Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess rootkit - Cannot Update Windows & Firewall not working


  • This topic is locked This topic is locked
16 replies to this topic

#1 leothefox

leothefox

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 08 December 2013 - 02:38 PM

Hi, originally posted this in the 'Am I infected?' section and a helpful advisor called 'Broni' gave me a list of steps to follow to ascertain just what was wrong with my PC. After a series of programs and scans he told me I was infected with the ZeroAccess Rootkit and to post the issue here after running a program called DDS and attaching the logs DDS provided. Following is my model of PC and the problems I am experiencing, presumably as a result of this infection -

 

PC Model: Acer Aspire M3910
Operating System: Windows 7 Home Premium 64-bit

A full dxdiag diagnostic is available on the original 'Am I Infected?' topic, here: http://www.bleepingcomputer.com/forums/t/516764/am-i-infected-cannot-update-windows-firewall-not-working-error-0x6d9/#entry3227468
 
Problems: I cannot run Windows Updater or switch on Windows Firewall. On a possibly related note, Windows .NET framework refuses to install or work properly on my PC. I understand these are common issues with Malware infection.
 
Windows Updater: When I attempt to check for updates the updater simply says that the "service is not running" I have been unable to turn the service on by any method I have tried. Whenever I run the inbuilt troubleshooter and recommended Microsoft Fixit files, they merely say they have either fixed the problem or not detected the problem. Sadly, this isn't the case as the problem has not been resolved at all. When I ran the troubleshooter recently, it provided a report which I have attached as a .pdf in the hope it may help lead to a solution.
 
Windows Firewall: The Firewall says is is 'Not running reccommended settings' and will not restore those recommended settings if I ever click the button to 'fix' the issue. If I open 'Windows Firewall with Advanced Security' the program merely states "there was an error opening the Windows Firewall with Advanced Security snap-in. The Windows Firewall with advanced security snap-in failed to load. Restart the Windows Firewall service on the computer you are managing. Error Code: 0x6D9
 

What have I done to try and fix the problem?: This problem has persisted for a long time on my PC, since it has rarely actually caused me any major problems with working my PC I have largely ignored it. I have, however attempted varying fixes for these issues which I cannot remember. Recently however, I took the steps advised to me by BC Advisor Broni which included...

Downloading and running the Farbar Service Scanner

Downloading and running 'MiniToolBox'

Downloading and running Malwarebytes' Anti-Malware

Downloading and running Malwarebytes Anti-Rootkit - NOTE: This program actually crashed whilst I was running it, but seemingly the logs from the previous scans/fixes were enough for Broni to identify that the issue was ZeroAccess.

These logs should all be visible in the original 'Am I Infected?' topic - here: http://www.bleepingcomputer.com/forums/t/516764/am-i-infected-cannot-update-windows-firewall-not-working-error-0x6d9/#entry3227468

 

Lastly, and before I post the contents of the DDS.txt log, thank you. I appreciate that you people are not paid to help idiots like me fix our virus-ridden computers on here. I appreciate all the time and help I have recieved so far and am sure any help I recieve from this point onwards will be just as helpful. I know to be patient and not to expect anything for a few days, I should be alright, the infection doesn't seem to have crippled my computer's functionality. Regardless of what happens, thank you again.

 

