Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ran combo fix without being told - have report to send


  • This topic is locked This topic is locked
2 replies to this topic

#1 christy123

christy123

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 25 September 2013 - 01:25 PM

I have had problems with adware generic 5 coming up in AVG 2013 program, but not being able to fix.  I used search engine to find others who had same problem with a way to fix it.  I found a post with bleeping computer combofix and followed what they did.  I didn't read all the way through first and am now in trouble. 

Not very computer smart, I did temperarily shut down the AVG until I restarted computer.  When I was to the point of the combofix report where the directions were to send said report to tech specialist, I saved report and restarted computer.  At that point, the computer clicks and tries to run with no success.  I shut computer off completely for 30 minutes or so and now it does come on.  I am able therefore to get the report I saved.  I am going to try to send as an attachment.  I have seen others send them right on the e-mail itself.  If I cannot find attachment I can do that as well I guess.

 

I really hope I have not hurt the laptop anymore especially since it is my homeschooling sons.  I don't want to be in trouble.  I was only trying to help. 

 

This is my dilema.  I am kind of afraid to do anything a this point.  I also have never written a post on anything before.  But I know you have my e-mail.  So, if I get lost, I will check there.  Thank you for any assistance you are willing and able to give.

Christy123

I could not find a way to attach file sorry bout that.  Here is the report.  Thank you again for you help.

 

