Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Laptop is acting weird
Go to first new post Trojan virus
Go to first new post Windows Vista Home
Go to first new post Fubar virus?
Go to first new post windows XP OBJECT DELAY LOAD
Go to first new post FBI Virus - Simi fixed
Go to first new post Unable to use HJT
Go to first new post Click live search redirect..........Help ...
Go to first new post "Unable to extract the setup conten ...
Go to first new post Virus
Go to first new post Infected with "Police Cybercrime In ...
Go to first new post YellowMoxie Redirect
Go to first new post email hacked
Go to first new post Memory upgrade problems.
Go to first new post Files keep deleting themselves! NEED HEL ...
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: Slow internet with searches being redirected!


(!)

Reply
Page 6 of 6 « First 345 6
Nymfor's Avatar
Computer Specs
Member with 49 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
26-Sep-2012, 07:25 PM #76
The windows update worked
Nymfor's Avatar
Computer Specs
Member with 49 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
26-Sep-2012, 07:35 PM #77
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Megan at 17:27:47 on 2012-09-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2242 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/M...es/stg_drm.ocx
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/M.../armhelper.ocx
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://merlin.telus.net/wizlet/Merlin11/static/controls/TELUSHighSpeedInstallWizard_Combined.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0DA3F6CC-AF3E-40C9-AB15-B76D22492F57} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{87068506-9FA7-4C9D-AECB-CC56ACEF540F} : DhcpNameServer = 192.168.2.1
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120]
R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120925.001\IDSviA64.sys [2012-9-25 513184]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe [2012-9-17 138272]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-18 138912]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-18 250288]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\windows\system32\DRIVERS\btblan.sys --> C:\windows\system32\DRIVERS\btblan.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-17 676936]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-4-8 517632]
S4 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-14 240160]
.
=============== Created Last 30 ================
.
2012-09-26 23:04:51 -------- d-----w- C:\windows\System32\SPReview
2012-09-26 16:39:58 -------- d-----w- C:\$RECYCLE.BIN
2012-09-25 19:13:23 -------- d-----w- C:\FRST
2012-09-24 18:14:25 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-24 16:45:02 -------- d-----w- C:\Users\Megan\Doctor Web
2012-09-21 00:17:35 -------- d-----w- C:\Users\Megan\AppData\Local\NPE
2012-09-20 17:31:59 98816 ----a-w- C:\windows\sed.exe
2012-09-20 17:31:59 518144 ----a-w- C:\windows\SWREG.exe
2012-09-20 17:31:59 256000 ----a-w- C:\windows\PEV.exe
2012-09-20 17:31:59 208896 ----a-w- C:\windows\MBR.exe
2012-09-19 01:27:44 -------- d-----w- C:\N360_BACKUP
2012-09-19 01:12:53 -------- d-----w- C:\Users\Megan\AppData\Roaming\PC Utility Kit
2012-09-19 01:12:53 -------- d-----w- C:\Users\Megan\AppData\Roaming\DriverCure
2012-09-19 01:12:35 -------- d-----w- C:\ProgramData\PC Utility Kit
2012-09-18 22:40:17 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-18 05:06:18 -------- d-----w- C:\Intel
2012-09-18 05:00:05 -------- d-----w- C:\Users\Megan\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 04:59:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-18 04:33:19 737952 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys
2012-09-18 04:33:19 451192 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\symds64.sys
2012-09-18 04:33:19 405624 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\symnets.sys
2012-09-18 04:33:19 37536 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys
2012-09-18 04:33:19 190072 ----a-r- C:\windows\System32\drivers\N360x64\0603000.00E\ironx64.sys
2012-09-18 04:33:19 167072 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys
2012-09-18 04:33:19 1129120 ----a-w- C:\windows\System32\drivers\N360x64\0603000.00E\symefa64.sys
2012-09-18 04:33:11 -------- d-----w- C:\windows\System32\drivers\N360x64\0603000.00E
2012-09-18 00:08:07 -------- d-----w- C:\Users\Megan\AppData\Local\LogMeIn Rescue Applet
2012-09-17 23:42:09 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-09-17 23:42:08 -------- d-----w- C:\Program Files\Symantec
2012-09-17 23:42:08 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-09-17 23:41:03 -------- d-----w- C:\windows\System32\drivers\N360x64
2012-09-17 23:41:01 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-09-17 23:40:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-09-16 14:30:59 -------- d-----w- C:\Symbols
2012-09-16 01:54:58 -------- d-----w- C:\Users\Megan\AppData\Local\Diagnostics
2012-09-15 20:09:30 -------- d-----w- C:\windows\CheckSur
2012-09-15 14:33:09 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-09-15 14:18:59 -------- d-----w- C:\windows\SysWow64\N360_BACKUP
2012-09-15 00:36:45 -------- d-----w- C:\windows\System32\EventProviders
2012-09-13 19:34:42 -------- d-----w- C:\Users\Megan\AppData\Roaming\PC Cleaners
2012-09-13 19:34:33 4571448 ----a-w- C:\windows\uninst.exe
2012-09-13 19:34:32 -------- d-----w- C:\Users\Megan\AppData\Roaming\PCPro
2012-09-13 19:34:32 -------- d-----w- C:\ProgramData\PC1Data
2012-09-13 03:11:29 -------- d-----w- C:\Users\Megan\AppData\Roaming\AVG
2012-09-13 03:10:49 -------- d-----w- C:\ProgramData\AVG
2012-09-13 03:10:34 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-12 22:39:16 -------- d-----w- C:\Users\Megan\AppData\Roaming\TuneUp Software
2012-09-12 22:22:42 -------- d--h--w- C:\ProgramData\Common Files
2012-09-12 13:07:47 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-12 13:07:47 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-08-28 21:05:44 -------- d-----w- C:\ProgramData\Battle.net
.
==================== Find3M ====================
.
2012-09-26 23:10:30 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-09-26 23:10:26 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-09-21 16:28:18 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-07-26 18:02:22 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
.
============= FINISH: 17:30:34.86 ===============
Mark1956's Avatar
Malware Removal Specialist with 8,267 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
27-Sep-2012, 05:08 AM #78
Good progress, now to remove some left overs. Post the log when done.

