Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Ads constantly popping up! Grrr! [Closed]

Started by Getoutandstayout , Mar 06 2014 07:37 PM

  • This topic is locked This topic is locked
18 replies to this topic

#16 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 21 March 2014 - 07:19 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

 

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also



Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2



  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

 

Attached Files


Proud Member of UNITE & TB
 

    Advertisements

Register to Remove

#17 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 22 March 2014 - 05:44 PM

Here are the results. The SecurityCheck wasn't able to run - I got the message "Unsupported operating system - aborting now."

 

 

ComboFix 14-02-16.01 - Owner 03/22/2014  11:47:26.12.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2408 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
Command switches used :: c:\users\Owner\Downloads\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\users\Owner\Documents\ICND\Cisco.Lead2Pass.640-816.271q.vce.exe"
"c:\users\Owner\Documents\ICND\Cisco.Lead2Pass.640-822.399q.vce.exe"
"c:\users\Owner\Downloads\CCNA\Cisco.Lead2Pass.640-816.271q.vce.exe"
"c:\users\Owner\Downloads\CCNA\Cisco.Lead2Pass.640-822.399q.vce.exe"
"c:\users\Owner\Downloads\ccsetup402.exe"
"c:\users\Owner\Downloads\Cisco.Lead2Pass.640-816.271q.vce.exe"
"c:\users\Owner\Downloads\Cisco.Lead2Pass.640-822.399q.vce.exe"
"c:\users\Owner\Downloads\JetAudio_Basic-SEO-10013740.exe"
"c:\users\Owner\Downloads\syncios.exe"
"c:\windows\Installer\MSI45F3.tmp"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\OpenDownloaderManager
c:\program files (x86)\OpenDownloaderManager\1.txt
c:\program files (x86)\OpenDownloaderManager\11.txt
c:\program files (x86)\OpenDownloaderManager\2.txt
c:\program files (x86)\OpenDownloaderManager\gp.exe
c:\program files (x86)\OpenDownloaderManager\mt.exe
c:\program files (x86)\OpenDownloaderManager\odminstaller.exe
c:\program files (x86)\OpenDownloaderManager\weatherbug.msi
c:\program files (x86)\OpenDownloaderManager\WeCareFixer.exe
c:\programdata\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}
c:\programdata\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\_Setup.dll
c:\programdata\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\20140130211426.log
c:\programdata\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Custom.dll
c:\programdata\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Readme.txt
c:\programdata\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Setup.dat
c:\programdata\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Setup.exe
c:\programdata\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Setup.ico
c:\programdata\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\TsuDll.dll
c:\users\All Users\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\_Setup.dll
c:\users\All Users\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\20140130211426.log
c:\users\All Users\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Custom.dll
c:\users\All Users\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Readme.txt
c:\users\All Users\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Setup.dat
c:\users\All Users\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Setup.exe
c:\users\All Users\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Setup.ico
c:\users\All Users\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\TsuDll.dll
c:\users\Owner\Documents\ICND\Cisco.Lead2Pass.640-816.271q.vce.exe
c:\users\Owner\Documents\ICND\Cisco.Lead2Pass.640-822.399q.vce.exe
c:\users\Owner\Downloads\CCNA\Cisco.Lead2Pass.640-816.271q.vce.exe
c:\users\Owner\Downloads\CCNA\Cisco.Lead2Pass.640-822.399q.vce.exe
c:\users\Owner\Downloads\ccsetup402.exe
c:\users\Owner\Downloads\Cisco.Lead2Pass.640-816.271q.vce.exe
c:\users\Owner\Downloads\Cisco.Lead2Pass.640-822.399q.vce.exe
c:\users\Owner\Downloads\JetAudio_Basic-SEO-10013740.exe
c:\users\Owner\Downloads\syncios.exe
c:\windows\Installer\MSI45F3.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-22 to 2014-03-22  )))))))))))))))))))))))))))))))
.
.
2014-03-22 15:54 . 2014-03-22 15:54    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-03-22 15:54 . 2014-03-22 15:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-16 21:33 . 2014-03-16 21:33    --------    d-----w-    C:\found.000
2014-03-12 16:58 . 2014-02-04 02:32    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-03-12 16:58 . 2014-02-04 02:04    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-03-08 17:18 . 2014-03-12 01:11    --------    d-----w-    C:\FRST
2014-03-08 01:54 . 2014-03-08 02:09    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-08 01:53 . 2014-03-08 01:53    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-03-03 01:36 . 2014-03-03 01:36    --------    d-----w-    c:\program files\iPod
2014-03-03 01:36 . 2014-03-03 01:37    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-03 01:36 . 2014-03-03 01:37    --------    d-----w-    c:\program files\iTunes
