Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virtumonde.sci/dll, smitfraud-c, fraud., in spybot searches


  • This topic is locked This topic is locked
25 replies to this topic

#1 incarnateunlimited

incarnateunlimited

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 07 November 2013 - 02:56 PM

i first saw it when i first ran spybot, about 500,000 of the 800,000 items it had to search were all virtumonde, but no virtumonde came up in it's results. I looked it up, tried mbam, hijackthis, fixvundo, and followed about 4 different forum instruction sets including shutting off my system restore, disconnecting from networks, disabling all my share options, reset tea timer (which i spent hours trying to find the .bat file with no avail), using hijack this and then ATF cleaner, and then hjt again, mbam, basically this this and this in this order, and after all of this, i still wound up with about 500,000 virtumonde.dll/sci files popping up in spybot's window while doing it's scan. my computer isnt acting terribly, i have a dell vostro with 6g ram, but a few things arent cooperating, not allowing me to save in certain paths, not acknowledging my administrator permissions, my realplayer paid version isnt letting me play anything i downloaded recently, and it's speedbit download accelerator stopped functioning. this could be fault of the makers of realplayer, their product support consists solely of help pages with no contact or troubleshooting section, but it could be from this infection. in the hjt results the first time it had about 10 entries for speedbit unknown something. im not sure if i saved that log before rebooting though. here's my mbam log and my hjt log. spybot doesnt seem to have any way of recording the virtumonde presence to paste up here, and it seems to be the only program to register it while scanning, and again, thats only during the scan. it shows nothing in the results about it.

 

i went through the preliminary guides before posting and did the mbam method with rkill which afterwards spybot still found all the virtumondes, the vundofix link is no longer working, though i managed to download a copy of symantec fix vundo onto my phone and transferred it to the computer that way, it didnt register any sign of its presence and again spybot still popped it up after that. ive been at this for 2 days now and i probably wouldnt notice it if it werent for spybot. 

 

i have a copy of combofix ready to go if needed but i didnt want to use it unsupervised. heres my logs. thank you greatly for your time!

 

 Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.11.07.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Aaron :: KRISTY-IS-SEXXY [administrator]
 
Protection: Enabled
 
11/6/2013 11:41:17 PM
mbam-log-2013-11-06 (23-41-17).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 494250
Time elapsed: 1 hour(s), 4 minute(s), 31 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 5
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
HKCR\URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
HKCR\URLSearchHook.ToolbarURLSearchHook (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 6
C:\Users\Aaron\Local Settings\Application Data\KangoBoxSA (Adware.HotBar.KB) -> Quarantined and deleted successfully.
C:\Users\Aaron\Local Settings\Application Data\KangoBoxSA\bin (Adware.HotBar.KB) -> Quarantined and deleted successfully.
C:\Users\Aaron\Local Settings\Application Data\KangoBoxSA\bin\1.0.2.0 (Adware.HotBar.KB) -> Quarantined and deleted successfully.
C:\Users\Aaron\AppData\Local\KangoBoxSA (Adware.HotBar.KB) -> Quarantined and deleted successfully.
C:\Users\Aaron\AppData\Local\KangoBoxSA\bin (Adware.HotBar.KB) -> Quarantined and deleted successfully.
C:\Users\Aaron\AppData\Local\KangoBoxSA\bin\1.0.2.0 (Adware.HotBar.KB) -> Quarantined and deleted successfully.
 
Files Detected: 34
C:\Program Files (x86)\Buzzluck Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Cirrus Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Club Player Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Club World Casinos\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Cool Cat Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Jackpot Capital\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Palace of Chance\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Planet7 Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Prism Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\QPST\Scramp\Scramp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RoyalAceCasino.com\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Rushmore Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Silver Oak Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Slot Madness B\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Slotocash Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Sun Palace Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Vegas Casino Online\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Vegas Strip\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Virtual Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wild Vegas\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WinPalace\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\b4d26af-6c0c46aa (Trojan.FakeAlert.FSA28) -> Quarantined and deleted successfully.
C:\Users\Aaron\Desktop\Aaron_File_Backup\Lots of bleep metal\exodavengedungleystemofa songs that wont get on the damn list\DTLite4451-0236.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Aaron\Desktop\cs6 master\Milkman\PatcherFiles\amtlib32bit.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Users\Aaron\Desktop\cs6 master\Milkman\PatcherFiles\amtlib64bit.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Users\Aaron\Desktop\fick\KERNEL.SHMMAX = 2268435456      KERNEL.SHMALL = 16777216\4shared_Desktop_3.3.5M.exe (PUP.Optional.4Shared) -> Quarantined and deleted successfully.
C:\Users\Aaron\Desktop\The Files From Your Dell\AppData\Local\Temp\WeFi\Setup.exe (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\Users\Aaron\Desktop\The Files From Your Dell\Documents\Newsbin Download\lz057403.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Aaron\Documents\super 1 click v 2.2.3\Drivers\craigslist commander setup.exe (PUP.Optional.AdBundle) -> Quarantined and deleted successfully.
C:\Users\Aaron\Downloads\DAEMONToolsPro510-0333.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Aaron\Downloads\mplayer_tuguu_1271.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Aaron\Downloads\SoftonicDownloader_for_itunes.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Aaron\Local Settings\Application Data\KangoBoxSA\bin\1.0.2.0\KangoBoxSAHook.dll (Adware.HotBar.KB) -> Quarantined and deleted successfully.
C:\Users\Aaron\AppData\Local\KangoBoxSA\bin\1.0.2.0\KangoBoxSAHook.dll (Adware.HotBar.KB) -> Quarantined and deleted successfully.
 