ComboFix 13-09-24.02 - Brendan 09/25/2013  10:46:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2939.1789 [GMT -6:00]
Running from: c:\users\Brendan\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files\FunWebProducts
c:\programdata\SPL26B7.tmp
c:\programdata\SPL5697.tmp
c:\programdata\SPL7C14.tmp
c:\programdata\SPLC883.tmp
c:\programdata\SPLC980.tmp
c:\users\Brendan\Documents\~WRL0001.tmp
c:\users\Brendan\Documents\~WRL1829.tmp
c:\users\Brendan\Documents\~WRL3242.tmp
c:\users\Brendan\Documents\~WRL3770.tmp
c:\users\Brendan_2\AppData\Roaming\SearchProtect
c:\users\Brendan_2\AppData\Roaming\SearchProtect\bin\ChromeModule.dll
c:\users\Brendan_2\AppData\Roaming\SearchProtect\bin\cltmng.exe
c:\users\Brendan_2\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe
c:\users\Brendan_2\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll
c:\users\Brendan_2\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll
c:\users\Brendan_2\AppData\Roaming\SearchProtect\bin\msvcp100.dll
c:\users\Brendan_2\AppData\Roaming\SearchProtect\bin\msvcr100.dll
c:\users\Brendan_2\AppData\Roaming\SearchProtect\bin\rep.dat
c:\users\Brendan_2\AppData\Roaming\SearchProtect\bin\SPHook32.dll
c:\users\Brendan_2\AppData\Roaming\SearchProtect\bin\SPRunner.exe
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\users\Brendan_2\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\abstraction.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\application.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN
c:\users\Brendan_2\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
c:\users\Brendan_2\Documents\~WRL0003.tmp
c:\users\Brendan_2\Documents\~WRL0004.tmp
c:\users\Brendan_2\Documents\~WRL0005.tmp
c:\users\Brendan_2\Documents\~WRL0006.tmp
c:\users\Brendan_2\Documents\~WRL0007.tmp
c:\users\Brendan_2\Documents\~WRL0008.tmp
c:\users\Brendan_2\Documents\~WRL0009.tmp
c:\users\Brendan_2\Documents\~WRL0010.tmp
c:\users\Brendan_2\Documents\~WRL0608.tmp
c:\users\Brendan_2\Documents\~WRL0704.tmp
c:\users\Brendan_2\Documents\~WRL1214.tmp
c:\users\Brendan_2\Documents\~WRL1391.tmp
c:\users\Brendan_2\Documents\~WRL1601.tmp
c:\users\Brendan_2\Documents\~WRL1813.tmp
c:\users\Brendan_2\Documents\~WRL2153.tmp
c:\users\Brendan_2\Documents\~WRL2190.tmp
c:\users\Brendan_2\Documents\~WRL2242.tmp
c:\users\Brendan_2\Documents\~WRL2583.tmp
c:\users\Brendan_2\Documents\~WRL3022.tmp
c:\users\Brendan_2\Documents\~WRL3365.tmp
c:\users\Brendan_2\Documents\~WRL3580.tmp
c:\users\Brendan_2\Documents\~WRL3586.tmp
c:\users\Brendan_2\Documents\~WRL3907.tmp
c:\windows\desktop
c:\windows\jestertb.dll
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-25 to 2013-09-25  )))))))))))))))))))))))))))))))
.
.
2013-09-25 17:05 . 2013-09-25 17:05    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-25 17:05 . 2013-09-25 17:05    --------    d-----w-    c:\users\Brendan_2\AppData\Local\temp
2013-09-25 17:05 . 2013-09-25 17:05    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-25 15:38 . 2013-09-25 15:38    --------    d-----w-    c:\progra~2\85F0CA~1
2013-09-18 15:06 . 2013-09-18 15:06    --------    d-----w-    c:\progra~2\85A2A6~1
2013-09-16 14:42 . 2013-09-16 14:42    --------    d-----w-    c:\progra~2\853B39~1
2013-09-16 14:37 . 2013-09-16 14:37    --------    d-----w-    c:\progra~2\PA1DB~1
2013-09-16 14:36 . 2013-09-16 14:36    --------    d-----w-    c:\programdata\BitGuard
2013-09-16 14:36 . 2013-09-16 14:36    --------    d-----w-    c:\progra~2\____85~1
2013-09-12 09:07 . 2013-07-16 04:35    615936    ----a-w-    c:\windows\system32\themeui.dll
2013-09-12 09:07 . 2013-08-08 01:45    2049536    ----a-w-    c:\windows\system32\win32k.sys
2013-09-10 18:06 . 2013-09-10 18:06    --------    d-----w-    c:\progra~2\8546D5~1
2013-09-10 07:34 . 2013-09-10 07:34    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 15:52 . 2013-09-09 15:52    --------    d-----w-    c:\progra~2\857630~1
2013-09-07 18:21 . 2013-09-07 18:21    --------    d-----w-    c:\progra~2\85EE38~1
2013-09-05 07:43 . 2013-09-05 07:43    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-04 15:35 . 2013-09-04 15:35    --------    d-----w-    c:\progra~2\85150B~1
2013-09-04 15:20 . 2013-09-04 15:20    --------    d-----w-    c:\progra~2\333385~1
2013-08-27 17:39 . 2013-08-02 04:09    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-27 12:20 . 2013-08-27 12:20    --------    d-----w-    c:\progra~2\854D01~1
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 09:02 . 2012-04-21 14:42    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-20 09:02 . 2011-08-07 18:03    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-15 02:37 . 2012-11-12 16:21    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-07-20 07:51 . 2013-07-20 07:51    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 07:50 . 2013-07-20 07:50    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 07:50 . 2013-07-20 07:50    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 07:50 . 2013-07-20 07:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-07-17 19:41 . 2013-08-14 15:46    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-10 09:47 . 2013-08-14 15:44    783360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-07-10 02:17 . 2013-07-10 02:17    48648    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-17\Markup.dll
2013-07-10 02:17 . 2010-09-06 17:29    677136    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-10 02:17 . 2013-07-10 02:17    416128    ----a-w-    c:\programdata\Microsoft\eHome\Packages\NetTV\Browse-17\NetTVResources.dll
2013-07-10 02:16 . 2013-07-10 02:16    652296    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore-19\Microsoft.MediaCenter.Sports.UI.dll
2013-07-09 12:10 . 2013-08-14 15:48    1205168    ----a-w-    c:\windows\system32\ntdll.dll
2013-07-08 04:55 . 2013-08-14 15:48    3551680    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-08 04:55 . 2013-08-14 15:48    3603904    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:20 . 2013-08-14 15:48    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-08 04:16 . 2013-08-14 15:48    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-07-08 04:16 . 2013-08-14 15:48    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-07-08 04:16 . 2013-08-14 15:48    992768    ----a-w-    c:\windows\system32\crypt32.dll