All we need to do after this is a couple of updates and clean out all the tools used, so we are nearly there.

We are now going to run ComboFix a different way.
Open Notepad by clicking on and in the Search box type: Notepad.exe and hit Enter.
Copy and paste everything in the code box below into it.
-- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.
Code:
KillAll::
DDS::
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection - No File
Folder::
C:\Users\Megan\AppData\Roaming\PC Utility Kit
C:\ProgramData\PC Utility Kit
C:\Users\Megan\AppData\Roaming\PC Cleaners
C:\Users\Megan\AppData\Roaming\PCPro
C:\Users\Megan\AppData\Roaming\AVG
C:\ProgramData\AVG
C:\Users\Megan\AppData\Roaming\TuneUp Software
ClearJavaCache::
Reboot::
  • Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
  • Close your browser and disconnect from the Internet.
  • Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.
  • This will start ComboFix again and launch the script.
  • ComboFix may reboot your system when it finishes. This is normal.
  • A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next reply.
  • Be sure to re-enable your anti-virus and other security programs after the scan is complete.
  • NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.
Nymfor's Avatar
Computer Specs
Member with 49 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
27-Sep-2012, 08:58 AM #79
ComboFix 12-09-26.02 - Megan 09/27/2012 6:36.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2733 [GMT -6:00]
Running from: c:\users\Megan\Desktop\ComboFix.exe
Command switches used :: c:\users\Megan\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AVG
c:\programdata\AVG\AWL\Program Statistics\ProgramStatistics.10.tudb
c:\programdata\AVG\AWL\scsi#disk&ven_st375052&prod_8as#4&a9a743b&0&000000#{ 53f56307-b6bf-11d0-94f2-00a0c91efb8b}.xml
c:\programdata\AVG\AWL\TUProgMan.10.tudb
c:\programdata\AVG\AWL\TUProgManagerCache.10.tudb
c:\programdata\AVG\AWL\TUTuningIndex.10.2.tudb
c:\programdata\AVG\AWL\TUUtilitiesSvc.12.tudb
c:\programdata\AVG\AWL2012\TTUSvc.tt
c:\programdata\AVG\AWL2012\TUProgRating.10.tudb
c:\programdata\AVG\AWL2012\TUReportData.10.tudb
c:\programdata\PC Utility Kit
c:\users\Megan\AppData\Roaming\AVG
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000001.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000002.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000003.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000004.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000005.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000006.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000007.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000008.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000009.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000010.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Backups\00000011.rcb
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Dashboard\IntegratorStates_en-US.xml
c:\users\Megan\AppData\Roaming\AVG\AWL2012\Speed Optimizer\SpeedOptimizerStates.xml
c:\users\Megan\AppData\Roaming\AVG\AWL2012\StartUp Manager\PreviousEntries.dat
c:\users\Megan\AppData\Roaming\PC Cleaners
c:\users\Megan\AppData\Roaming\PC Cleaners\app.log
c:\users\Megan\AppData\Roaming\PC Utility Kit
c:\users\Megan\AppData\Roaming\PCPro
c:\users\Megan\AppData\Roaming\PCPro\phone\phone.bmp
c:\users\Megan\AppData\Roaming\PCPro\phone\phone.txt
c:\users\Megan\AppData\Roaming\PCPro\phone\tips.txt
c:\users\Megan\AppData\Roaming\PCPro\settings.txt
c:\users\Megan\AppData\Roaming\TuneUp Software
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 12:43 . 2012-09-27 12:43 -------- d-----w- c:\users\Megan and Trevor\AppData\Local\temp
2012-09-27 12:43 . 2012-09-27 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-26 23:04 . 2012-09-26 23:04 -------- d-----w- c:\windows\system32\SPReview
2012-09-25 19:13 . 2012-09-25 19:13 -------- d-----w- C:\FRST
2012-09-24 18:14 . 2012-09-24 18:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-24 16:45 . 2012-09-24 16:45 -------- d-----w- c:\users\Megan\Doctor Web
2012-09-21 00:17 . 2012-09-21 00:26 -------- d-----w- c:\users\Megan\AppData\Local\NPE
2012-09-19 01:27 . 2012-09-19 01:27 -------- d-----w- C:\N360_BACKUP
2012-09-19 01:12 . 2012-09-19 01:12 -------- d-----w- c:\users\Megan\AppData\Roaming\DriverCure
2012-09-18 22:40 . 2012-09-21 16:28 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- C:\Intel
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- c:\users\Megan\AppData\Roaming\InstallShield
2012-09-18 05:06 . 2012-09-18 05:06 -------- d-----w- c:\program files (x86)\Intel