(end)
 
second time
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.07.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Aaron :: KRISTY-IS-SEXXY [administrator]
 
Protection: Enabled
 
11/7/2013 3:37:27 AM
mbam-log-2013-11-07 (03-37-27).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 493684
Time elapsed: 58 minute(s), 22 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

my hijack this:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:29:54 AM, on 11/7/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
 
FIREFOX: 25.0 (en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 72.29.93.243 www.google-analytics.com.
O1 - Hosts: 72.29.93.243 ad-emea.doubleclick.net.
O1 - Hosts: 72.29.93.243 www.statcounter.com.
O1 - Hosts: 64.27.10.42 www.google-analytics.com.
O1 - Hosts: 64.27.10.42 ad-emea.doubleclick.net.
O1 - Hosts: 64.27.10.42 www.statcounter.com.
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ImperioServer] C:\Program Files (x86)\Imperio\Imperio Server\ImperioServer.exe MIN (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ImperioServer] C:\Program Files (x86)\Imperio\Imperio Server\ImperioServer.exe MIN (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ADA75D2-CD35-420E-80E1-9E2A1EDBF5A7}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{0ADA75D2-CD35-420E-80E1-9E2A1EDBF5A7}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{0ADA75D2-CD35-420E-80E1-9E2A1EDBF5A7}: NameServer = 156.154.70.22,156.154.71.22
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ImperioService - Imperio - C:\Program Files (x86)\Imperio\Imperio Service\ImperioService.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 15665 bytes
 
Symantec Trojan.Vundo Removal Tool 1.5.1
 
Cannot scan Winlogon plugins!
C:\Documents and Settings: (not scanned)
C:\ProgramData\Application Data: (not scanned)
C:\ProgramData\Desktop: (not scanned)
C:\ProgramData\Documents: (not scanned)
C:\ProgramData\Favorites: (not scanned)
C:\ProgramData\Start Menu: (not scanned)
C:\ProgramData\Templates: (not scanned)
C:\System Volume Information: (not scanned)
C:\Users\Aaron\AppData\Local\Application Data: (not scanned)
C:\Users\Aaron\AppData\Local\History: (not scanned)
C:\Users\Aaron\AppData\Local\Temporary Internet Files: (not scanned)
C:\Users\Aaron\Desktop\$Recycle.Bin\S-1-5-21-1205561343-4196608405-3495529560-1000\$RBHUNPV: (not scanned)
C:\Users\Aaron\Desktop\$Recycle.Bin\S-1-5-21-1205561343-4196608405-3495529560-1000\$RFUR5MZ: (not scanned)
C:\Users\Aaron\Desktop\Aaron_2\Aaron\Music\New folder\DJ Khaled Ft. T Pain, Young Jeezy, Ludacris, Busta Rhymes, Big Boi from Outkast, Lil Wayne, Fat Joe, Birdman, Rick Ross\IM SO HOOD REMIX NEW\AlbumArt_{0629D0B4-1242-4D3B-BC5D-FCC68E75F438}_Large.jpg (WARNING: not scanned, path to long)
C:\Users\Aaron\Desktop\Aaron_2\Aaron\Music\New folder\DJ Khaled Ft. T Pain, Young Jeezy, Ludacris, Busta Rhymes, Big Boi from Outkast, Lil Wayne, Fat Joe, Birdman, Rick Ross\IM SO HOOD REMIX NEW\AlbumArt_{0629D0B4-1242-4D3B-BC5D-FCC68E75F438}_Small.jpg (WARNING: not scanned, path to long)
C:\Users\Aaron\Desktop\fick\SYSCTL - A ! GREP VM\TitaniumBackup\com.gau.go.launcherex.dock.transparence\com.gau.go.launcherex.gowidget.taskmanager\com.gau.go.launcherex.gowidget.taskmanager\shared_prefs\com.gau.go.launcherex.gowidget.taskmanager_preferences.xml (WARNING: not scanned, path to long)
C:\Users\Aaron\Documents\My Music: (not scanned)
C:\Users\Aaron\Documents\My Pictures: (not scanned)
C:\Users\Aaron\Documents\My Videos: (not scanned)
C:\Users\Aaron\Local Settings: (not scanned)
C:\Users\Aaron\My Documents: (not scanned)
C:\Users\Aaron\NetHood: (not scanned)
C:\Users\Aaron\PrintHood: (not scanned)
C:\Users\Aaron\Recent: (not scanned)
C:\Users\Aaron\SendTo: (not scanned)
C:\Users\Aaron\Start Menu: (not scanned)
C:\Users\Aaron\Templates: (not scanned)
C:\Users\All Users\Application Data: (not scanned)
C:\Users\All Users\Desktop: (not scanned)
C:\Users\All Users\Documents: (not scanned)
C:\Users\All Users\Favorites: (not scanned)
C:\Users\All Users\Start Menu: (not scanned)
C:\Users\All Users\Templates: (not scanned)
C:\Users\Default\AppData\Local\Application Data: (not scanned)
C:\Users\Default\AppData\Local\History: (not scanned)
C:\Users\Default\AppData\Local\Temporary Internet Files: (not scanned)
C:\Users\Default\Application Data: (not scanned)
C:\Users\Default\Cookies: (not scanned)
C:\Users\Default\Documents\My Music: (not scanned)
C:\Users\Default\Documents\My Pictures: (not scanned)
C:\Users\Default\Documents\My Videos: (not scanned)
C:\Users\Default\Local Settings: (not scanned)
C:\Users\Default\My Documents: (not scanned)
C:\Users\Default\NetHood: (not scanned)
C:\Users\Default\PrintHood: (not scanned)
C:\Users\Default\Recent: (not scanned)
C:\Users\Default\SendTo: (not scanned)
C:\Users\Default\Start Menu: (not scanned)
C:\Users\Default\Templates: (not scanned)
C:\Users\Default User: (not scanned)
C:\Users\DefaultAppPool\AppData\Local\Application Data: (not scanned)
C:\Users\DefaultAppPool\AppData\Local\History: (not scanned)
C:\Users\DefaultAppPool\AppData\Local\Temporary Internet Files: (not scanned)
C:\Users\DefaultAppPool\Application Data: (not scanned)
C:\Users\DefaultAppPool\Cookies: (not scanned)
C:\Users\DefaultAppPool\Documents\My Music: (not scanned)
C:\Users\DefaultAppPool\Documents\My Pictures: (not scanned)
C:\Users\DefaultAppPool\Documents\My Videos: (not scanned)
C:\Users\DefaultAppPool\Local Settings: (not scanned)
C:\Users\DefaultAppPool\My Documents: (not scanned)
C:\Users\DefaultAppPool\NetHood: (not scanned)
C:\Users\DefaultAppPool\PrintHood: (not scanned)
C:\Users\DefaultAppPool\Recent: (not scanned)
C:\Users\DefaultAppPool\SendTo: (not scanned)
C:\Users\DefaultAppPool\Start Menu: (not scanned)
C:\Users\DefaultAppPool\Templates: (not scanned)
C:\Users\Public\Documents\My Music: (not scanned)
C:\Users\Public\Documents\My Pictures: (not scanned)
C:\Users\Public\Documents\My Videos: (not scanned)
C:\Windows\CSC: (not scanned)
C:\Windows\System32\config\systemprofile\AppData\Local\Application Data: (not scanned)
C:\Windows\System32\config\systemprofile\AppData\Local\History: (not scanned)
C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files: (not scanned)
C:\Windows\System32\config\systemprofile\Application Data: (not scanned)
C:\Windows\System32\config\systemprofile\Cookies: (not scanned)
C:\Windows\System32\config\systemprofile\Documents\My Music: (not scanned)
C:\Windows\System32\config\systemprofile\Documents\My Pictures: (not scanned)
C:\Windows\System32\config\systemprofile\Documents\My Videos: (not scanned)
C:\Windows\System32\config\systemprofile\Local Settings: (not scanned)
C:\Windows\System32\config\systemprofile\My Documents: (not scanned)
C:\Windows\System32\config\systemprofile\NetHood: (not scanned)
C:\Windows\System32\config\systemprofile\PrintHood: (not scanned)
C:\Windows\System32\config\systemprofile\Recent: (not scanned)
C:\Windows\System32\config\systemprofile\SendTo: (not scanned)
C:\Windows\System32\config\systemprofile\Start Menu: (not scanned)
C:\Windows\System32\config\systemprofile\Templates: (not scanned)
C:\Windows\System32\LogFiles\WMI\RtBackup: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\Application Data: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\Cookies: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\Documents\My Music: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\Local Settings: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\My Documents: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\NetHood: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\PrintHood: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\Recent: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\SendTo: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\Start Menu: (not scanned)
C:\Windows\SysWOW64\config\systemprofile\Templates: (not scanned)
Trojan.Vundo has not been found on your computer.
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:50 AM