Thus follows a the 'DDS.txt' log produced by DDS - I have attached the 'attach.txt' log to this topic as requested.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 10.45.2
Run by Joel at 19:09:26 on 2013-12-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2999.981 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\dlbkcoms.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Joel\Forefront UAG Remote Access Agent\izthebruntsorg\access1\uagqecsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell AIO Printer A920\DLBKbmgr.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Dell AIO Printer A920\dlbkbmon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Joel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Device Integrator\DI_HIDServer.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Users\Joel\Desktop\mbar-1.07.0.1008.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Joel\Desktop\mbar\mbar.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\Joel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [WindowsLiveDeviceIntegrator] C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Joel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Joel\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{6B3903BF-A457-47E5-9A96-2FBEC8719C97} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9DAC7E94-6698-4443-91FE-67C4694BA153} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://acer.msn.com
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [dlbkbmgr.exe] "C:\Program Files (x86)\Dell AIO Printer A920\dlbkbmgr.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\hfthln7v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Joel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Joel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-8-18 591192]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-8-18 304472]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-8-18 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-8-18 66904]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-11-26 72216]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-8 25928]
S3 CoachVid;CoachVid;C:\Windows\System32\drivers\CoachVc.sys [2011-11-23 66336]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
.
=============== Created Last 30 ================
.
2013-12-08 12:02:08    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-08 12:02:07    117464    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2013-12-08 12:01:22    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-08 10:29:27    --------    d-----w-    C:\Users\Joel\AppData\Roaming\Malwarebytes
2013-12-08 10:29:15    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-08 10:29:14    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-08 10:29:14    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-08 10:09:37    --------    d-----w-    C:\Users\Joel\AppData\Local\{4004DED3-586D-4F9B-93B6-A7A11C9C08EE}
2013-12-08 00:33:33    --------    d-----w-    C:\Users\Joel\AppData\Local\{B7CDE44B-29CB-48FF-AADA-45D8EE9BD65F}
2013-12-07 12:09:58    --------    d-----w-    C:\Users\Joel\AppData\Local\{5D86F490-F90D-4823-907F-ED69117CE6BC}
2013-12-06 18:42:28    --------    d-----w-    C:\Users\Joel\AppData\Local\{D80DEC40-BB92-4CEE-A424-1A608C3A74E5}
2013-12-06 00:02:48    --------    d-----w-    C:\Users\Joel\AppData\Local\{E5DC70D9-F550-4BE5-931B-417C8DA8D7EE}
2013-12-05 12:02:22    --------    d-----w-    C:\Users\Joel\AppData\Local\{A65D56DE-7AFA-4D93-A90A-624336632186}
2013-12-04 22:23:29    --------    d-----w-    C:\Users\Joel\AppData\Local\{EC221E4B-548C-4D96-BA88-A8BECC3F7D56}
2013-12-04 10:23:03    --------    d-----w-    C:\Users\Joel\AppData\Local\{827AAB4E-4F8C-4518-B0A4-9D29B55069CA}
2013-12-03 19:36:06    --------    d-----w-    C:\Users\Joel\AppData\Local\{0D257FD9-E126-46B0-82F8-605DD9335BD9}
2013-12-03 07:35:39    --------    d-----w-    C:\Users\Joel\AppData\Local\{150A12E5-13D6-4D40-980E-8674B7C3011E}
2013-12-02 18:02:34    --------    d-----w-    C:\Users\Joel\AppData\Local\{8B7AAA7A-506A-465C-8AC7-D8729A3C3BC7}
2013-12-01 12:24:08    --------    d-----w-    C:\Users\Joel\AppData\Local\{042FFC3D-BF82-419A-B45A-DB0A774C8229}
