Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Random ads playing in speaker

(In Progress)
(!)

jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
30-Jun-2012, 10:35 PM #61
Hi,

Looks like we really have some tricky ones here...
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    ClearJavaCache::
    
    Firefox::
    FF - ProfilePath - c:\users\slhbabydoll98\AppData\Roaming\Mozilla\Firefox\Profiles\9155nu8m.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
    FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=6a1885c1&tbp=url&toolbarid=blekkotb_002&u=___userid___&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109454
    FF - user.js: extensions.BabylonToolbar_i.babExt - 
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 34033ba70000000000001c659dba94aa
    FF - user.js: extensions.BabylonToolbar_i.hardId - 34033ba70000000000001c659dba94aa
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15355
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:54
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
slhtarheelfan02's Avatar
slhtarheelfan02 slhtarheelfan02 is offline
Computer Specs
Member with 42 posts.
THREAD STARTER
 
Join Date: Jun 2012
Location: greensboro nc
Experience: Beginner
01-Jul-2012, 03:21 PM #62
ComboFix 12-06-28.01 - slhbabydoll98 07/01/2012 14:56:11.8.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3836.2719 [GMT -4:00]
Running from: c:\users\slhbabydoll98\Desktop\ComboFix.exe
Command switches used :: c:\users\slhbabydoll98\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 19:04 . 2012-07-01 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 15:14 . 2012-06-28 15:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 16:35 . 2012-06-25 16:35 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-06-23 04:17 . 2012-06-23 04:17 -------- d-----w- c:\windows\system32\SPReview
2012-06-23 03:56 . 2010-11-20 09:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-06-23 03:56 . 2010-11-20 08:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-06-23 03:54 . 2010-11-20 09:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-06-23 03:54 . 2010-11-20 09:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-06-23 03:29 . 2010-11-20 09:27 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-06-23 03:28 . 2010-11-20 09:25 84992 ----a-w- c:\windows\system32\asycfilt.dll
2012-06-23 03:27 . 2010-11-20 09:27 73728 ----a-w- c:\windows\system32\tlscsp.dll
2012-06-23 03:26 . 2010-11-20 09:27 200192 ----a-w- c:\windows\system32\syncui.dll
2012-06-23 03:25 . 2010-11-20 09:27 312832 ----a-w- c:\windows\system32\Wldap32.dll
2012-06-21 23:06 . 2012-06-21 23:06 -------- d-----w- C:\Sun
2012-06-20 15:35 . 2012-06-20 15:35 -------- d-----w- c:\users\slhbabydoll98\AppData\Local\Microsoft Corporation
2012-06-20 06:27 . 2012-06-20 06:27 -------- d-----w- c:\program files (x86)\MSECache
2012-06-20 06:26 . 2012-06-20 06:26 -------- d-----w- c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor
2012-06-20 05:56 . 2012-06-20 05:56 -------- d-----w- c:\programdata\CA
2012-06-20 05:40 . 2012-06-20 05:40 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-06-20 05:40 . 2012-06-20 05:40 -------- d-----w- c:\program files\Prevx
2012-06-20 05:39 . 2012-06-29 02:56 -------- d-----w- c:\programdata\PrevxCSI
2012-06-19 23:54 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 23:51 . 2012-06-28 12:52 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-06-19 23:48 . 2012-06-28 12:52 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-06-19 23:48 . 2012-06-28 12:52 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-06-19 23:47 . 2012-03-06 22:44 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-06-19 23:42 . 2012-06-19 23:42 -------- d-----w- c:\users\slhbabydoll98\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 23:41 . 2012-06-21 01:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-19 23:41 . 2012-06-19 23:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-19 23:35 . 2012-06-28 12:52 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-19 23:34 . 2012-06-28 12:52 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-19 23:34 . 2012-06-28 12:52 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-19 23:34 . 2012-06-28 12:52 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-19 23:34 . 2012-06-28 12:52 958912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-19 23:34 . 2012-06-28 12:52 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-19 23:34 . 2012-06-28 12:51 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-19 23:32 . 2012-06-28 12:52 41224 ----a-w- c:\windows\avastSS.scr
2012-06-19 23:32 . 2012-06-28 12:51 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-19 23:32 . 2012-06-19 23:32 -------- d-----w- c:\programdata\AVAST Software
2012-06-19 23:32 . 2012-06-19 23:32 -------- d-----w- c:\program files\AVAST Software
2012-06-19 16:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 16:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 16:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 16:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 16:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 16:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 16:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 16:46 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 16:46 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 18:11 . 2012-06-18 18:11 -------- d-----w- c:\users\slhbabydoll98\AppData\Roaming\Malwarebytes
2012-06-18 18:11 . 2012-06-19 23:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 18:11 . 2012-06-18 18:11 -------- d-----w- c:\programdata\Malwarebytes
2012-06-18 18:07 . 2012-06-18 21:52 -------- d-----w- c:\programdata\PC Optimizer Pro