Posted 10 November 2013 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 incarnateunlimited

incarnateunlimited
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 11 November 2013 - 01:24 AM

heres the adwcleaner log. i am going to just hit clean because i cant find anything that could potentially be something that would compromise the function of my computer in it. everything seems to be some sort of crap thats not supposed to be there in one way or another.
 
as far as the other security programs go, my firewall is down and i cant seem to turn it on. it just says you are not using the recommended settings for windows firewall and when i click use recommended settings it spits out an error code 0x8007042c windows firewall cant change some of your settings, and i dont seem to be able to download microsoft security essentials for some reason.
 
are there any decent free security programs u would recommend that would serve me better than mse? because last time i was using mse i suddenly had some sort of verification issue where it told me that my copy of windows wasnt genuine (which it is genuine) and mse started behaving like a virus, i couldnt disable it and it wasnt letting me uninstall it. it kind of took over my computer. that was a long time ago and i forget how we resolved it, but i went to download mse a few days ago with some reservations after the last problem with it and was honestly kind of relieved that it wouldnt download. so is there any better alternative to it thats free that u could recommend? i dont want to clean this puppy up finally just to leave it all squeaky clean with no prophylactic so it gets compu-herpa-gonnha-syphill-AIDS again yknow?
 
also, all the speedbit things in the log here, i have the paid version of real player and it used to have download acceleration from speedbit which WAS awesome, but that feature doesnt work anymore for some reason. i bought the realplayer about a year and a half ago, and i just got my computer back from my ex about 3 weeks ago so i couldnt tell u exactly when all these things started malfunctioning (firewall, realplayer, cant save to certain folders even as administrator saying i dont have permission to save there and suggesting i save it in a specific other folder, etc.) but i guess my point is that if theres speedbit things popping up that could be why my download accelerator isnt working too. realplayer's support pages are about as helpful as getting troubleshooting help from a magazine ad. its just not there. anyways, ill pop up my log from JRT next.
 
# AdwCleaner v3.012 - Report created 10/11/2013 at 21:50:41
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Aaron - KRISTY-IS-SEXXY
# Running from : C:\Users\Aaron\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\searchplugins\search.xml
File Found : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\searchplugins\speedbit.xml
File Found : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\user.js
Folder Found : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\Users\Aaron\AppData\Local\PackageAware
Folder Found C:\Users\Aaron\AppData\LocalLow\Toolbar4
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_itunes_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_itunes_RASMANCS
Key Found : HKLM\Software\Splashtop Inc.
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://home.speedbit.com/tab/?aff=205
 
-\\ Mozilla Firefox v25.0 (en-US)
 
[ File : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\prefs.js ]
 