2013-07-05 04:53 . 2013-08-14 15:48    905664    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-07-01 07:45 . 2013-07-01 07:45    96568    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2003-03-19 03:20 . 2003-03-19 03:20    1060864    ----a-w-    c:\program files\mfc71.dll
2003-03-19 03:12 . 2003-03-19 03:12    1047552    ----a-w-    c:\program files\mfc71u.dll
2003-03-19 02:44 . 2003-03-19 02:44    57344    ----a-w-    c:\program files\MFC71ENU.DLL
2003-03-19 02:44 . 2003-03-19 02:44    49152    ----a-w-    c:\program files\MFC71KOR.DLL
2003-03-19 02:44 . 2003-03-19 02:44    61440    ----a-w-    c:\program files\MFC71ITA.DLL
2003-03-19 02:44 . 2003-03-19 02:44    61440    ----a-w-    c:\program files\MFC71ESP.DLL
2003-03-19 02:44 . 2003-03-19 02:44    45056    ----a-w-    c:\program files\MFC71CHT.DLL
2003-03-19 02:44 . 2003-03-19 02:44    40960    ----a-w-    c:\program files\MFC71CHS.DLL
2003-03-19 02:44 . 2003-03-19 02:44    65536    ----a-w-    c:\program files\MFC71DEU.DLL
2003-03-19 02:44 . 2003-03-19 02:44    61440    ----a-w-    c:\program files\MFC71FRA.DLL
2003-03-19 02:44 . 2003-03-19 02:44    49152    ----a-w-    c:\program files\MFC71JPN.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9ed31f84-c8b3-4926-b950-dff74047ff79}"= "c:\program files\KeyBar_1.8\prxtbKeyB.dll" [2013-05-16 231712]
.
[HKEY_CLASSES_ROOT\clsid\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-08-15 02:37    3122864    ----a-w-    c:\program files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
2013-05-16 12:13    231712    ----a-w-    c:\program files\KeyBar_1.8\prxtbKeyB.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll" [2013-08-15 3122864]
"{9ed31f84-c8b3-4926-b950-dff74047ff79}"= "c:\program files\KeyBar_1.8\prxtbKeyB.dll" [2013-05-16 231712]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9ED31F84-C8B3-4926-B950-DFF74047FF79}"= "c:\program files\KeyBar_1.8\prxtbKeyB.dll" [2013-05-16 231712]
.
[HKEY_CLASSES_ROOT\clsid\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-03 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2013-03-15 4973456]
"WebCake Desktop"="c:\users\Brendan_2\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-07 47896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-04-17 2513472]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1007616]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912]
"TANU"="c:\program files\TOSHIBA\TANU\TANU.exe" [2009-03-28 263560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-12-18 448376]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-03-25 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 154136]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 150040]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 178712]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"lxeemon.exe"="c:\program files\Lexmark Pro700 Series\lxeemon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files\Lexmark Pro700 Series\ezprint.exe" [2009-08-10 139944]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-08-15 2314416]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\mathadv2002\QTTask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-04-14 295512]
"SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2013-03-15 4973456]
.
c:\users\Brendan_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe -logon [2008-1-3 1392640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BitGuard\261673~1.238\{C16C1~1\BitGuard.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 09:02]
.
2013-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 00:40]
.
2013-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-18 00:40]
.
2013-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980885988-2655112277-2635854863-1001Core.job
- c:\users\Brendan_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 16:43]
.
2013-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1980885988-2655112277-2635854863-1001UA.job
- c:\users\Brendan_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 16:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=61&CUI=UN39087380241851889&UM=2&UP=SPEBF2F3A8-EE68-45CA-97B2-F1756187E910
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
FF - ProfilePath - c:\users\Brendan_2\AppData\Roaming\Mozilla\Firefox\Profiles\7764jzuy.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extentions.webcake.installId - 13e2258e-938a-4c14-a936-2ee14892023a
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 26cd74870000000000000024d2be8d1a
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15865
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.520:52
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-SearchProtect - c:\users\Brendan_2\AppData\Roaming\SearchProtect\bin\cltmng.exe
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
HKLM-Run-OtShot - c:\program files\OtShot\otshot.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-I Love Math! - c:\windows\Uninst.exe -rDK Multimedia\I Love Math!\1.0.4.0
AddRemove-I Love Spelling! - c:\windows\Uninst.exe -rDK Multimedia\I Love Spelling!\1.0.0.0
AddRemove-OtShot - c:\program files\OtShot\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-25 11:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-09-25  11:11:11
ComboFix-quarantined-files.txt  2013-09-25 17:11
.
Pre-Run: 200,298,483,712 bytes free
Post-Run: 201,601,839,104 bytes free
.
- - End Of File - - 1EF0CA73539CF29A196C5837478C1D0B
5B5E648D12FCADC244C1EC30318E1EB9

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:54 AM

Posted 28 September 2013 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.

  • IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.

  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

  • thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post.
    ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.

    Let me know what problem persists.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:54 AM

Posted 04 October 2013 - 08:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users