2013-11-30 10:56:56    --------    d-----w-    C:\Users\Joel\AppData\Local\{63D8D5D3-71C6-4E27-8F96-615AF3596FDB}
2013-11-29 19:58:59    --------    d-----w-    C:\Users\Joel\AppData\Local\ApplicationHistory
2013-11-29 19:11:57    --------    d-----w-    C:\Users\Joel\AppData\Local\{73002D9F-DD31-40F3-BE4B-CFA99E15CB0F}
2013-11-29 19:02:08    --------    d-----w-    C:\Windows\SysWow64\URTTEMP
2013-11-29 19:01:22    724992    ----a-w-    C:\Windows\iun6002.exe
2013-11-29 18:53:21    --------    d-----w-    C:\Program Files (x86)\FireWarrior
2013-11-29 18:00:56    --------    d-----w-    C:\Users\Joel\AppData\Local\{F85CF3AD-47B6-4596-A550-F9EF9F462F81}
2013-11-28 11:16:48    --------    d-----w-    C:\Users\Joel\AppData\Local\{5936B68B-D52B-4505-B1E5-6258816304DD}
2013-11-27 19:43:04    --------    d-----w-    C:\Users\Joel\AppData\Local\{C600B850-1BF8-4D46-9FC7-1FFD8DA6EFED}
2013-11-27 07:40:17    --------    d-----w-    C:\Users\Joel\AppData\Local\{E9859CC2-9C4A-41C9-991B-8C6170456FDA}
2013-11-26 19:27:18    --------    d-----w-    C:\Users\Joel\AppData\Local\{EA9F7F39-2A2F-436A-8B38-DD8AFB714C8D}
2013-11-26 07:07:04    --------    d-----w-    C:\Users\Joel\AppData\Local\{E350CD1D-9D8D-4DEC-AE80-6878EF039E42}
2013-11-25 14:40:27    --------    d-----w-    C:\Users\Joel\AppData\Local\{015C4E07-001C-40F7-943F-667FB3736422}
2013-11-24 13:33:33    --------    d-----w-    C:\Users\Joel\AppData\Local\{82379AD5-C08B-4C2E-9A4A-323FB48A160C}
2013-11-23 13:17:04    --------    d-----w-    C:\Users\Joel\AppData\Local\{472E5213-BD67-41EA-86F4-E8474DDD8430}
2013-11-22 18:00:38    --------    d-----w-    C:\Users\Joel\AppData\Local\{82491710-1495-4440-984F-3760784770F4}
2013-11-21 11:53:10    --------    d-----w-    C:\Users\Joel\AppData\Local\{47A1B999-DF31-4E56-AEF3-FA0635A766A7}
2013-11-20 11:44:44    --------    d-----w-    C:\Users\Joel\AppData\Local\{34E46155-2BC3-4D79-AA74-2739D477C8E3}
2013-11-19 21:43:29    --------    d-----w-    C:\Users\Joel\AppData\Local\{54D0EDA2-3721-4E66-8933-A0D6C2A805E0}
2013-11-19 18:02:37    --------    d-----w-    C:\Users\Joel\AppData\Local\{4D0E38CC-24DC-41B5-97AF-815525207CFB}
2013-11-18 19:43:43    --------    d-----w-    C:\Users\Joel\AppData\Local\{220BCDF2-8A92-4C59-A366-3D243EF50253}
2013-11-18 07:43:18    --------    d-----w-    C:\Users\Joel\AppData\Local\{DA92BDF3-CA0B-458D-9BA7-FC8D3D8AC190}
2013-11-17 12:29:27    --------    d-----w-    C:\Users\Joel\AppData\Local\{69193E76-4A65-4D0D-8132-31B26CAB6128}
2013-11-16 12:32:05    --------    d-----w-    C:\Users\Joel\AppData\Local\{E5718C76-FD39-4C25-AEE2-CA3D44EFFB72}
2013-11-15 18:34:13    --------    d-----w-    C:\Users\Joel\AppData\Local\{78B0E23D-F520-4EE5-8D58-BEB2C6967939}
2013-11-14 11:37:29    --------    d-----w-    C:\Users\Joel\AppData\Local\{E4AEF0EA-25FB-4C17-9EA6-FF05F7BBA669}
2013-11-13 11:36:51    --------    d-----w-    C:\Users\Joel\AppData\Local\{EB3AEFB0-D5FC-46CD-A0BF-866D34AA4DB7}
2013-11-12 19:28:48    --------    d-----w-    C:\Users\Joel\AppData\Local\{109AC606-6194-4EE7-9F84-B154E1A54621}
2013-11-12 07:28:22    --------    d-----w-    C:\Users\Joel\AppData\Local\{492DEAA5-0BEA-4EDF-93C9-565A0EA76E46}
2013-11-11 13:48:03    --------    d-----w-    C:\Users\Joel\AppData\Local\{C5A9E5CB-4ED5-4692-8F01-272623FFEFD0}
2013-11-10 13:02:00    --------    d-----w-    C:\Users\Joel\AppData\Local\{3725E1F1-C633-40F5-9090-63EC4696E3F8}
2013-11-09 12:40:04    --------    d-----w-    C:\Users\Joel\AppData\Local\{725ADF7B-D80A-4DDC-9752-50EF52060F6E}
.
==================== Find3M  ====================
.
2013-10-08 22:34:40    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 22:34:40    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-08 22:34:32    17813896    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-08 06:50:37    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 19:12:41.92 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 10 December 2013 - 09:14 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean! 
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
  • icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #3 leothefox