Line Found : user_pref("browser.search.defaulturl", "hxxp://home.speedbit.com/search.aspx?aff=206&q=");
Line Found : user_pref("browser.search.order.1", "SpeedBit Search");
Line Found : user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?aff=205");
Line Found : user_pref("keyword.URL", "hxxp://home.speedbit.com/search.aspx?aff=206&q=");
Line Found : user_pref("pagetweak.pref.cacheInfo", "{\"hxxp://wedata.net/databases/AutoPagerize/items.json\":{\"url\":\"hxxp://wedata.net/databases/AutoPagerize/items.json\",\"expire\":\"2012-02-12T02:24:04.513Z\"[...]
Line Found : user_pref("speedbitvideodownloader.Var1", "0");
Line Found : user_pref("speedbitvideodownloader.Var10", "0");
Line Found : user_pref("speedbitvideodownloader.Var2", "0");
Line Found : user_pref("speedbitvideodownloader.Var3", "0");
Line Found : user_pref("speedbitvideodownloader.Var4", "0");
Line Found : user_pref("speedbitvideodownloader.Var5", "0");
Line Found : user_pref("speedbitvideodownloader.Var6", "0");
Line Found : user_pref("speedbitvideodownloader.Var7", "0");
Line Found : user_pref("speedbitvideodownloader.Var8", "0");
Line Found : user_pref("speedbitvideodownloader.Var9", "0");
Line Found : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "19/18/9/6/112");
Line Found : user_pref("speedbitvideodownloader.firstlaunch", "0");
Line Found : user_pref("speedbitvideodownloader.guid", "%7BEBE52BF1-3423-B206-D7E9-CE9792E195DB%7D");
Line Found : user_pref("speedbitvideodownloader.userId", "%12");
Line Found : user_pref("speedbitvideodownloader_installed_version", "3.0.5");
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [10626 octets] - [10/11/2013 21:50:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10687 octets] ##########


#4 incarnateunlimited

incarnateunlimited
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 11 November 2013 - 01:31 AM

oh, i also have disable my system restore points as recommended by another forum i found when i first searched about virtumonde. it made sense, every restore point probably has infected sections so i dont want them coming back. just an fyi. i should leave them disabled until i get this thing cleaned up right?



#5 incarnateunlimited

incarnateunlimited
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 11 November 2013 - 01:45 AM

oh ok, u wanted the after-log, sorry. hope u didnt have to read all that last log to find out i deleted it all anyway. i really appreciate you taking the time to help me out here. 

 

here's the adwcleaner report after i hit the clean button and rebooted

# AdwCleaner v3.012 - Report created 10/11/2013 at 22:33:56
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Aaron - KRISTY-IS-SEXXY
# Running from : C:\Users\Aaron\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Aaron\AppData\Local\PackageAware
Folder Deleted : C:\Users\Aaron\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\searchplugins\search.xml
File Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\searchplugins\speedbit.xml
File Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_itunes_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_itunes_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Splashtop Inc.
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Mozilla Firefox v25.0 (en-US)
 
[ File : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://home.speedbit.com/search.aspx?aff=206&q=");
Line Deleted : user_pref("browser.search.order.1", "SpeedBit Search");
Line Deleted : user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?aff=205");
Line Deleted : user_pref("keyword.URL", "hxxp://home.speedbit.com/search.aspx?aff=206&q=");
Line Deleted : user_pref("pagetweak.pref.cacheInfo", "{\"hxxp://wedata.net/databases/AutoPagerize/items.json\":{\"url\":\"hxxp://wedata.net/databases/AutoPagerize/items.json\",\"expire\":\"2012-02-12T02:24:04.513Z\"[...]
Line Deleted : user_pref("speedbitvideodownloader.Var1", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var10", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var2", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var3", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var4", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var5", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var6", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var7", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var8", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var9", "0");
Line Deleted : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "19/18/9/6/112");
Line Deleted : user_pref("speedbitvideodownloader.firstlaunch", "0");
Line Deleted : user_pref("speedbitvideodownloader.guid", "%7BEBE52BF1-3423-B206-D7E9-CE9792E195DB%7D");
Line Deleted : user_pref("speedbitvideodownloader.userId", "%12");
Line Deleted : user_pref("speedbitvideodownloader_installed_version", "3.0.5");
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [10848 octets] - [10/11/2013 21:50:41]
AdwCleaner[S0].txt - [10705 octets] - [10/11/2013 22:33:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10766 octets] ##########


#6 incarnateunlimited

incarnateunlimited
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 11 November 2013 - 02:26 AM

Also every time i start my computer, jucheck (java updater) asks for permission to make changes to my computer, assumingly to update java, but no matter how many tmes i update it , it does it again the next startup, so i stopped allowing it but it still comes up every time and i cant seem to locate it to remove it. It popped up again after the adwclean reboot, so it didnt get taken out with the rest of the trash.

#7 incarnateunlimited

incarnateunlimited
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 11 November 2013 - 02:28 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Aaron on Sun 11/10/2013 at 23:12:27.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{21D9F00B-90CE-43AD-8DB1-73F23C99FA3D}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
heres the jrt log. looks like it didnt find much
 
~~~ FireFox
 
Emptied folder: C:\Users\Aaron\AppData\Roaming\mozilla\firefox\profiles\b8gblbnc.default\minidumps [33 files]
 
 
 
~~~ Event Viewer Logs were cleared


#8 incarnateunlimited

incarnateunlimited
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 11 November 2013 - 03:19 AM

here is the combofix log. i will reactivate my spybot tea timer to keep an eye on it until u get back to me with your diagnosis. thank you again for your help.
 