2012-09-18 05:00 . 2012-09-18 05:00 -------- d-----w- c:\users\Megan\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 04:59 . 2012-09-18 04:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-18 00:08 . 2012-09-18 22:34 -------- d-----w- c:\users\Megan\AppData\Local\LogMeIn Rescue Applet
2012-09-17 23:42 . 2012-09-17 23:42 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-09-17 23:42 . 2012-09-17 23:42 -------- d-----w- c:\program files\Symantec
2012-09-17 23:42 . 2012-09-17 23:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-09-17 23:41 . 2012-09-18 22:34 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-09-17 23:41 . 2012-09-17 23:41 -------- d-----w- c:\program files (x86)\Norton 360
2012-09-17 23:40 . 2012-09-17 23:40 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-09-16 14:30 . 2012-09-16 14:32 -------- d-----w- C:\Symbols
2012-09-16 01:54 . 2012-09-23 03:25 -------- d-----w- c:\users\Megan\AppData\Local\Diagnostics
2012-09-15 20:09 . 2012-09-15 20:09 -------- d-----w- c:\windows\CheckSur
2012-09-15 14:33 . 2012-07-26 18:02 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 14:18 . 2012-09-15 14:18 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2012-09-15 00:36 . 2012-09-15 00:36 -------- d-----w- c:\windows\system32\EventProviders
2012-09-13 19:34 . 2012-09-13 19:34 4571448 ----a-w- c:\windows\uninst.exe
2012-09-13 19:34 . 2012-09-13 19:34 -------- d-----w- c:\programdata\PC1Data
2012-09-13 03:10 . 2012-09-13 03:10 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-12 22:22 . 2012-09-12 22:22 -------- d--h--w- c:\programdata\Common Files
2012-09-12 13:07 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:07 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-08-28 21:05 . 2012-08-28 21:06 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 23:10 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-26 23:10 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-21 19:48 . 2010-05-19 19:05 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-21 19:47 . 2010-05-19 19:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-21 16:28 . 2011-05-28 22:00 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 13:50 . 2011-01-26 10:00 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 19:04 . 2010-05-09 15:45 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-08-31 19:04 . 2010-06-02 19:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-15 20:29 . 2010-05-09 15:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2012-08-15 20:27 . 2010-05-09 15:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-08-13 15:36 . 2011-02-14 02:19 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-26 18:02 . 2011-01-26 02:18 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-18 18:15 . 2012-08-14 19:24 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-14 19:24 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-14 19:24 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-14 19:24 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-14 19:24 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-21 5664640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2010-01-20 40320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-12-10 517632]
R4 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2011-08-15 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-09-05 1385120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120926.001\IDSvia64.sys [2012-09-17 513184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2011-11-16 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [2011-11-16 405624]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-18 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 16:28]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003Core.job
- c:\users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 16:47]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-639203001-1112722757-3076833975-1003UA.job
- c:\users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 16:47]
.
2012-09-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b3ad1a20-451f-4def-a145-a38e342ac49a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e0b112ca-1a88-49ac-9737-e29139d68c68.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-27 06:49:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-27 12:49
ComboFix2.txt 2012-09-26 16:50
ComboFix3.txt 2012-09-25 01:49
ComboFix4.txt 2012-09-20 18:36
.
Pre-Run: 632,455,454,720 bytes free
Post-Run: 632,189,906,944 bytes free
.
- - End Of File - - F6997CB9C33BA087803B4CB6BBAC0A68
Mark1956's Avatar
Malware Removal Specialist with 8,267 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
27-Sep-2012, 10:48 AM #80
Now to update Adobe and install the latest version of Java and follow that with the clean up of the tools used.