    leothefox
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 11 December 2013 - 06:30 AM

    Thank you.

     

    FRST.txt was too large to attach to this reply (3.69MB), and would crash my internet whenever I attempted to copy/paste it into the response. As such I uploaded it to a filesharing site - it should be viewable/downloadable here:
    https://www.mediafire.com/?gyaeb6rzak6nbl4

    Hopefully this is acceptable, sorry I couldn't copy/paste it into the reply like you requested.

     

    Addition.txt has been attached to this reply.

    Attached Files



    #4 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:24 PM

    Posted 11 December 2013 - 09:13 PM

    Please do this next:

    icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

    C:\Users\Joel\AppData\Local\{96c8903d-4543-4e14-685d-bbcd3f783bff}
    C:\Windows\Installer\{96c8903d-4543-4e14-685d-bbcd3f783bff}
    HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Joel\AppData\Local\{96c8903d-4543-4e14-685d-bbcd3f783bff}\n. ATTENTION! ====> ZeroAccess?
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog9 01 mswsock.dll File Not found ()
    Winsock: Catalog9 02 mswsock.dll File Not found ()
    Winsock: Catalog9 03 mswsock.dll File Not found ()
    Winsock: Catalog9 04 mswsock.dll File Not found ()
    Winsock: Catalog9 05 mswsock.dll File Not found ()
    Winsock: Catalog9 06 mswsock.dll File Not found ()
    Winsock: Catalog9 07 mswsock.dll File Not found ()
    Winsock: Catalog9 08 mswsock.dll File Not found ()
    Winsock: Catalog9 09 mswsock.dll File Not found ()
    Winsock: Catalog9 10 mswsock.dll File Not found ()
    Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
    cmd: netsh winsock reset
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now run FRST again.
    • When the tool opens click Yes to disclaimer.
    • Press the Fix button just once and wait.
    • The tool will make a log (Fixlog.txt) please post it to your reply.

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #5 leothefox

    leothefox
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 12 December 2013 - 05:17 AM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-12-2013
    Ran by Joel at 2013-12-12 10:15:48 Run:1
    Running from C:\Users\Joel\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    C:\Users\Joel\AppData\Local\{96c8903d-4543-4e14-685d-bbcd3f783bff}
    C:\Windows\Installer\{96c8903d-4543-4e14-685d-bbcd3f783bff}
    HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Joel\AppData\Local\{96c8903d-4543-4e14-685d-bbcd3f783bff}\n. ATTENTION! ====> ZeroAccess?
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog9 01 mswsock.dll File Not found ()
    Winsock: Catalog9 02 mswsock.dll File Not found ()
    Winsock: Catalog9 03 mswsock.dll File Not found ()
    Winsock: Catalog9 04 mswsock.dll File Not found ()
    Winsock: Catalog9 05 mswsock.dll File Not found ()
    Winsock: Catalog9 06 mswsock.dll File Not found ()
    Winsock: Catalog9 07 mswsock.dll File Not found ()
    Winsock: Catalog9 08 mswsock.dll File Not found ()
    Winsock: Catalog9 09 mswsock.dll File Not found ()
    Winsock: Catalog9 10 mswsock.dll File Not found ()
    Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
    Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
    cmd: netsh winsock reset
    *****************

    C:\Users\Joel\AppData\Local\{96c8903d-4543-4e14-685d-bbcd3f783bff} => Moved successfully.
    C:\Windows\Installer\{96c8903d-4543-4e14-685d-bbcd3f783bff} => Moved successfully.
    HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
    Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5 entry 000000000007\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
    The possible legit Catalog entry 000000000001 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000002 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000003 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000004 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000005 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000006 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000007 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000008 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000009 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000010 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5-x64 entry 000000000007\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
    The possible legit Catalog entry 000000000001 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000002 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000003 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000004 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000005 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000006 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000007 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000008 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000009 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
    The possible legit Catalog entry 000000000010 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.