ComboFix 13-11-10.02 - Aaron 11/10/2013  23:41:49.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6079.4419 [GMT -8:00]
Running from: c:\users\Aaron\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\RegGenie
c:\program files (x86)\RegGenie\RegGenie.ini
c:\windows\RegGenieOnUninstall.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-11 to 2013-11-11  )))))))))))))))))))))))))))))))
.
.
2013-11-11 07:55 . 2012-05-22 08:58 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95E06E61-73DF-48AB-971C-C5D6F6AFF5AF}\gapaengine.dll
2013-11-11 07:53 . 2013-11-11 07:56 -------- d-----w- c:\users\Aaron\AppData\Local\temp
2013-11-11 07:12 . 2013-11-11 07:12 -------- d-----w- c:\windows\ERUNT
2013-11-11 06:36 . 2012-05-22 08:58 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED207613-D7ED-419A-896D-D5AED0F06E37}\gapaengine.dll
2013-11-11 05:49 . 2013-11-11 06:34 -------- d-----w- C:\AdwCleaner
2013-11-10 21:37 . 2013-11-10 21:37 -------- d-----w- c:\users\Aaron\AppData\Local\Apple
2013-11-07 11:28 . 2013-11-07 11:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-07 10:00 . 2013-11-07 10:00 -------- d-----w- c:\users\Aaron\AppData\Local\Adobe
2013-11-07 07:39 . 2013-11-07 07:39 -------- d-----w- c:\users\Aaron\AppData\Roaming\Malwarebytes
2013-11-07 07:39 . 2013-11-07 07:39 -------- d-----w- c:\programdata\Malwarebytes
2013-11-07 07:39 . 2013-11-07 11:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-07 07:39 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-06 07:39 . 2013-11-06 07:39 -------- d-----w- C:\49c51353ced1bc209784
2013-11-06 04:22 . 2013-11-11 07:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-11-06 04:22 . 2013-11-11 07:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-10-27 20:45 . 2013-10-27 20:45 -------- d-----w- c:\program files\McAfee Security Scan
2013-10-19 10:58 . 2013-10-19 10:58 8282192 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-10-17 00:39 . 2013-10-17 00:39 -------- d-----w- c:\program files\Windows Defender
2013-10-16 12:07 . 2013-10-16 12:08 -------- d-----w- c:\windows\system32\MRT
2013-10-16 11:06 . 2013-10-16 11:06 -------- d-----w- c:\users\Aaron\AppData\Roaming\mgyun
2013-10-16 11:06 . 2013-10-16 11:06 -------- d-----w- c:\program files (x86)\VROOT
2013-10-16 09:39 . 2013-10-16 09:39 -------- d-----w- C:\LGMS769
2013-10-16 09:34 . 2010-03-16 01:15 4342088 ----a-w- c:\windows\SysWow64\mfc100.dll
2013-10-16 09:34 . 2013-10-16 10:01 -------- d-----w- c:\programdata\LGMOBILEAX
2013-10-16 09:30 . 2013-06-28 18:45 36352 ----a-w- c:\windows\system32\drivers\lgandnetmodem64.sys
2013-10-16 09:30 . 2013-04-18 23:14 29184 ----a-w- c:\windows\system32\drivers\lgandnetdiag64.sys
2013-10-16 09:30 . 2013-04-18 23:12 31744 ----a-w- c:\windows\system32\drivers\lgandnetadb.sys
2013-10-16 09:27 . 2013-07-26 15:52 -------- d-----w- C:\shttps
2013-10-16 09:27 . 2013-07-26 15:52 -------- d-----w- C:\RootLelus
2013-10-16 09:27 . 2013-07-26 15:52 -------- d-----w- C:\RootFlash
2013-10-15 07:42 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-15 07:42 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-15 07:41 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-10-15 07:41 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-10-15 07:41 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-10-15 07:41 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-10-15 07:41 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-10-15 07:41 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-10-15 07:41 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-15 07:41 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-10-15 07:40 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-15 07:39 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-10-15 07:39 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-10-15 07:39 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-15 07:39 . 2013-05-06 13:39 9060352 ----a-w- c:\windows\system32\mshtml.dll
2013-10-15 07:39 . 2013-02-28 12:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-15 07:39 . 2013-02-28 11:38 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-10-15 07:36 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-15 07:36 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-15 07:36 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-10-15 07:36 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-10-15 07:36 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-10-15 07:36 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-10-15 07:35 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
2013-10-15 07:35 . 2013-06-06 05:49 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-10-15 07:35 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll
2013-10-15 07:35 . 2013-06-06 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-10-15 07:35 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2013-10-15 07:35 . 2013-06-06 04:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-10-15 07:35 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2013-10-15 07:35 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-10-15 07:35 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-10-15 07:35 . 2013-06-06 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-10-15 07:33 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-10-15 07:33 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-10-15 07:33 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-15 07:33 . 2012-11-28 22:56 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-10-15 07:33 . 2012-11-28 22:56 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-10-15 07:32 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-15 07:32 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-10-15 07:31 . 2013-07-12 10:41 185344 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-15 07:31 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-15 07:30 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-15 07:30 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-15 07:29 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-10-15 07:29 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-10-15 07:29 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-10-15 07:28 . 2013-08-28 01:21 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-15 07:26 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-10-15 07:26 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-10-15 07:24 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-10-15 07:24 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-10-15 07:23 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-10-15 07:23 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-10-15 07:23 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-10-15 07:23 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-10-15 07:23 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-10-15 07:23 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-15 07:23 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-15 07:22 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-15 07:21 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-10-15 07:21 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-10-15 07:21 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-10-15 07:21 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-10-15 07:20 . 2013-08-27 09:01 1545728 ----a-w- c:\windows\system32\DWrite.dll
2013-10-15 07:20 . 2013-08-27 09:01 1143296 ----a-w- c:\windows\system32\FntCache.dll
2013-10-15 07:20 . 2013-08-27 08:21 1077760 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-10-15 07:20 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-15 07:20 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-10-15 07:20 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-10-14 21:11 . 2013-10-14 21:11 -------- d-----w- C:\d94e8d08fedc6d2223a6
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-26 08:46 . 2011-12-03 16:39 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-03 22:35 . 2011-12-01 09:06 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-30 296096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ImperioServer"="c:\program files (x86)\Imperio\Imperio Server\ImperioServer.exe" [2011-06-29 2472448]
.
c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2012-6-27 484976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 1082144]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 tapklink;Klink Virtual Network Adapter;c:\windows\system32\DRIVERS\tapklink.sys;c:\windows\SYSNATIVE\DRIVERS\tapklink.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
S2 ImperioService;ImperioService;c:\program files (x86)\Imperio\Imperio Service\ImperioService.exe;c:\program files (x86)\Imperio\Imperio Service\ImperioService.exe [x]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe;c:\windows\SYSNATIVE\nlssrv32.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 04:49 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 11:13]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01 11:13]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205561343-4196608405-3495529560-1000Core.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 22:07]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205561343-4196608405-3495529560-1000UA.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 22:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Aaron\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-12 16414312]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-12-12 95336]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0ADA75D2-CD35-420E-80E1-9E2A1EDBF5A7}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{0ADA75D2-CD35-420E-80E1-9E2A1EDBF5A7}\441697370294E6E60233: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{0ADA75D2-CD35-420E-80E1-9E2A1EDBF5A7}\4527166756C6F6467656: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{0ADA75D2-CD35-420E-80E1-9E2A1EDBF5A7}\544696E62657277686: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{0ADA75D2-CD35-420E-80E1-9E2A1EDBF5A7}\544696E62657277686D27657563747: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{0ADA75D2-CD35-420E-80E1-9E2A1EDBF5A7}\74275656E674962716666656D27657563747: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-10-16 04:11; translator@zoli.bod; c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\b8gblbnc.default\extensions\translator@zoli.bod.xpi
FF - ExtSQL: !HIDDEN! 2010-04-20 08:15; otis@digitalpersona.com; c:\program files (x86)\DigitalPersona\Bin\FirefoxExt
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKLM-Run-B2C_AGENT - c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
Toolbar-Locked - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Android SDK Tools - c:\program files (x86)\Android\android-sdk\uninstall.exe
AddRemove-Eye Candy 6 - c:\progra~1\Adobe\ADOBEP~1.1(6\Plug-ins\Filters\ALIENS~1\EYECAN~1\Unwise32.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,10,88,70,41,17,39,4a,ba,f0,51,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,10,88,70,41,17,39,4a,ba,f0,51,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2013-11-11  00:12:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-11 08:12
.
Pre-Run: 287,424,962,560 bytes free
Post-Run: 287,035,731,968 bytes free
.
- - End Of File - - 7154BC30AE1150B83343DC2C73DD4B12


