Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection issues


  • This topic is locked This topic is locked
19 replies to this topic

#1 Mikeyb1

Mikeyb1

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 23 July 2013 - 08:44 PM

http://www.bleepingcomputer.com/forums/t/501604/vista-cant-uninstall-mcafee-or-old-java/page-2#entry3111606

 

 

Rkill 2.5.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/23/2013 05:18:07 PM in x86 mode.
Windows Version: Windows Vista ™ Home Basic Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\System32\WLTRYSVC.EXE (PID: 1952) [WD-HEUR]
 * C:\Windows\System32\bcmwltry.exe (PID: 1972) [WD-HEUR]
 * C:\Windows\System32\WLTRAY.EXE (PID: 4620) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
  * HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 07/23/2013 05:20:22 PM
Execution time: 0 hours(s), 2 minute(s), and 15 seconds(s)
 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by shockley at 20:39:06 on 2013-07-23
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.1.1033.18.3034.1430 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Brand Thunder Theme Manager for Internet Explorer: {0B5DEE95-C164-4E3E-B4C7-15E852BDE5BC} - c:\program files\brand thunder\cortez\bt-thememanager.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\program files\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100824223533.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
StartupFolder: c:\users\shockley\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C6A2442F-C1A3-4C5D-BB18-A8307A205284} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shockley\appdata\roaming\mozilla\firefox\profiles\t1fy3khf.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - ExtSQL: !HIDDEN! 2009-06-25 19:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 385880]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 37664]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-24 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-24 160720]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-5-18 81920]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-12-17 20376]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-24 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-24 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-24 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-24 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-24 141792]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.3.0\ToolbarUpdater.exe [2013-6-27 1598128]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-24 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-24 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-24 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-24 312616]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SftService;SoftThinks Agent Service;"c:\windows\sminst\sftservice.exe" --> c:\windows\sminst\sftservice.EXE [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-24 83496]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-07-23 18:03:10    --------    d-----w-    c:\windows\ERUNT
2013-07-23 15:36:21    5468    ----a-w-    c:\windows\system32\PerfStringBackup.TMP
2013-07-22 18:32:15    --------    d-----w-    c:\program files\ESET
2013-07-19 22:16:46    115    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-07-19 17:33:34    --------    d-----w-    c:\users\shockley\appdata\roaming\AVG2013
2013-07-19 17:32:16    --------    d-----w-    c:\users\shockley\appdata\roaming\TuneUp Software
2013-07-19 17:30:33    --------    d-----w-    c:\programdata\AVG2013
2013-07-19 15:38:26    --------    d-----w-    c:\program files\iPod
2013-07-19 15:38:16    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-19 15:38:16    --------    d-----w-    c:\program files\iTunes
2013-07-19 15:31:07    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-07-19 15:31:07    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-07-19 15:31:07    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-07-19 15:31:07    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-07-19 15:31:07    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-07-19 15:31:07    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-07-19 15:31:07    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-07-19 15:31:07    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-07-19 15:31:07    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-07-19 15:31:07    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-07-12 22:46:59    74136    ----a-w-    c:\program files\mozilla firefox\updated\breakpadinjector.dll
2013-07-12 22:46:59    263064    ----a-w-    c:\program files\mozilla firefox\updated\components\browsercomps.dll
2013-07-12 22:46:59    19352    ----a-w-    c:\program files\mozilla firefox\updated\AccessibleMarshal.dll
2013-07-12 22:07:42    --------    d--h--w-    C:\$AVG
2013-07-12 21:59:36    --------    d-----w-    c:\users\shockley\appdata\local\MFAData
2013-07-12 21:59:36    --------    d-----w-    c:\users\shockley\appdata\local\Avg2013
2013-07-12 21:59:36    --------    d-----w-    c:\programdata\MFAData
2013-07-12 20:56:27    712264    ----a-w-    c:\windows\is-L9GNI.exe
2013-07-12 20:48:17    --------    d-----w-    c:\users\shockley\appdata\roaming\Seas0nPass
.
==================== Find3M  ====================
.
2013-07-19 21:17:37    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-19 21:17:37    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-27 18:39:48    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-05-01 08:59:12    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59:12    69632    ----a-w-    c:\windows\system32\QuickTime.qts
.
============= FINISH: 20:39:41.73 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 23 July 2013 - 08:53 PM

Here's the "attach" file.