    =========  netsh winsock reset =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ==== End of Fixlog ====



    #6 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:24 PM

    Posted 12 December 2013 - 07:01 PM

    Please do this next:
     
    icon11.gif  Download Combofix from HERE, and save it to your desktop.  
     
    **Note:  It is important that it is saved directly to your desktop**
     
    --------------------------------------------------------------------
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
    --------------------------------------------------------------------
     
    Double click on ComboFix.exe & follow the prompts. 
    • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
  • .
    Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.
     
    Please include the following in your next post:
    • ComboFix log

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #7 leothefox

    leothefox
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 12 December 2013 - 07:54 PM

    Note: I set Avast! To turn off permenantly, but I'm not 100% sure it did so. When I ran the scan, Avast was supposedly turned off according to it's own tabs and labels (All reading 'System unsecured! All Shields not enabled!'), but ComboFix seems to believe it was turned on. I'm not sure whether or not this has caused a problem. The system has rebooted and is functioning normally, so if it has caused an issue it hopefully hasn't been a machine-crippling one. Sorry if this has caused any bother.

     

    ComboFix 13-12-12.03 - Joel 13/12/2013   0:28.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2999.1466 [GMT 0:00]
    Running from: c:\users\Joel\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\iun6002.exe
    c:\windows\SysWow64\frapsvid.dll
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-11-13 to 2013-12-13  )))))))))))))))))))))))))))))))
    .
    .
    2013-12-13 00:41 . 2013-12-13 00:41    69000    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC6E3D2C-FBD8-4708-B7E2-F436337109F1}\offreg.dll
    2013-12-13 00:38 . 2013-12-13 00:38    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2013-12-11 11:13 . 2013-12-12 10:15    --------    d-----w-    C:\FRST
    2013-12-08 12:02 . 2013-12-08 12:03    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-12-08 12:02 . 2013-12-08 12:02    117464    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
    2013-12-08 12:01 . 2013-12-08 12:01    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2013-12-08 10:29 . 2013-12-08 10:29    --------    d-----w-    c:\users\Joel\AppData\Roaming\Malwarebytes
    2013-12-08 10:29 . 2013-12-08 10:29    --------    d-----w-    c:\programdata\Malwarebytes
    2013-12-08 10:29 . 2013-12-08 10:29    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-12-08 10:29 . 2013-04-04 14:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2013-11-29 19:58 . 2013-11-29 19:59    --------    d-----w-    c:\users\Joel\AppData\Local\ApplicationHistory
    2013-11-29 19:02 . 2013-11-29 19:02    --------    d-----w-    c:\windows\SysWow64\URTTEMP
    2013-11-29 18:53 . 2013-11-29 19:01    --------    d-----w-    c:\program files (x86)\FireWarrior
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-11 00:34 . 2012-11-23 09:36    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-11 00:34 . 2012-11-23 09:36    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2013-10-08 06:50 . 2013-10-21 17:29    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    130736    ----a-w-    c:\users\Joel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    130736    ----a-w-    c:\users\Joel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    130736    ----a-w-    c:\users\Joel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 03:40    120176    ----a-w-    c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-19 39408]
    "Facebook Update"="c:\users\Joel\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
    "Desura"="c:\program files (x86)\Desura\desura.exe" [2013-09-05 2529096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "WindowsLiveDeviceIntegrator"="c:\program files (x86)\Windows Live\Device Integrator\wldi.exe" [2010-09-24 245544]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
    .
    c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Joel\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [x]
    R3 CoachVid;CoachVid;c:\windows\system32\DRIVERS\CoachVc.sys;c:\windows\SYSNATIVE\DRIVERS\CoachVc.sys [x]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
    R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [x]
    S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe;c:\windows\SYSNATIVE\dlbkcoms.exe [x]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\users\Joel\Forefront UAG Remote Access Agent\izthebruntsorg\access1\uagqecsvc.exe;c:\users\Joel\Forefront UAG Remote Access Agent\izthebruntsorg\access1\uagqecsvc.exe [x]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
    S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys;c:\windows\SYSNATIVE\DRIVERS\rtl819xp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-23 00:34]
    .
    2013-12-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1574777461-4277812014-1340171235-1003Core.job
    - c:\users\Joel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-24 09:50]
    .
    2013-12-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1574777461-4277812014-1340171235-1003UA.job
    - c:\users\Joel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-24 09:50]
    .
    2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 11:16]
    .
    2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 11:16]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01    134384    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Joel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Joel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Joel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Joel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 03:42    137584    ----a-w-    c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-24 9642528]
    "dlbkbmgr.exe"="c:\program files (x86)\Dell AIO Printer A920\dlbkbmgr.exe" [2007-03-28 275952]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    mDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\hfthln7v.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Toolbar-Locked - (no file)
    HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
    AddRemove-FireWarriorA00 - c:\windows\iun6002.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1574777461-4277812014-1340171235-1003\Software\SecuROM\License information*]
    "datasecu"=hex:ec,e4,d7,8e,26,1e,c0,7a,1c,13,fa,37,8c,8e,61,e6,0c,e9,55,de,fe,
       81,b8,c4,58,01,5e,71,92,28,d0,32,03,fd,9b,54,44,0a,fa,ed,cf,34,50,5f,d5,0a,\
    "rkeysecu"=hex:0f,7e,ef,12,32,67,78,e7,a3,86,09,a9,40,4e,1a,81
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2013-12-13  00:46:51 - machine was rebooted
    ComboFix-quarantined-files.txt  2013-12-13 00:46
    .
    Pre-Run: 57,667,977,216 bytes free
    Post-Run: 63,024,295,936 bytes free
    .
    - - End Of File - - 96699AAEECCD2F0BAE9F5CA9DF55C7DC
     



