Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I Might Be Infected? [Solved]

Started by thinkativeone , May 08 2013 08:30 PM

  • This topic is locked This topic is locked
129 replies to this topic

#61 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 03 June 2013 - 03:59 PM

It was not showing up on my desktop (never took it off), went into my start menu and dragged it to my desktop but it has no cat icon, just a basic windows looking icon. Tried it again after that and it still would not work. :scratch:

    Advertisements

Register to Remove

#62 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 June 2013 - 04:09 PM

No problem. :) Do me a favor though...do you still see the program DDS? If so, please run a new scan with that and post the DDS.txt so we can see where everything is.
Posted Image
 
 

#63 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 03 June 2013 - 06:34 PM

Okay: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2 Run by Peter Boggs at 17:32:00 on 2013-06-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2192 [GMT -7:00] . AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe C:\Users\Peter Boggs\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Users\Peter Boggs\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Users\Peter Boggs\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe C:\Users\Peter Boggs\Local Settings\Apps\F.lux\flux.exe C:\Users\Peter Boggs\AppData\Roaming\SearchProtect\bin\cltmng.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Peter Boggs\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide uRun: [F.lux] "C:\Users\Peter Boggs\Local Settings\Apps\F.lux\flux.exe" /noshow uRun: [SearchProtect] C:\Users\Peter Boggs\AppData\Roaming\SearchProtect\bin\cltmng.exe mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab TCP: NameServer = 10.0.1.1 TCP: Interfaces\{04EAB220-19A1-4A18-B73E-2857945EF5B8} : DHCPNameServer = 68.87.69.150 68.87.85.102 TCP: Interfaces\{E26C0BF5-7EC8-4DAE-9E88-9C9E7DBA177C} : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{E26C0BF5-7EC8-4DAE-9E88-9C9E7DBA177C}\0596E6B6541676C656D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1 TCP: Interfaces\{E26C0BF5-7EC8-4DAE-9E88-9C9E7DBA177C}\2456C6B696E6F5E4F575962756C6563737F5642353548344 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{E26C0BF5-7EC8-4DAE-9E88-9C9E7DBA177C}\353686D696A7A7163534D27657563747 : DHCPNameServer = 192.168.3.1 TCP: Interfaces\{E26C0BF5-7EC8-4DAE-9E88-9C9E7DBA177C}\46C696E6B6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{E26C0BF5-7EC8-4DAE-9E88-9C9E7DBA177C}\E4544574541425 : DHCPNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN18750174481412618&UM=2&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Peter Boggs\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Users\Peter Boggs\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Peter Boggs\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll FF - plugin: C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\npConduitFirefoxPlugin.dll FF - plugin: C:\Users\Peter Boggs\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Peter Boggs\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Peter Boggs\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-05-06 13:04; firefoxextensions@keynote.com; C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\firefoxextensions@keynote.com FF - ExtSQL: 2013-06-01 18:56; {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}; C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} FF - ExtSQL: !HIDDEN! 2010-05-15 09:24; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-11 55280] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2013-3-16 450680] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2013-3-16 912504] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-5-20 1390680] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130601.001\IDSviA64.sys [2013-6-3 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2013-3-16 171128] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2013-3-16 386168] R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-5-7 97056] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 MBAMScheduler;MBAMScheduler;C:\Users\Peter Boggs\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-17 418376] R2 MBAMService;MBAMService;C:\Users\Peter Boggs\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-17 701512] R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2013-3-16 130008] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-11 1692480] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-14 138912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-17 25928] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-24 215552] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-3-24 393728] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 IDVaultSvc;CGPS Service;"C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" --> C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-13 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-21 1255736] . =============== Created Last 30 ================ . 2013-05-28 20:59:45 -------- d-----w- C:\Program Files (x86)\SearchProtect 2013-05-28 20:59:36 -------- d-----w- C:\Users\Peter Boggs\AppData\Roaming\SearchProtect 2013-05-25 01:22:31 -------- dc----w- C:\FRST 2013-05-22 19:50:12 -------- d-----w- C:\Users\Peter Boggs\AppData\Local\Unity 2013-05-22 19:50:08 -------- d-----w- C:\Users\Peter Boggs\AppData\Local\InContext Solutions 2013-05-19 01:54:54 -------- d-----w- C:\Windows\ERUNT 2013-05-19 01:54:21 -------- dc----w- C:\JRT 2013-05-17 22:31:45 -------- d-----w- C:\Program Files (x86)\ESET 2013-05-17 22:15:11 -------- d-----w- C:\Users\Peter Boggs\AppData\Roaming\Malwarebytes 2013-05-17 22:14:54 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-17 22:14:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-17 22:12:35 -------- d-----w- C:\Users\Peter Boggs\AppData\Local\Programs 2013-05-17 21:53:11 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-05-16 18:56:49 -------- dc----w- C:\_OTL 2013-05-16 02:52:45 -------- dc----w- C:\RegBackup 2013-05-15 22:06:51 -------- dc----w- C:\$RECYCLE.BIN 2013-05-14 20:32:05 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-14 20:32:05 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-05-14 20:32:05 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-05-14 20:32:02 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-05-14 20:32:02 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-05-14 20:31:51 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-05-14 20:31:49 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-05-14 20:31:49 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-05-14 20:31:49 111448 ----a-w- C:\Windows\System32\consent.exe 2013-05-14 20:27:41 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-05-14 02:07:09 178 ----a-w- C:\Windows\DeleteOnReboot.bat 2013-05-14 01:13:21 98816 ----a-w- C:\Windows\sed.exe 2013-05-14 01:13:21 256000 ----a-w- C:\Windows\PEV.exe 2013-05-14 01:13:21 208896 ----a-w- C:\Windows\MBR.exe 2013-05-11 10:37:28 209472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-05-08 23:50:02 -------- d-----w- C:\Windows\pss . ==================== Find3M ==================== . 2013-05-17 21:52:50 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-05-17 21:52:50 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-05-15 19:55:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 19:55:27 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-08 06:10:12 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll 2013-05-08 06:10:12 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll 2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-14 07:05:17 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS . ============= FINISH: 17:33:26.74 ===============

