRoot\System32\drivers\Dxapi.sys
  0x99151000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x9915E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x99169000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x99172000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x82290000 \SystemRoot\System32\TSDDD.dll
  0x822C0000 \SystemRoot\System32\cdd.dll
  0x822E0000 \SystemRoot\System32\ATMFD.DLL
  0x9918E000 \SystemRoot\system32\drivers\luafv.sys
  0x991A9000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x991B9000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x99000000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x99010000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9A3FA000 \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys
  0x99023000 \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys
  0x9FA2D000 \SystemRoot\system32\drivers\HTTP.sys
  0x9FAB2000 \SystemRoot\system32\DRIVERS\vwifimp.sys
  0x9FABB000 \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys
  0x9FAE3000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9FB04000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9FB1D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9FB40000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9FB7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9FB96000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA1435000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA149F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA14A3000 \SystemRoot\system32\drivers\peauth.sys
  0xA153A000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA1544000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA1551000 \SystemRoot\system32\DRIVERS\XAudio32.sys
  0xA15C3000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xA15CC000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x76DC0000 \Windows\System32\ntdll.dll
  0x47D20000 \Windows\System32\smss.exe
  0x77000000 \Windows\System32\apisetschema.dll
  0x00CD0000 \Windows\System32\autochk.exe
  0x76F50000 \Windows\System32\usp10.dll
  0x76C00000 \Windows\System32\wininet.dll
  0x76B50000 \Windows\System32\rpcrt4.dll
  0x76AC0000 \Windows\System32\oleaut32.dll
  0x76F10000 \Windows\System32\ws2_32.dll
  0x76A60000 \Windows\System32\shlwapi.dll
  0x76A40000 \Windows\System32\sechost.dll
  0x76990000 \Windows\System32\msvcrt.dll
  0x76860000 \Windows\System32\urlmon.dll
  0x75C10000 \Windows\System32\shell32.dll
  0x75B40000 \Windows\System32\user32.dll
  0x759E0000 \Windows\System32\ole32.dll
  0x76F00000 \Windows\System32\psapi.dll
  0x75960000 \Windows\System32\comdlg32.dll
  0x75760000 \Windows\System32\iertutil.dll
  0x75680000 \Windows\System32\kernel32.dll
  0x75650000 \Windows\System32\imagehlp.dll
  0x75580000 \Windows\System32\msctf.dll
  0x753E0000 \Windows\System32\setupapi.dll
  0x753D0000 \Windows\System32\lpk.dll
  0x75340000 \Windows\System32\clbcatq.dll
  0x752E0000 \Windows\System32\difxapi.dll
  0x75240000 \Windows\System32\advapi32.dll
  0x75230000 \Windows\System32\normaliz.dll
  0x751E0000 \Windows\System32\Wldap32.dll
  0x751C0000 \Windows\System32\imm32.dll
  0x751B0000 \Windows\System32\nsi.dll
  0x75160000 \Windows\System32\gdi32.dll
  0x75150000 \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
  0x75100000 \Windows\System32\KernelBase.dll
  0x750E0000 \Windows\System32\devobj.dll
  0x750D0000 \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
  0x75040000 \Windows\System32\comctl32.dll
  0x75010000 \Windows\System32\wintrust.dll
  0x75000000 \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
  0x74FD0000 \Windows\System32\cfgmgr32.dll
  0x74EB0000 \Windows\System32\crypt32.dll
  0x74EA0000 \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
  0x74E90000 \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
  0x74E80000 \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