#9 incarnateunlimited

incarnateunlimited
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 11 November 2013 - 04:12 AM

annnnd heres the security check log. im guessing the java thing is going to be an issue. let me try to update it manually and see if i have success. plus, my windows firewall is still not functioning, and when i ran spy bot the virtumonde was still there. im beginning to think that spybot's definitions might be whats being shown but im not sure. the main symptom now is the firewall not working and mse is still in my starrt menu but wont run says i need to reinstall microsoft security client. spybot seems to be the only active protection program i have running at the momnent and all i seem to be able to get going. other than that, it seems to be doing ok, and i guess ill have to take up my other probelem with realplayer staff (if any exist)
 
 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java™ 6 Update 29  
 Java™ 7 Update 5  
 Java version out of Date! 
  Adobe Flash Player 11.3.300.262 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (25.0) 
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:50 AM

Posted 11 November 2013 - 09:59 AM

You shoud enable the System restore and proceed with the following.

I suggest you remove Spybot and Destry, and TeaTimer using the Add/Remove programs.

You can re-install the application if you want when all is well.
===

Download and run the JAVA UNINSTALLER TOOL
http://www.java.com/en/download/faq/uninstaller_toolinfo.xml
Follow the instructions.


Restart the computer normally to reset the registry.
===

Latest version is Java JRE 7u45 was released on Oct. 15. 2013.
Install it.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

There should be none.

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Again Restart the computer normally.

===

If you still have problem with your Firewall or Microsoft Security Essentials please run this tool.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#11 incarnateunlimited

incarnateunlimited
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 12 November 2013 - 11:07 PM

so it uninstalled the java v.6 i had but it made me install the new version first. the remover isnt downloadable, it had to be run in the browser. I have adobe 11 now, and uninstalled spybot. i cant locate mse or security client in my programs to uninstall it, and my windows firewall is still unable to be turned on. heres the farbar log for that. 
 
Farbar Service Scanner Version: 10-11-2013
Ran by Aaron (administrator) on 12-11-2013 at 19:38:22
Running from "C:\Users\Aaron\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-12 14:03] - [2013-09-27 17:09] - 0497152 ____A (Microsoft Corporation) 79059559E89D06E8B80CE2944BE20228
 
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-12 18:30] - [2013-09-07 18:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

oh, and i reset my system restore and thats active now too



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:50 AM

Posted 13 November 2013 - 08:17 AM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair Proxy Settings
Repair Windows Updates
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
How is it now?

#13 incarnateunlimited

incarnateunlimited
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 13 November 2013 - 06:32 PM

well i ran it, and i still have no firewall. i tried to paste a screenshot of it here but it wont let me so that in the browser. something about my browsers security settings not having direct access to my clipboard and it pops up a window telling me to paste it there with ctrl/cmnd+v but i dont have a cmnd button and its not doing anything with ctrl+v or anything else. will i have to reinstall windows in order to get the firewall back up and running? i really dont want to have to go through all that plus i dont have the windows installer disc. 

 

heres the logs for the tweaking thingy

Starting Repairs...
   Start (11/13/2013 11:53:08 AM)
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (11/13/2013 11:53:08 AM)
   Running Repair Under Current User Account
   Done (11/13/2013 11:53:30 AM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (11/13/2013 11:53:30 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:55:23 AM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (11/13/2013 11:55:23 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:56:30 AM)
 
02 - Reset File Permissions 01/32
   C:\218e462d0762372ba834 & Sub Folders
   Start (11/13/2013 11:56:30 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:56:33 AM)
 
02 - Reset File Permissions 02/32
   C:\49c51353ced1bc209784 & Sub Folders
   Start (11/13/2013 11:56:33 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:56:35 AM)
 
02 - Reset File Permissions 03/32
   C:\4ee830148a70f0bc53d399a1079978 & Sub Folders
   Start (11/13/2013 11:56:35 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:56:38 AM)
 
02 - Reset File Permissions 04/32
   C:\85e38bd0b63c0a523a67729553a0 & Sub Folders
   Start (11/13/2013 11:56:38 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:56:40 AM)
 
02 - Reset File Permissions 05/32
   C:\8aba731903092ffa12beb2 & Sub Folders
   Start (11/13/2013 11:56:40 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:56:43 AM)
 
02 - Reset File Permissions 06/32
   C:\AdwCleaner & Sub Folders
   Start (11/13/2013 11:56:43 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:56:45 AM)
 
02 - Reset File Permissions 07/32
   C:\Android & Sub Folders
   Start (11/13/2013 11:56:45 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:28 AM)
 