    #8 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:24 PM

    Posted 12 December 2013 - 11:33 PM

    Please do this next:

    icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

    icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

    Open MBAM
    • Click the Update tab
    • Click Check for Updates
    • If an update is found, it will download and install the latest version.
    • The program will close to update and reopen.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
    • Make sure that everything else is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

    Please include the following in your next post:
    • adwCleaner log
    • MBAM log


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #9 leothefox

    leothefox
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 13 December 2013 - 12:32 PM

    NOTE: Soon AFTER these two logs had been created, Windows decided to automatically update itself (running through quite a backlog... around 131 updates). I told the updater to stop, but this only seems to have stopped about 8 updates (Two 'important' ones - both to do with .NET framework and 6 'unimportant' ones.) I hope this hasn't caused any major issues...

     

    AdwCleaner Report

     

    # AdwCleaner v3.015 - Report created 13/12/2013 at 14:42:39
    # Updated 10/12/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Joel - SQUEAKIE-ACER
    # Running from : C:\Users\Joel\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Found C:\ProgramData\apn
    Folder Found C:\ProgramData\Ask

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\Software\InstallIQ
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16448


    -\\ Mozilla Firefox v26.0 (en-GB)

    [ File : C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\hfthln7v.default\prefs.js ]


    [ File : C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\a8pwi17y.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [2401 octets] - [13/12/2013 14:42:39]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2461 octets] ##########
     

     

    MBAM Log

     

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.13.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Joel :: SQUEAKIE-ACER [administrator]

    Protection: Enabled

    13/12/2013 14:46:52
    mbam-log-2013-12-13 (14-46-52).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 872547
    Time elapsed: 2 hour(s), 26 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Edited by leothefox, 13 December 2013 - 02:06 PM.


    #10 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:24 PM

    Posted 13 December 2013 - 04:41 PM

    How is your computer running now?  Please do this next:

    icon11.gif  Double click on AdwCleaner.exe to run the tool again.