  0x74E70000 \Windows\System32\msasn1.dll

Processes (total 79):
       0 System Idle Process
       4 System
     264 C:\Windows\System32\smss.exe
     372 csrss.exe
     432 C:\Windows\System32\wininit.exe
     444 csrss.exe
     716 C:\Windows\System32\winlogon.exe
     776 C:\Windows\System32\services.exe
     784 C:\Windows\System32\lsass.exe
     792 C:\Windows\System32\lsm.exe
     908 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\nvvsvc.exe
    1060 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\svchost.exe
    1252 C:\Windows\System32\svchost.exe
    1424 C:\Windows\System32\nvvsvc.exe
    1488 C:\Windows\System32\svchost.exe
    1756 C:\Windows\System32\spoolsv.exe
    2044 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
     276 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     336 C:\Program Files\AVG\AVG9\avgwdsvc.exe
     368 C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
     692 C:\Program Files\Bonjour\mDNSResponder.exe
     848 C:\Windows\System32\svchost.exe
     924 C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
    1296 C:\Windows\System32\svchost.exe
    1444 C:\Windows\System32\svchost.exe
    1508 C:\altera\qprogrammer\bin\jtagserver.exe
    1720 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1624 C:\Windows\System32\lxcycoms.exe
    1912 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    1940 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    2212 C:\Program Files\SMINST\BLService.exe
    2240 C:\Program Files\CyberLink\Shared files\RichVideo.exe
    2276 C:\Windows\System32\svchost.exe
    2328 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2404 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2824 C:\Windows\System32\taskhost.exe
    3056 C:\Windows\System32\dwm.exe
    3064 C:\Windows\explorer.exe
    3340 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3480 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3500 C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe
    3516 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3540 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3548 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    3592 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    3620 C:\Program Files\HP\QuickPlay\QPService.exe
    3636 C:\Program Files\Lexmark 3400 Series\lxcymon.exe
    3644 C:\Program Files\Lexmark 3400 Series\ezprint.exe
    3660 C:\Program Files\AVG\AVG9\avgtray.exe
    3720 C:\Program Files\iTunes\iTunesHelper.exe
    3760 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3980 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    4012 WmiPrvSE.exe
     836 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    1964 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    2056 C:\Program Files\iPod\bin\iPodService.exe
     488 C:\Windows\System32\SearchIndexer.exe
    3284 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    1400 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1660 C:\Windows\System32\wuauclt.exe
    1772 C:\Windows\System32\svchost.exe
    3288 C:\Windows\System32\svchost.exe
     888 C:\Windows\System32\audiodg.exe
    3384 C:\Program Files\Common Files\Corel\Standby\Standby.exe
    2832 C:\Windows\System32\taskeng.exe
    2428 C:\Windows\System32\rundll32.exe
    2320 C:\Windows\System32\VSSVC.exe
    3892 C:\Windows\System32\svchost.exe
    5972 C:\Program Files\Mozilla Firefox\firefox.exe
    4164 C:\Program Files\Mozilla Firefox\plugin-container.exe
    4208 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
    4268 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
    3860 C:\Users\Stealth\Desktop\MBRCheck.exe
    3320 C:\Windows\System32\conhost.exe
    4420 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`7da00000  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice:

Done!