Attached Files



#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 24 July 2013 - 01:42 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 24 July 2013 - 09:43 AM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-24 09:42:14
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO 232.89GB
Running: 0ir7iwnf.exe; Driver: C:\Users\shockley\AppData\Local\Temp\uwdirkog.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o.)  ZwNotifyChangeKey [0x8F2215D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o.)  ZwNotifyChangeMultipleKeys [0x8F221700]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o.)  ZwOpenProcess [0x8F221010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o.)  ZwSuspendProcess [0x8F221300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o.)  ZwSuspendThread [0x8F2213E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o.)  ZwTerminateProcess [0x8F221120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o.)  ZwTerminateThread [0x8F221210]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o.)  ZwWriteVirtualMemory [0x8F2214D0]

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                  ZwMapViewOfSection [0x8274AD88]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                  ZwUnmapViewOfSection [0x8274AD9E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                  ZwYieldExecution [0x8274AD74]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                  NtMapViewOfSection

---- Devices - GMER 2.1 ----

Device                                                                                                                                      Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice                                                                                                                              mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device                                                                                                                                      fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

---- Processes - GMER 2.1 ----

Process          (*** hidden *** )                                                                                                          [4] 84B05910                                                             

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List                                                     35828 35834 35846 35856 35866 35886 35930 35940 35978 35984 36000 36008
Reg             HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter                                                    36022
Reg             HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help                                                       36023
Reg             HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter                                                   35828
Reg             HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help                                                      35829

---- EOF - GMER 2.1 ----
 



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 25 July 2013 - 02:23 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 25 July 2013 - 09:05 AM

ComboFix 13-07-24.03 - shockley 07/25/2013   8:41.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.1.1033.18.3034.2603 [GMT -5:00]
Running from: c:\users\shockley\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\763517a2o517u317m874o8qoc6d8
E:\AUTORUN.INF
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-25 to 2013-07-25  )))))))))))))))))))))))))))))))
.
.
2013-07-25 13:54 . 2013-07-25 13:54    --------    d-----w-    c:\users\shockley\AppData\Local\temp
2013-07-24 08:00 . 2013-07-24 08:03    --------    d-----w-    c:\windows\system32\MRT
2013-07-23 18:03 . 2013-07-23 18:03    --------    d-----w-    c:\windows\ERUNT
2013-07-23 15:36 . 2013-07-25 13:35    5468    ----a-w-    c:\windows\system32\PerfStringBackup.TMP
2013-07-22 18:32 . 2013-07-22 18:32    --------    d-----w-    c:\program files\ESET
2013-07-19 22:16 . 2013-07-19 22:18    115    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-07-19 17:33 . 2013-07-19 17:33    --------    d-----w-    c:\users\shockley\AppData\Roaming\AVG2013
2013-07-19 17:32 . 2013-07-19 17:32    --------    d-----w-    c:\users\shockley\AppData\Roaming\TuneUp Software
2013-07-19 17:30 . 2013-07-23 22:30    --------    d-----w-    c:\programdata\AVG2013
2013-07-19 15:38 . 2013-07-19 15:38    --------    d-----w-    c:\program files\iPod
2013-07-19 15:38 . 2013-07-19 15:39    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-19 15:38 . 2013-07-19 15:39    --------    d-----w-    c:\program files\iTunes
2013-07-19 15:31 . 2013-07-19 15:31    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-07-19 15:31 . 2013-07-19 15:31    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-07-19 15:31 . 2013-07-19 15:31    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-07-19 15:31 . 2013-07-19 15:31    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-07-19 15:31 . 2013-07-19 15:31    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-07-19 15:31 . 2013-07-19 15:31    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-07-19 15:31 . 2013-07-19 15:31    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-07-19 15:31 . 2013-07-19 15:31    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-07-19 15:31 . 2013-07-19 15:30    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-07-19 15:31 . 2013-07-19 15:30    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-07-19 15:30 . 2013-07-19 15:30    --------    d-----w-    c:\program files\QuickTime
2013-07-12 22:46 . 2013-05-23 10:31    74136    ----a-w-    c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2013-07-12 22:46 . 2013-05-23 10:31    263064    ----a-w-    c:\program files\Mozilla Firefox\updated\components\browsercomps.dll
2013-07-12 22:46 . 2013-05-23 10:31    19352    ----a-w-    c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-07-12 22:07 . 2013-07-19 17:30    --------    d-----w-    C:\$AVG
2013-07-12 21:59 . 2013-07-24 13:53    --------    d-----w-    c:\programdata\MFAData
2013-07-12 21:59 . 2013-07-23 21:40    --------    d-----w-    c:\users\shockley\AppData\Local\Avg2013
2013-07-12 21:59 . 2013-07-12 21:59    --------    d-----w-    c:\users\shockley\AppData\Local\MFAData
2013-07-12 20:56 . 2013-07-12 20:56    712264    ----a-w-    c:\windows\is-L9GNI.exe
2013-07-12 20:48 . 2013-07-12 20:49    --------    d-----w-    c:\users\shockley\AppData\Roaming\Seas0nPass
2013-06-28 01:59 . 2013-06-28 01:59    --------    d-----w-    c:\users\texas\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 21:17 . 2012-09-07 19:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-19 21:17 . 2012-09-07 19:19    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-27 18:39 . 2012-09-04 01:55    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-05-01 08:59 . 2013-05-01 08:59    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2013-05-23 10:31 . 2011-05-19 01:59    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-01 01:32 . 2010-08-25 03:35    24376    ----a-w-    c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0B5DEE95-C164-4E3E-B4C7-15E852BDE5BC}]
2010-08-30 16:39    144896    ----a-w-    c:\program files\Brand Thunder\Cortez\bt-thememanager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
.
c:\users\shockley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA DPS BFE mpssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-19 15:51    1173456    ----a-w-    c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 21:17]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 02:32]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 02:32]
.
2013-06-27 c:\windows\Tasks\User_Feed_Synchronization-{6465B654-B076-4857-9492-3EF2AB6FD327}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\shockley\AppData\Roaming\Mozilla\Firefox\Profiles\t1fy3khf.default\
FF - ExtSQL: !HIDDEN! 2009-06-25 19:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-25 08:54
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,f0,ec,b8,df,4e,7e,4d,ab,32,81,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,f0,ec,b8,df,4e,7e,4d,ab,32,81,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2024)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
Completion time: 2013-07-25  08:55:55
ComboFix-quarantined-files.txt  2013-07-25 13:55
.
Pre-Run: 149,892,718,592 bytes free
Post-Run: 149,916,774,400 bytes free
.
- - End Of File - - 3856B5A4DDAD143DC4208EFE2FD31284
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 26 July 2013 - 12:39 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 29 July 2013 - 01:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:02:32 AM