#64 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 June 2013 - 07:28 PM

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Right-click on the new ComboFix icon and rename it Uninstall and press Enter. Now Right-Click and Run as Administrator and this should remove ComboFix. :)
---------

Let me know if that works out for you.
Posted Image
 
 

#65 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 03 June 2013 - 07:45 PM

There is no Combofix on my desktop, and there wasn't. I mean, before in order to do the run box thing I pulled it from my start menu to my desktop which just created a temporary shortcut (which also didn't work) and then I deleted those. They did not have the cat icon on them. Sorry. :scratch:

#66 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 June 2013 - 07:50 PM

Ok...just go ahead and download the new version of ComboFix to your system on your Desktop and proceed with the instructions. :)
Posted Image
 
 

#67 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 03 June 2013 - 08:14 PM

I tried. I seem to recall this happening twice before, where I tried to download the newer version of Combofix from that link. What happens is (ran as administrator and everything) it stalls on the green progress bar as it tries to operate, then it freezes my computer so that all I can do is a force shut-down. Just happened again.

#68 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 04 June 2013 - 05:23 AM

Download the tool found here and run it. This should help with the uninstall of ComboFix. Let me know if it works for you. :)
Posted Image
 
 

#69 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 04 June 2013 - 07:53 PM

A trumpet noise and a pop-up jumped up that said, "Done!" when I ran it.

#70 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 05 June 2013 - 05:31 AM

Ok sounds good! :) I think that about covers it.
Posted Image
 
 

    Advertisements

Register to Remove

#71 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 05 June 2013 - 09:20 PM

Uninstalled/deleted everything as it would let me. I tried to run Malwarebytes but my computer froze up resulting in another force shut-down. Any idea why? :mellow:

#72 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 06 June 2013 - 05:37 AM

Hmmmm...odd. There is nothing showing up in your malware logs that I was seeing that should be making this happen? Try to run Malwarebytes in Safe Mode and let me know what happens. I am suspecting a software conflict somewhere.
Posted Image
 
 

#73 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 07 June 2013 - 01:47 PM

Serious problems now. At this moment I am using another computer because I can't hardly do anything I need to do with mine - it won't even let me access this forum. It's affecting my ability to get work done - it looks like a bunch of pages (even google!) will not load for me, most likely due to a firewall being installed. I installed Web of Trust and a couple of other Firefox add-ons (one was a script one) but yesterday took them off because they kept impairing every single thing I did. Today when I turned my computer on a pop-up about tweaker.exe came onto my computer. Ugh, I'm so sorry. I went through your instructions to see if I could find what happened but I can't. Guessing I'm going to need to put more programs on to take more programs off all over again? Sorry!!! :( ETA: Yesterday I ran the computer in safe mode but malwarebytes wasn't working, I think I accidentally took some components off and would need to reinstall anyhow.

Edited by thinkativeone, 07 June 2013 - 01:48 PM.

#74 thinkativeone

thinkativeone

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 07 June 2013 - 05:17 PM

It is letting me access the forum on the main computer now. Google's working again also. I tried different browsers earlier but was having the same result. Weird! :smack:

#75 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 07 June 2013 - 05:35 PM

No problem. :) So everything seems to be working well? Did you get Malwarebytes reinstalled and that working well too?
Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·