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Premium x86
Ran by Stealth on Wed 07/24/2013 at  9:25:00.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{74CFCEDB-142C-4B4C-89A1-1B0B915B17A8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B5F099C4-BFA8-4583-9FA5-E80C8E8040D5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B5F099C4-BFA8-4583-9FA5-E80C8E8040D5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E9D4E014-3CA2-4E2F-A41D-82B294BAE6A8}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\trusted saver"
Successfully deleted: [Empty Folder] C:\Users\Stealth\appdata\local\{441570C4-9876-4942-91D5-5A55060770A5}
Successfully deleted: [Empty Folder] C:\Users\Stealth\appdata\local\{E0329834-AE7E-4C20-97C2-29FC7FF82E59}



~~~ FireFox

Successfully deleted: [File] C:\Users\Stealth\AppData\Roaming\mozilla\firefox\profiles\46lijnfd.default\searchplugins\bing-zugo.xml
Successfully deleted: [File] C:\Users\Stealth\AppData\Roaming\mozilla\firefox\profiles\46lijnfd.default\searchplugins\mp3tube.xml
Successfully deleted the following from C:\Users\Stealth\AppData\Roaming\mozilla\firefox\profiles\46lijnfd.default\prefs.js

user_pref("browser.search..defaultengine", "Yahoo-Mp3Tube");
user_pref("browser.search..defaultenginename", "Yahoo-Mp3Tube");
user_pref("browser.search..order.1", "Yahoo-Mp3Tube");
user_pref("browser.search..selectedEngine", "Yahoo-Mp3Tube");
user_pref("browser.search.defaultengine", "Yahoo-Mp3Tube");
user_pref("browser.search.defaultenginename", "Yahoo-Mp3Tube");
user_pref("browser.search.order.1", "Yahoo-Mp3Tube");
user_pref("browser.search.selectedEngine", "Yahoo-Mp3Tube");
user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);
Emptied folder: C:\Users\Stealth\AppData\Roaming\mozilla\firefox\profiles\46lijnfd.default\minidumps [173 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/24/2013 at  9:28:28.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 24 July 2013 - 11:55 AM


Hello theman121

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 theman121

theman121
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 24 July 2013 - 01:42 PM

Hi, Below is the combo fix, the computer seems better, havent seen a pop up in a while.

 

ComboFix 13-07-24.02 - Stealth 07/24/2013  14:18:10.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2814.1850 [GMT -4:00]
Running from: c:\users\Stealth\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\4bpn885l.exe.b
c:\programdata\7F320185C1.sys
c:\programdata\SPL2474.tmp
c:\users\Stealth\AppData\Roaming\MoveMediaPlayerWin_071705000014.exe
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\nlcyqtqg
c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\$NtUninstallKB62280$\508754648
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 13:24 . 2013-07-24 13:24    --------    d-----w-    c:\windows\ERUNT
2013-07-24 13:20 . 2013-07-24 13:20    103    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-07-24 00:46 . 2013-07-24 00:46    --------    d-----w-    c:\users\Stealth\AppData\Roaming\Oracle
2013-07-24 00:37 . 2013-07-24 00:37    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-24 00:37 . 2013-07-24 00:37    --------    d-----w-    c:\program files\Java
2013-07-23 21:57 . 2013-07-23 21:57    --------    d-----w-    c:\users\Stealth\AppData\Local\Programs
2013-07-10 01:48 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\system32\qedit.dll
2013-07-10 01:48 . 2013-06-05 03:05    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-07-10 01:48 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-10 01:48 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-10 01:48 . 2013-04-10 05:04    1221632    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 01:48 . 2013-04-10 05:03    936448    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 01:48 . 2013-04-10 05:03    988672    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 01:48 . 2013-04-10 05:03    969216    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 01:47 . 2013-05-27 04:57    680960    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-10 01:47 . 2013-05-27 04:57    392704    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-10 01:47 . 2013-05-27 04:57    224768    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-24 01:10 . 2012-04-04 02:58    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-24 01:10 . 2011-12-30 07:10    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-24 00:37 . 2012-08-31 19:19    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-24 00:37 . 2010-06-12 12:20    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-10 03:02 . 2010-04-01 01:09    5642    --sha-w-    c:\programdata\KGyGaAvL.sys
2013-05-17 04:02 . 2010-06-24 15:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 04:45 . 2013-06-12 13:17    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 13:17    1160192    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 13:17    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 13:17    903168    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 13:17    43008    ----a-w-    c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-12 13:17    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-12 13:16    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 13:17    3968872    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-12 13:17    3913576    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-02 16:22 . 2013-05-02 16:22    745472    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-02 16:22 . 2013-05-02 16:22    73728    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-02 16:22 . 2013-05-02 16:22    719360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-02 16:22 . 2013-05-02 16:22    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-02 16:22 . 2013-05-02 16:22    523264    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-02 16:22 . 2013-05-02 16:22    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-02 16:22 . 2013-05-02 16:22    38400    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-02 16:22 . 2013-05-02 16:22    361984    ----a-w-    c:\windows\system32\html.iec