Adobe
Close any programs you may have running - especially your web browser.
Click on Start > Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

Adobe Reader 9

NOTE: For XP click on > Control Panel, double-click on Add or Remove Programs and continue as above.
Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.



You will now see a page similar to this one:



All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

_______________________________________________________________


How to install the latest version of Java.
  • Open the browser that you normally use and click on this link: Java Download
  • Click on the big red button Free Java Download
  • On the next page click on the big red button Agree and Start Free Download
  • Select Run whenever the option appears. If no Run option appears click on Save and then when the download completes click on Run. If a User Account Control warning appears click on Continue.
  • When the Welcome to Java window appears click on Install.
  • It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
  • If any error messages appear click on OK and then click on the Agree and start free download button again.
  • Please wait for the Java Setup window to appear. Uncheck the box to install the Ask Toolbar and then click on Next.
  • NOTE: The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
  • You will then see the Java Setup Progress window and another will appear for JavaFX (on some systems the JavaFX will not appear or be installed). Finally the Java Setup Complete window will appear, click on Close.
  • If a Java page then appears with a button to Verify Java Version click on it and it will verify the installation.
  • The Installation is now complete, please reboot the system.
  • NOTE: The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.
_________________________________________________________________



To re-enable your CD Emulation drivers if you disabled them, double click DeFogger.exe to run the tool again.
  • The application window will appear.
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK.
  • DeFogger will now ask to reboot the machine...click OK.
To uninstall ComboFix, press the WINKEY + R keys on your keyboard or click on Start and type Run into the search box and hit Enter.
In the Run box type: ComboFix /Uninstall (Be sure to leave a space before the forward slash).

  • Click on OK.
  • If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.
  • This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
  • When it has finished you will see a dialog box stating that "ComboFix has been uninstalled".
  • After that, you can delete the ComboFix.exe program from your computer (Desktop).
Next
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose Run as Administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

Please post back when this is complete and let me know if you have had any problems.
Nymfor's Avatar
Computer Specs
Member with 49 posts.
THREAD STARTER
  
Join Date: Sep 2012
Experience: Beginner
27-Sep-2012, 11:37 AM #81
All done and cleaned up and everything is working great again. Thank you, thank you so much!!
Mark1956's Avatar
Malware Removal Specialist with 8,267 posts.
  
Join Date: May 2011
Location: Spain
Experience: Advanced
27-Sep-2012, 11:45 AM #82
You're most welcome, it has been a pleasure helping you.

As the infection you had may have compromised your systems security you should change passwords used on your PC for logging into any financial institutions.

I shall now mark this thread as Solved and leave you with some security advice, but please feel free to post back if you have any remaining issues or concerns.

There are many places where you will find security advice, but most are biased towards a particular item of software that they are trying to promote. I have given some unbiased advice below that should help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would often be the only way out.

Some additional security measures.
If your present security software does not include a third party Firewall or AntiSpyware.
Go Here for a selection of third party Firewalls.
Go Here or Here for Anti Spyware.

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of Malwarebytes with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites.

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. WinPatrol takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your start up programs.

Finally, make sure that Windows Update is turned on as many updates are to fix newly discovered security holes in the Windows Operating System. You should also make sure that any Java or Adobe products are kept up to date and any old versions are uninstalled. Never use Registry Cleaners as they can and do damage the systems registry and stay well clear of P2P file sharing sites as these are one of the best places to get your PC infected.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 6 of 6 « First 345 6
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 02:03 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