2014-03-03 01:36 . 2014-03-03 01:37    --------    d-----w-    c:\program files (x86)\iTunes
2014-03-03 01:30 . 2014-03-03 01:30    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-03 01:30 . 2014-03-03 01:30    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-03 01:30 . 2014-03-03 01:30    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-03 01:30 . 2014-03-03 01:30    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-03 01:30 . 2014-03-03 01:30    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-03 01:30 . 2014-03-03 01:30    --------    d-----w-    c:\program files (x86)\QuickTime
2014-03-03 01:28 . 2014-03-03 02:08    --------    d-----w-    c:\users\Owner\AppData\Roaming\DiskAid
2014-03-03 01:28 . 2014-03-03 01:28    --------    d-----w-    c:\users\Owner\AppData\Local\DigiDNA
2014-03-03 01:27 . 2014-03-03 01:38    --------    d-----w-    c:\program files (x86)\DiskAid
2014-03-02 16:37 . 2014-03-02 16:37    --------    d-----w-    c:\users\Owner\AppData\Local\MediaMonkey
2014-03-02 16:36 . 2014-03-03 01:24    --------    d-----w-    c:\users\Owner\AppData\Roaming\MediaMonkey
2014-03-02 16:18 . 2014-03-02 16:34    --------    d-----w-    c:\users\Owner\AppData\Roaming\Syncios
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 12:29 . 2013-06-09 00:50    90015360    ----a-w-    c:\windows\system32\MRT.exe
2014-03-12 16:57 . 2013-12-11 17:57    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 16:57 . 2013-03-19 02:59    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-02 13:24 . 2014-01-05 19:39    80184    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-02-02 13:24 . 2013-12-02 16:43    1038072    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-02-02 13:24 . 2013-12-02 16:43    421704    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-02-02 13:24 . 2013-12-02 16:43    78648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-02-02 13:24 . 2013-12-02 16:43    334136    ----a-w-    c:\windows\system32\aswBoot.exe
2014-02-02 13:24 . 2013-12-02 16:42    43152    ----a-w-    c:\windows\avastSS.scr
2014-02-02 00:32 . 2014-02-02 00:33    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-17 21:24 . 2014-01-17 21:24    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2014-01-17 21:24 . 2014-01-17 21:24    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2014-01-16 00:42 . 2014-01-16 00:42    608032    ----a-w-    C:\SecurityScanner.dll
2014-01-05 19:39 . 2013-12-02 16:43    207904    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-24 23:09 . 2014-02-13 13:23    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-13 13:23    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-01-11 210216]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-02 3767096]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-12-18 840568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-10-07 83232]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-11-14 295512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-3-23 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/03 15:00];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x]
R2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 16:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-02 13:24    287280    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 411672]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-47b81d5b-009a-4c21-b142-46a749780363 - c:\progra~3\INSTAL~1\{C9EAC~1\Setup.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-22  11:56:26
ComboFix-quarantined-files.txt  2014-03-22 15:56
ComboFix2.txt  2014-03-07 01:17
ComboFix3.txt  2014-02-18 02:34
ComboFix4.txt  2013-12-08 05:35
ComboFix5.txt  2014-03-22 15:46
.
Pre-Run: 623,742,566,400 bytes free
Post-Run: 623,689,232,384 bytes free
.
- - End Of File - - 60C99BDD26A92117D59244000DB139B1
2E5DEBB2116B3417023E0D6562D7ED07
 

 

 

# AdwCleaner v3.022 - Report created 22/03/2014 at 16:46:06
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v29.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4573 octets] - [17/11/2013 13:35:53]
AdwCleaner[R1].txt - [7720 octets] - [13/03/2014 19:25:26]
AdwCleaner[R2].txt - [7780 octets] - [16/03/2014 17:26:05]
AdwCleaner[R3].txt - [1140 octets] - [22/03/2014 16:44:51]
AdwCleaner[S0].txt - [8021 octets] - [16/03/2014 17:27:02]
AdwCleaner[S1].txt - [1062 octets] - [22/03/2014 16:46:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1122 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Sat 03/22/2014 at 17:45:31.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\m0n8rcd9.default-1390617411326\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/22/2014 at 17:52:49.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#18 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 23 March 2014 - 12:23 PM

Please reboot and try again to run SecurityCheck.


Proud Member of UNITE & TB
 

#19 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 09 April 2014 - 03:25 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Proud Member of UNITE & TB
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·