2013-05-02 16:22 . 2013-05-02 16:22    23040    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-02 16:22 . 2013-05-02 16:22    185344    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-02 16:22 . 2013-05-02 16:22    158720    ----a-w-    c:\windows\system32\msls31.dll
2013-05-02 16:22 . 2013-05-02 16:22    150528    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-02 16:22 . 2013-05-02 16:22    1441280    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-02 16:22 . 2013-05-02 16:22    138752    ----a-w-    c:\windows\system32\wextract.exe
2013-05-02 16:22 . 2013-05-02 16:22    137216    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-02 16:22 . 2013-05-02 16:22    12800    ----a-w-    c:\windows\system32\mshta.exe
2013-05-02 16:22 . 2013-05-02 16:22    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-04-26 04:55 . 2013-06-12 13:17    492544    ----a-w-    c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-12 13:17    1505280    ----a-w-    c:\windows\system32\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 513080]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2009-05-01 82600]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-27 2077536]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
c:\users\Stealth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-16 1153824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-08-27 30312]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 83864]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [2010-02-05 12672]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-08-27 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-08-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-08-27 121576]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 181344]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [2008-01-10 165248]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2008-01-10 142976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
S0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\Drivers\AVGIDSErHr.sys [2009-07-22 25608]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-25 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2009-07-22 571912]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2006-11-29 537520]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys [2009-07-22 121352]
S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys [2009-07-22 30216]
S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys [2009-07-22 29136]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SCDEmu
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService    REG_MULTI_SZ       HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:10]
.
2013-07-24 c:\windows\Tasks\HPCeeScheduleForStealth.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]
.
2013-07-24 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-01-18 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
FF - ProfilePath - c:\users\Stealth\AppData\Roaming\Mozilla\Firefox\Profiles\46lijnfd.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-11-25 16:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
SafeBoot-24442326.sys
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\altera\qprogrammer\bin\JTAGServer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-07-24  14:40:39 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-24 18:40
.
Pre-Run: 109,988,003,840 bytes free
Post-Run: 115,512,799,232 bytes free
.
- - End Of File - - D063FDD0D7FAE01442E9848FAB35128B
588AE8F0C685C02BA11F30D9CD7E61A0
 

 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 24 July 2013 - 08:44 PM


Hello theman121

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 theman121

theman121
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 25 July 2013 - 03:53 PM

Computer seems great below is the attached log

 

ComboFix 13-07-24.02 - Stealth 07/24/2013  14:18:10.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2814.1850 [GMT -4:00]
Running from: c:\users\Stealth\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\4bpn885l.exe.b
c:\programdata\7F320185C1.sys
c:\programdata\SPL2474.tmp
c:\users\Stealth\AppData\Roaming\MoveMediaPlayerWin_071705000014.exe
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\nlcyqtqg
c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\$NtUninstallKB62280$\508754648
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 13:24 . 2013-07-24 13:24    --------    d-----w-    c:\windows\ERUNT
2013-07-24 13:20 . 2013-07-24 13:20    103    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-07-24 00:46 . 2013-07-24 00:46    --------    d-----w-    c:\users\Stealth\AppData\Roaming\Oracle
2013-07-24 00:37 . 2013-07-24 00:37    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-24 00:37 . 2013-07-24 00:37    --------    d-----w-    c:\program files\Java
2013-07-23 21:57 . 2013-07-23 21:57    --------    d-----w-    c:\users\Stealth\AppData\Local\Programs
2013-07-10 01:48 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\system32\qedit.dll
2013-07-10 01:48 . 2013-06-05 03:05    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-07-10 01:48 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-10 01:48 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-10 01:48 . 2013-04-10 05:04    1221632    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 01:48 . 2013-04-10 05:03    936448    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 01:48 . 2013-04-10 05:03    988672    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 01:48 . 2013-04-10 05:03    969216    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 01:47 . 2013-05-27 04:57    680960    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-10 01:47 . 2013-05-27 04:57    392704    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-10 01:47 . 2013-05-27 04:57    224768    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-24 01:10 . 2012-04-04 02:58    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-24 01:10 . 2011-12-30 07:10    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-24 00:37 . 2012-08-31 19:19    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-24 00:37 . 2010-06-12 12:20    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-10 03:02 . 2010-04-01 01:09    5642    --sha-w-    c:\programdata\KGyGaAvL.sys