2012-06-18 18:03 . 2012-06-18 18:03 -------- d-----w- c:\users\slhbabydoll98\AppData\Local\visi_coupon
2012-06-18 18:00 . 2012-06-18 22:01 -------- d-----w- C:\Remote Programs
2012-06-18 17:59 . 2012-06-19 16:32 -------- d-----w- c:\program files (x86)\7-zip
2012-06-18 02:15 . 2012-06-18 02:15 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2012-06-17 07:03 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-17 07:03 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-17 07:03 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-15 03:37 . 2012-06-15 03:37 -------- d-----w- c:\programdata\PCSettings
2012-06-14 07:00 . 2012-05-18 01:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-14 03:58 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 03:58 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 03:58 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 03:58 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 03:58 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll
2012-06-14 03:58 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 03:58 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 03:58 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 03:58 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 03:57 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 03:57 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 03:57 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 03:57 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 03:57 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 03:57 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-02 04:05 . 2012-06-02 04:05 -------- d-----w- c:\users\slhbabydoll98\AppData\Local\Wild Tangent
2012-06-02 03:30 . 2012-06-12 23:18 -------- d-----w- c:\users\slhbabydoll98\AppData\Roaming\WildTangent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 19:25 . 2012-03-31 23:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 19:25 . 2011-06-19 23:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 04:07 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-23 04:07 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-28_16.15.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-06-28 16:13 . 2012-06-28 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-01 19:05 . 2012-07-01 19:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-01 19:05 . 2012-07-01 19:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-28 16:13 . 2012-06-28 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-06-28 16:14 507904 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-01 19:06 507904 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:46 . 2012-06-29 14:36 113088 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-06-28 16:13 236908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-01 19:05 236908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-06-20 02:57 . 2012-06-28 16:14 3522560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2012-06-20 02:57 . 2012-07-01 19:06 3522560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-06-29 08:44 7663076 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\tokens.dat
- 2009-07-14 04:54 . 2012-06-28 16:14 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-01 19:06 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2011-05-18 17:06 . 2012-07-01 19:05 40713086 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3603554640-817227373-1043472641-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [x]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-03-06 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-06-28 71064]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-06-28 133912]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:25]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 00:58]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 00:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\slhbabydoll98\AppData\Roaming\Mozilla\Firefox\Profiles\9155nu8m.de fault\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:19,37,7c,1a,a6,06,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,fc,19,60,09,16,60,4f,9e,32,06, \
.
[HKEY_USERS\S-1-5-21-3603554640-817227373-1043472641-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3603554640-817227373-1043472641-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\03\12\05\1d)?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2012-07-01 15:14:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 19:14
ComboFix2.txt 2012-07-01 18:45
ComboFix3.txt 2012-07-01 02:14
ComboFix4.txt 2012-06-30 05:13
ComboFix5.txt 2012-07-01 18:54
.
Pre-Run: 246,690,889,728 bytes free
Post-Run: 246,500,855,808 bytes free
.
- - End Of File - - CE2EA462D1E7F90974C35DA86E2730E5
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
01-Jul-2012, 03:27 PM #63
Hi,

Much better.

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
----------

In your next reply please post the logs made by Malwarebytes and ESET online scanner.
slhtarheelfan02's Avatar
slhtarheelfan02 slhtarheelfan02 is offline
Computer Specs
Member with 42 posts.
THREAD STARTER
 
Join Date: Jun 2012
Location: greensboro nc
Experience: Beginner
01-Jul-2012, 06:04 PM #64
Here is malwarebytes log


Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.01.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
slhbabydoll98 :: TARHEELFAN02 [administrator]
Protection: Enabled
7/1/2012 3:59:57 PM
mbam-log-2012-07-01 (15-59-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208662
Time elapsed: 3 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


Here is the Eset Online Scanner long


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
01-Jul-2012, 08:03 PM #65
Looks good.