    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

    icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

    Please include the following in your next post:
    • How is the computer running?
    • adwCleaner log
    • ESET log


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #11 leothefox

    leothefox
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 13 December 2013 - 04:56 PM

    Note: Posting before running and removing with adwCleaner & just scanning with ESET with how my PC is running. I'll mention if performance has changed at all when I post back with the logs.

     

    How is my computer running?: Everything seems fine, frankly. The virus didn't seem to be making it run slow or anything like that, it simply didn't let Windows Updater, Windows Firewall/Defender and .NET framework function (to my knowledge, it may have had other issues I hadn't noticed). Currently the PC seems to be absolutely fine. Rebooted it a few times, no issues there either. I think it's possible the computer is running a little faster, but that could be paranoia.

    I'll now run adwCleaner and ESET.



    #12 leothefox

    leothefox
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 13 December 2013 - 05:04 PM

    Note: PC still running fine.

    AdwCleaner[S0].txt

     

    # AdwCleaner v3.015 - Report created 13/12/2013 at 21:58:19
    # Updated 10/12/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Joel - SQUEAKIE-ACER
    # Running from : C:\Users\Joel\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Ask

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\Software\InstallIQ

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16750


    -\\ Mozilla Firefox v26.0 (en-GB)

    [ File : C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\hfthln7v.default\prefs.js ]


    [ File : C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\a8pwi17y.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [2553 octets] - [13/12/2013 14:42:39]
    AdwCleaner[R1].txt - [2614 octets] - [13/12/2013 21:57:27]
    AdwCleaner[S0].txt - [2571 octets] - [13/12/2013 21:58:19]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2631 octets] ##########
     



    #13 leothefox

    leothefox
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 13 December 2013 - 08:07 PM

    Ran ESET. Sorry for the slow reply, ESET took 2 hours 45 mins to complete... the log was too big to post in the reply or to attach to it, so I uploaded it to a filehost site again, here's the link.

     

    ESETLOG

    https://www.mediafire.com/?azu0bwe08kmz01g

     

    Note: Despite my efforts, Winows Updater decided to update again. This time installing about 36 updates. I think I have managed to properly set Windows Update to stop updating for the time being now and will be able to switch it on again once you've sounded the all clear on my PC. This set of updates does not seem to have any immediately negative or positive effects on my PC. I rebooted the PC several times to ensure everything was working alright and everything does indeed seem to be fine. Sorry if this has caused any issues (again).


    Edited by leothefox, 13 December 2013 - 09:22 PM.


    #14 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:24 PM

    Posted 14 December 2013 - 12:12 AM

    Your logs look good!  Those ESET detections are all files that we have already quarantined and they will be removed with these steps.  All I have left for you is some housekeeping:

    icon11.gif  Uninstall ComboFix

    • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
      Combofix /Uninstall

    Combofix_uninstall_image.jpg

    icon11.gif  Delete the following tools along with any other logs you saved from our work:


    • DDS
    • FRST (Also, navigate to and delete the c:\FRST folder)

    icon11.gif  Double click on AdwCleaner.exe to run the tool again.


    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.

    icon11.gif  Download TFC to your desktop


    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't,  manually reboot to ensure a complete clean

    icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:


    • Restart any anti-malware programs that we disabled while we were cleaning your machine.
    • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
    • Please read this post for some helpful information.

    Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!


    Edited by RPMcMurphy, 14 December 2013 - 12:13 AM.

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #15 leothefox

    leothefox
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:24 PM

    Posted 14 December 2013 - 06:33 AM

    All problems resolved, feel free to close the topic.

    Done everything, computer seems fine and running well now.

    Windows Updater, Firewall and (I never thought I'd see the day) .NET framework are all working like they should and I think the overrall speed of the machine has increased somewhat as well.

    Made a donation to thank you for your help - sorry it's not all that much, but I'm a student working through University at the moment.

     

    Thanks again, and Merry Christmas/Happy Holidays/Whatever it is we're supposed to say now.

    Leothefox - Joel






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users