2013-05-17 04:02 . 2010-06-24 15:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 04:45 . 2013-06-12 13:17    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 13:17    1160192    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 13:17    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 13:17    903168    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 13:17    43008    ----a-w-    c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-12 13:17    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-12 13:16    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 13:17    3968872    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-12 13:17    3913576    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-02 16:22 . 2013-05-02 16:22    745472    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-02 16:22 . 2013-05-02 16:22    73728    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-02 16:22 . 2013-05-02 16:22    719360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-02 16:22 . 2013-05-02 16:22    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-02 16:22 . 2013-05-02 16:22    523264    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-02 16:22 . 2013-05-02 16:22    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-02 16:22 . 2013-05-02 16:22    38400    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-02 16:22 . 2013-05-02 16:22    361984    ----a-w-    c:\windows\system32\html.iec
2013-05-02 16:22 . 2013-05-02 16:22    23040    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-02 16:22 . 2013-05-02 16:22    185344    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-02 16:22 . 2013-05-02 16:22    158720    ----a-w-    c:\windows\system32\msls31.dll
2013-05-02 16:22 . 2013-05-02 16:22    150528    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-02 16:22 . 2013-05-02 16:22    1441280    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-02 16:22 . 2013-05-02 16:22    138752    ----a-w-    c:\windows\system32\wextract.exe
2013-05-02 16:22 . 2013-05-02 16:22    137216    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-02 16:22 . 2013-05-02 16:22    12800    ----a-w-    c:\windows\system32\mshta.exe
2013-05-02 16:22 . 2013-05-02 16:22    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-04-26 04:55 . 2013-06-12 13:17    492544    ----a-w-    c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-12 13:17    1505280    ----a-w-    c:\windows\system32\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 513080]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2009-05-01 82600]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-27 2077536]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
c:\users\Stealth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-16 1153824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-08-27 30312]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 83864]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [2010-02-05 12672]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-08-27 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-08-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-08-27 121576]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 181344]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [2008-01-10 165248]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2008-01-10 142976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
S0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\Drivers\AVGIDSErHr.sys [2009-07-22 25608]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-25 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2009-07-22 571912]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2006-11-29 537520]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys [2009-07-22 121352]
S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys [2009-07-22 30216]
S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys [2009-07-22 29136]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SCDEmu
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService    REG_MULTI_SZ       HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:10]
.
2013-07-24 c:\windows\Tasks\HPCeeScheduleForStealth.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]
.
2013-07-24 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-01-18 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
FF - ProfilePath - c:\users\Stealth\AppData\Roaming\Mozilla\Firefox\Profiles\46lijnfd.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-11-25 16:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
SafeBoot-24442326.sys
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\altera\qprogrammer\bin\JTAGServer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-07-24  14:40:39 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-24 18:40
.
Pre-Run: 109,988,003,840 bytes free
Post-Run: 115,512,799,232 bytes free
.
- - End Of File - - D063FDD0D7FAE01442E9848FAB35128B
588AE8F0C685C02BA11F30D9CD7E61A0
 

 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 25 July 2013 - 10:15 PM


Hello theman121

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 03 August 2013 - 12:18 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:38 AM

Posted 06 August 2013 - 09:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users