02 - Reset File Permissions 08/32
   C:\ArcSoft & Sub Folders
   Start (11/13/2013 11:58:28 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:30 AM)
 
02 - Reset File Permissions 09/32
   C:\Casino & Sub Folders
   Start (11/13/2013 11:58:30 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:33 AM)
 
02 - Reset File Permissions 10/32
   C:\Config.Msi & Sub Folders
   Start (11/13/2013 11:58:33 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:35 AM)
 
02 - Reset File Permissions 11/32
   C:\d94e8d08fedc6d2223a6 & Sub Folders
   Start (11/13/2013 11:58:35 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:38 AM)
 
02 - Reset File Permissions 12/32
   C:\dell & Sub Folders
   Start (11/13/2013 11:58:38 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:40 AM)
 
02 - Reset File Permissions 13/32
   C:\Drivers & Sub Folders
   Start (11/13/2013 11:58:40 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:45 AM)
 
02 - Reset File Permissions 14/32
   C:\e6729f67c9cb092273e30071529272 & Sub Folders
   Start (11/13/2013 11:58:45 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:47 AM)
 
02 - Reset File Permissions 15/32
   C:\f814b2382a9236f908 & Sub Folders
   Start (11/13/2013 11:58:47 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:50 AM)
 
02 - Reset File Permissions 16/32
   C:\inetpub & Sub Folders
   Start (11/13/2013 11:58:50 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:52 AM)
 
02 - Reset File Permissions 17/32
   C:\LGMS695 & Sub Folders
   Start (11/13/2013 11:58:52 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:55 AM)
 
02 - Reset File Permissions 18/32
   C:\LGMS769 & Sub Folders
   Start (11/13/2013 11:58:55 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:58:57 AM)
 
02 - Reset File Permissions 19/32
   C:\Mount & Sub Folders
   Start (11/13/2013 11:58:57 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:59:00 AM)
 
02 - Reset File Permissions 20/32
   C:\PerfLogs & Sub Folders
   Start (11/13/2013 11:59:00 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:59:02 AM)
 
02 - Reset File Permissions 21/32
   C:\Perl64 & Sub Folders
   Start (11/13/2013 11:59:02 AM)
   Running Repair Under System Account
   Done (11/13/2013 11:59:44 AM)
 
02 - Reset File Permissions 22/32
   C:\Program Files & Sub Folders
   Start (11/13/2013 11:59:45 AM)
   Running Repair Under System Account
   Done (11/13/2013 12:00:02 PM)
 
02 - Reset File Permissions 23/32
   C:\Program Files (x86) & Sub Folders
   Start (11/13/2013 12:00:02 PM)
   Running Repair Under System Account
   Done (11/13/2013 12:02:44 PM)
 
02 - Reset File Permissions 24/32
   C:\ProgramData & Sub Folders
   Start (11/13/2013 12:02:44 PM)
   Running Repair Under System Account
   Done (11/13/2013 12:03:45 PM)
 
02 - Reset File Permissions 25/32
   C:\Qoobox & Sub Folders
   Start (11/13/2013 12:03:45 PM)
   Running Repair Under System Account
   Done (11/13/2013 12:03:48 PM)
 
02 - Reset File Permissions 26/32
   C:\RegBackup & Sub Folders
   Start (11/13/2013 12:03:48 PM)
   Running Repair Under System Account
   Done (11/13/2013 12:03:50 PM)
 
02 - Reset File Permissions 27/32
   C:\RootFlash & Sub Folders
   Start (11/13/2013 12:03:50 PM)
   Running Repair Under System Account
   Done (11/13/2013 12:03:53 PM)
 
02 - Reset File Permissions 28/32
   C:\RootLelus & Sub Folders
   Start (11/13/2013 12:03:53 PM)
   Running Repair Under System Account
   Done (11/13/2013 12:03:55 PM)
 
02 - Reset File Permissions 29/32
   C:\RootLelusJB & Sub Folders
   Start (11/13/2013 12:03:55 PM)
   Running Repair Under System Account
   Done (11/13/2013 12:03:58 PM)
 
02 - Reset File Permissions 30/32
   C:\shttps & Sub Folders
   Start (11/13/2013 12:03:58 PM)
   Running Repair Under System Account
   Done (11/13/2013 12:04:00 PM)
 
02 - Reset File Permissions 31/32
   C:\Temp & Sub Folders
   Start (11/13/2013 12:04:00 PM)
   Running Repair Under System Account
   Done (11/13/2013 12:04:03 PM)
 
02 - Reset File Permissions 32/32
   C:\Windows & Sub Folders
   Start (11/13/2013 12:04:03 PM)
   Running Repair Under System Account
   Done (11/13/2013 12:09:13 PM)
 
02 - Reset File Permissions: Cleanup
    & Sub Folders
   Start (11/13/2013 12:09:13 PM)
   Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Application Data>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Desktop>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Documents>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Favorites>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Templates>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Documents>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Templates>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default User>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Application Data>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Cookies>
Reading the SD from <\\?\C:\Users\Default\Cookies> failed with: The system cannot find the file specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the file specified.
 
Processing ACL of: <\\?\C:\Users\Default\Local Settings>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\My Documents>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\NetHood>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Recent>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\SendTo>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Templates>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>
 
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\Application Data>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\Application Data> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\Cookies>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\Cookies> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\Local Settings>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\Local Settings> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\My Documents>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\My Documents> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\NetHood>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\NetHood> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\PrintHood>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\PrintHood> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\Recent>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\Recent> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\SendTo>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\SendTo> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\Start Menu>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\Start Menu> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\Templates>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\Templates> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\AppData\Local\Application Data> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\AppData\Local\History>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\AppData\Local\History> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\AppData\Local\Temporary Internet Files>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\AppData\Local\Temporary Internet Files> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\Documents\My Music>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\Documents\My Music> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\Documents\My Pictures> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
Processing ACL of: <\\?\C:\Users\KRISTY-IS-SEXXY$\Documents\My Videos>
Reading the SD from <\\?\C:\Users\KRISTY-IS-SEXXY$\Documents\My Videos> failed with: The system cannot find the path specified.
 