Posted 29 July 2013 - 10:00 PM

This topic has been re-opened at the request of the person who originally posted.

#10 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 30 July 2013 - 02:30 PM

 

 



ComboFix 13-07-30.03 - shockley 07/30/2013  13:07:18.2.2 - x86 NETWORK
MicrosoftÆ Windows Vistaô Home Basic   6.0.6001.1.1252.1.1033.18.3034.2592 [GMT -5:00]
Running from: c:\users\shockley\Desktop\ComboFix.exe
Command switches used :: c:\users\shockley\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-30  )))))))))))))))))))))))))))))))
.
.
2013-07-30 18:51 . 2013-07-30 18:52 -------- d-----w- c:\users\shockley\AppData\Local\temp
2013-07-30 18:51 . 2013-07-30 18:51 -------- d-----w- c:\users\texas\AppData\Local\temp
2013-07-30 18:51 . 2013-07-30 18:51 -------- d-----w- c:\users\meg\AppData\Local\temp
2013-07-30 18:51 . 2013-07-30 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-30 13:38 . 2013-07-30 13:38 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-07-24 08:00 . 2013-07-24 08:03 -------- d-----w- c:\windows\system32\MRT
2013-07-23 18:03 . 2013-07-23 18:03 -------- d-----w- c:\windows\ERUNT
2013-07-23 15:36 . 2013-07-30 18:04 5468 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-07-22 18:32 . 2013-07-22 18:32 -------- d-----w- c:\program files\ESET
2013-07-20 06:51 . 2013-07-20 06:51 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50 . 2013-07-20 06:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50 . 2013-07-20 06:50 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50 . 2013-07-20 06:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-19 22:16 . 2013-07-19 22:18 115 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-19 17:33 . 2013-07-19 17:33 -------- d-----w- c:\users\shockley\AppData\Roaming\AVG2013
2013-07-19 17:32 . 2013-07-19 17:32 -------- d-----w- c:\users\shockley\AppData\Roaming\TuneUp Software
2013-07-19 17:30 . 2013-07-23 22:30 -------- d-----w- c:\programdata\AVG2013
2013-07-19 15:38 . 2013-07-19 15:38 -------- d-----w- c:\program files\iPod
2013-07-19 15:38 . 2013-07-19 15:39 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-19 15:38 . 2013-07-19 15:39 -------- d-----w- c:\program files\iTunes
2013-07-19 15:31 . 2013-07-19 15:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-07-19 15:31 . 2013-07-19 15:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-07-19 15:31 . 2013-07-19 15:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-07-19 15:31 . 2013-07-19 15:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-07-19 15:31 . 2013-07-19 15:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-07-19 15:31 . 2013-07-19 15:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-07-19 15:31 . 2013-07-19 15:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-07-19 15:31 . 2013-07-19 15:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-07-19 15:31 . 2013-07-19 15:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-07-19 15:31 . 2013-07-19 15:30 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-07-19 15:30 . 2013-07-19 15:30 -------- d-----w- c:\program files\QuickTime
2013-07-12 22:46 . 2013-05-23 10:31 74136 ----a-w- c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2013-07-12 22:46 . 2013-05-23 10:31 263064 ----a-w- c:\program files\Mozilla Firefox\updated\components\browsercomps.dll
2013-07-12 22:46 . 2013-05-23 10:31 19352 ----a-w- c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-07-12 22:07 . 2013-07-19 17:30 -------- d-----w- C:\$AVG
2013-07-12 21:59 . 2013-07-30 13:39 -------- d-----w- c:\programdata\MFAData
2013-07-12 21:59 . 2013-07-23 21:40 -------- d-----w- c:\users\shockley\AppData\Local\Avg2013
2013-07-12 21:59 . 2013-07-12 21:59 -------- d-----w- c:\users\shockley\AppData\Local\MFAData
2013-07-12 20:56 . 2013-07-12 20:56 712264 ----a-w- c:\windows\is-L9GNI.exe
2013-07-12 20:48 . 2013-07-12 20:49 -------- d-----w- c:\users\shockley\AppData\Roaming\Seas0nPass
2013-07-10 06:32 . 2013-07-10 06:32 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-01 06:45 . 2013-07-01 06:45 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 21:17 . 2012-09-07 19:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-19 21:17 . 2012-09-07 19:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-27 18:39 . 2012-09-04 01:55 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-23 10:31 . 2011-05-19 01:59 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-01 01:32 . 2010-08-25 03:35 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0B5DEE95-C164-4E3E-B4C7-15E852BDE5BC}]
2010-08-30 16:39 144896 ----a-w- c:\program files\Brand Thunder\Cortez\bt-thememanager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\shockley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA DPS BFE mpssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-19 15:51 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 21:17]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 02:32]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 02:32]
.
2013-06-27 c:\windows\Tasks\User_Feed_Synchronization-{6465B654-B076-4857-9492-3EF2AB6FD327}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\shockley\AppData\Roaming\Mozilla\Firefox\Profiles\t1fy3khf.default\
FF - ExtSQL: !HIDDEN! 2009-06-25 19:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-30 13:52
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1852)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
Completion time: 2013-07-30  13:53:53
ComboFix-quarantined-files.txt  2013-07-30 18:53
ComboFix2.txt  2013-07-25 13:55
.
Pre-Run: 149,235,126,272 bytes free
Post-Run: 149,147,983,872 bytes free
.
- - End Of File - - 2994C295B56B9C699D5D6B66C59A7886
CDB4DE4BBD714F152979DA2DCBEF57EB