How is your system running?
slhtarheelfan02's Avatar
slhtarheelfan02 slhtarheelfan02 is offline
Computer Specs
Member with 42 posts.
THREAD STARTER
 
Join Date: Jun 2012
Location: greensboro nc
Experience: Beginner
01-Jul-2012, 08:14 PM #66
Systems been running really good for the last couple of days, every since we first started running combofix.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
01-Jul-2012, 08:25 PM #67
Hi,

Glad to hear it's running better.

Let's get some updates...

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 9.3 first. Be sure to move any PDF documents to another folder first though.
----------

Please download JavaRa to your desktop and unzip it to its own
folder
  • Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
    click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
    Java Runtime Environment (JRE) version for your computer.
----------

Please do the following:

Hold down the Windows key and press R to open a run box
type the following text into the run box

appwiz.cpl

This will open your Programs And Features. A list of installed programs will populate

Remove the following programs (if still present):

Ask Toolbar Updater
iLivid

----------

In your next reply please let me know if you have problems with the instructions above and if you have any more malware related problems.
slhtarheelfan02's Avatar
slhtarheelfan02 slhtarheelfan02 is offline
Computer Specs
Member with 42 posts.
THREAD STARTER
 
Join Date: Jun 2012
Location: greensboro nc
Experience: Beginner
01-Jul-2012, 09:37 PM #68
Updated adobe reader and java runtime environment. I had problems uninstalling ask toolbar updater and iLivid. When i tried to uninstall ask toolbar updater, i got a message that said "You do not have sufficient access to uninstall ask toolbar updater. Please contact your system administrator"

And when I try to uninstall iLivid, it goes through the process and uninstallation complete but iLivid is still on computer even after I reboot.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
02-Jul-2012, 07:35 AM #69
Ok....

See if you are able to get OTL to run through completely. If you are please post the logs created.
slhtarheelfan02's Avatar
slhtarheelfan02 slhtarheelfan02 is offline
Computer Specs
Member with 42 posts.
THREAD STARTER
 
Join Date: Jun 2012
Location: greensboro nc
Experience: Beginner
02-Jul-2012, 10:10 AM #70
No, still won't run thru, says not responding when it starts scanning firefox settings.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
02-Jul-2012, 06:13 PM #71
Hi,

Sorry for any delay. I was speaking with the creator of OTL about this. What version of OTL are you using? To find out you can just open OTL and at the top you will see "OTL by Old Timer - Version ********"
slhtarheelfan02's Avatar
slhtarheelfan02 slhtarheelfan02 is offline
Computer Specs
Member with 42 posts.
THREAD STARTER
 
Join Date: Jun 2012
Location: greensboro nc
Experience: Beginner
02-Jul-2012, 09:04 PM #72
Version 3.2.53.0
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
02-Jul-2012, 09:55 PM #73
Hi,

Ok...that version is outdated.

Please delete your copy of OTL and the download a fresh copy. Once downloaded try to run OTL through again.
slhtarheelfan02's Avatar
slhtarheelfan02 slhtarheelfan02 is offline
Computer Specs
Member with 42 posts.
THREAD STARTER
 
Join Date: Jun 2012
Location: greensboro nc
Experience: Beginner
02-Jul-2012, 10:10 PM #74
Still doing the same thing. This new one is version 3.2.53.1
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
03-Jul-2012, 08:37 AM #75
Hi,

Let's go about this another way.

Download Revo Uninstaller
  • Double click the installation file on the desktop to run the installer.
  • Let it install to the default location.
  • Double click the new Revo Uninstaller Icon on the desktop to start the program.
You will now see a list of installed programs that Revo Uninstaller can remove.
  • Locate the program you are uninstalling Ask Toolbar Updater
  • Right Click the Icon then choose Uninstall.
  • Click yes to the warning and choose the Uninstall Mode
  • Choose the Advanced option and then click Next.
  • This will launch the programs built in uninstaller. Be patient it can take several seconds.
  • Once the uninstaller is done click Next.
  • Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
  • Once this scan is done click Next.
  • You will then be presented of the leftover entries found by Revo Uninstaller
  • Look at ALL of the entries to ensure they relate to the uninstall.
  • Next click Select All > Delete to remove the entries.
  • Click Next.
  • If there are any program file folders left over you will be presented with a list to be removed.
  • Again look at ALL of the entries to ensure they are related to the uninstall.
  • Click Select All > Delete to remove the entries.
  • Click Finish to go back to the uninstall list.
  • Close the program

Once done removing the Ask Toolbar Updater, please do the same steps for iLivid. Let me know when you get that completed and if you have any problems.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