 
SetACL finished with error(s): 
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.
 
   Done (11/13/2013 12:09:18 PM)
 
03 - Register System Files
   Start (11/13/2013 12:09:18 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/13/2013 12:09:54 PM)
 
04 - Repair WMI
   Start (11/13/2013 12:09:54 PM)
   Running Repair Under Current User Account
   Done (11/13/2013 12:12:39 PM)
 
05 - Repair Windows Firewall
   Start (11/13/2013 12:12:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/13/2013 12:12:48 PM)
 
06 - Repair Internet Explorer
   Start (11/13/2013 12:12:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/13/2013 12:13:46 PM)
 
07 - Repair MDAC/MS Jet
   Start (11/13/2013 12:13:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/13/2013 12:14:10 PM)
 
08 - Repair Hosts File
   Start (11/13/2013 12:14:10 PM)
   Running Repair Under System Account
   Done (11/13/2013 12:14:12 PM)
 
09 - Remove Policies Set By Infections
   Start (11/13/2013 12:14:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/13/2013 12:14:17 PM)
 
14 - Repair Proxy Settings
   Start (11/13/2013 12:14:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/13/2013 12:14:22 PM)
 
16 - Repair Windows Updates
   Start (11/13/2013 12:14:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/13/2013 12:15:24 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done (11/13/2013 12:15:24 PM)
   Total Repair Time: 00:22:16
 
 
...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account
The Windows Firewall service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The Internet Connection Sharing (ICS) service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The Base Filtering Engine service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
System error 1079 has occurred.
 
The account specified for this service is different from the account specified for other services running in the same process.
 
System error 1068 has occurred.
 
The dependency service or group failed to start.
 
System error 1068 has occurred.
 
The dependency service or group failed to start.
 
The Windows Firewall service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The Internet Connection Sharing (ICS) service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
The Base Filtering Engine service is not started.
 
More help is available by typing NET HELPMSG 3521.
 
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
System error 1079 has occurred.
 
The account specified for this service is different from the account specified for other services running in the same process.
 
System error 1068 has occurred.
 
The dependency service or group failed to start.
 
System error 1068 has occurred.
 
The dependency service or group failed to start.
 
holy bleep the windows update repair log is a mile long! i dont think thats entirely relevant fot this issue anyways but if you do need it for some reason, let me know and ill paste it too. otherwise ill spare you the crazy length of it. 


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:50 AM

Posted 14 November 2013 - 08:38 AM


Please run the SFC.EXE.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

The scan will also create this Attach.txt log I would also like to see the content.
You may attach that file.
===

#15 incarnateunlimited

incarnateunlimited
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 14 November 2013 - 06:53 PM

i ran the sfc tool from the adm cmd prompt and the result was Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log which i read through and found a lot of things that looked bad but couldn't understand, like:

 

CSI    0000007c Ignoring duplicate ownership for directory [l:80{40}]"\??\C:\ProgramData\Microsoft\Crypto\Keys" in component Microsoft-Windows-Crypto-keys, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

 

and to show contrast for the ones that did work, sandwiched in there is repaired ones and then the ones im not sure did or not.

 
 CSI    0000026d [SR] Repairing corrupted file [ml:520{260},l:74{37}]"\??\C:\Program Files\DVD Maker\Shared"\[l:18{9}]"Parity.fx" from store
2013-11-14 14:28:51, Info                  CSI    0000026e Ignoring duplicate ownership for directory [l:60{30}]"\??\C:\Program Files\DVD Maker" in component Microsoft-Windows-GPUPipeline, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
 
2013-11-14 14:28:51, Info                  CSI    0000026f Ignoring duplicate ownership for directory [l:74{37}]"\??\C:\Program Files\DVD Maker\Shared" in component Microsoft-Windows-GPUPipeline, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
 
2013-11-14 14:28:51, Info                  CSI    00000270 [SR] Repairing corrupted file [ml:520{260},l:136{68}]"\??\C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js"\[l:38{19}]"highDpiImageSwap.js" from store
2013-11-14 14:28:51, Info                  
 
it says in the instructions on the link you gave me for manually repairing corrupted entries that i must first locate the corrupted and unrepairable paths in the log, then locate an uncorrupted good version of that path, and take ownership of it, and replace it with the good path. but i am having trouble because i don't exactly know which ones are the bad paths and werent successfully repaired using the sfc tool.
 
are these (above) examples of corrupted and unrepaired paths? ie the ones ignoring duplicate ownership of directory c:\x\y\z? and if so, will i have to go through and manually repair every one? and if so, where can i locate good ones to replace them with? i dont have anyone who has a computer running win 7 nearby who would let me on their computer long enough to run the tool and physically locate all the paths necessary for this.
 
is there some online storehouse of good paths for windows 7 pro that i can go to from here? and did you want me to complete the manual repair before running the dds tool? or would the dds tool be able to help with the corrupted paths?

 

i am looking at the log and there are a LOT of those "ignoring duplicate ownership" entries. i would have to paste the thing in sections in order to post it here its really long, and i hate to imagine having you go through the whole bleeping thing for me to find the right paths that didnt get repaired. youve already helped me immensely this far, and i honestly wish i had some sort of way to pay you for this time youve spent here but im kinda living hand to mouth at the moment. i guess i can paste a section of it thats not too big to digest and you can tell me where to go from there, or i can just run the dds tool and let you see the log from that, i imagine it might have some of the same info in it. 

 

judging from my level of understanding, i think ill just paste the sfc log here in a few sections. disregard it if its not necessary for me to proceed. if you can point out to me the proper paths in a few examples of what to look for to find out which ones didnt get repaired with the tool and then maybe point me to somewhere that i can get good ones to manually replace, im fairly confident that i can hack that once i get an idea for what to look for in the log, and i have a loose memory from running ms dos when i was a kid to be able to use the cmd prompt to manually replace them once i have the good ones. i imagine that the dds tool wont come into play until ive successfully replaced all the corrupted files anyway right? 

so heres the CBS.log:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users