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 31 July 2013 - 03:32 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 31 July 2013 - 12:43 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.31.03
 
Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19088
shockley :: SHOCKLEY-PC [administrator]
 
7/31/2013 8:26:26 AM
mbam-log-2013-07-31 (08-26-26).txt
 
Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 495407
Time elapsed: 1 hour(s), 4 minute(s), 47 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


C:\Users\meg\Downloads\mozilla-firefox-toDownload.exe a variant of Win32/InstallCore.AG application


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 01 August 2013 - 01:16 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 01 August 2013 - 10:05 AM

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 08:27:48
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 1 (32 bits)
# User : shockley - SHOCKLEY-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\shockley\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\shockley\AppData\Roaming\Mozilla\Firefox\Profiles\t1fy3khf.default\prefs.js

[OK] File is clean.

File : C:\Users\meg\AppData\Roaming\Mozilla\Firefox\Profiles\ul99c30s.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\shockley\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\meg\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.49] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.52] : keyword = "isearch.avg.com",
Deleted [l.55] : search_url = "hxxp://isearch.avg.com/search?cid={4B0B4C37-81BD-498F-8FFD-0417E1ABBA36}&mid=31[...]

File : C:\Users\texas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_signature":"joSz0oQzapIqg0q5vYM+ZyuRbY02D1uYbWJqdaPkXGI=","_version":4,"browser":{"show[...]

*************************

AdwCleaner[S1].txt - [6756 octets] - [19/07/2013 17:16:37]
AdwCleaner[S2].txt - [1622 octets] - [01/08/2013 08:27:48]

########## EOF - C:\AdwCleaner[S2].txt - [1682 octets] ##########



#15 Mikeyb1

Mikeyb1
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 01 August 2013 - 10:06 AM

 Results of screen317's Security Check version 0.99.71 
 Windows Vista Service Pack 1 x86 (UAC is enabled) 
 Out of date service pack!!
 Internet Explorer 8 Out of date!
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 20.0.1 Firefox out of Date! 
 Google Chrome 27.0.1453.116 
 Google Chrome 28.0.1500.72 
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users