Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

malicious adware blocked by avast [Closed]


  • This topic is locked This topic is locked

#1
slappyjoe

slappyjoe

    New Member

  • Member
  • Pip
  • 3 posts
malicious url blocked by avast also used adwcleaner. picked uo malware downloading torrent movie. malicious adware blocked icon keeps reappearing at bottom right of screen. infected 8th November 2012.

OTL logfile created on: 09/11/2012 08:40:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 63.39% Memory free
6.50 Gb Paging File | 5.23 Gb Available in Paging File | 80.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 522.34 Gb Total Space | 422.44 Gb Free Space | 80.87% Space Free | Partition Type: NTFS
Drive D: | 20.01 Gb Total Space | 10.34 Gb Free Space | 51.68% Space Free | Partition Type: FAT32
Drive E: | 53.71 Gb Total Space | 53.23 Gb Free Space | 99.11% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 465.65 Gb Total Space | 165.64 Gb Free Space | 35.57% Space Free | Partition Type: FAT32

Computer Name: COMPUTER200112 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/09 08:37:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2012/11/01 07:24:14 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/28 16:46:16 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/10/28 16:46:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/10/09 18:02:51 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 16:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 16:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/13 19:47:49 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe
PRC - [2012/03/13 19:47:49 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe
PRC - [2011/06/17 17:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010/01/11 18:25:30 | 000,355,328 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Silvercrest MTS2220 driver\KMProcess.exe
PRC - [2009/12/19 10:54:10 | 000,713,216 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Silvercrest MTS2220 driver\KMCONFIG.exe
PRC - [2009/10/08 11:07:46 | 000,201,216 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Silvercrest MTS2220 driver\KMWDSrv.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/05/30 01:17:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Silvercrest MTS2220 driver\StartAutorun.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/07 20:02:34 | 000,220,160 | ---- | M] () -- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
MOD - [2012/11/01 07:24:13 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/09 18:02:50 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/28 20:50:26 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/16 15:50:48 | 000,088,576 | ---- | M] () -- C:\Program Files\Silvercrest MTS2220 driver\statuskey.dll
MOD - [2009/12/16 15:10:22 | 000,090,624 | ---- | M] () -- C:\Program Files\Silvercrest MTS2220 driver\keydll.dll
MOD - [2009/07/14 04:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/14 04:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 04:42:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll
MOD - [2009/07/14 04:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 04:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/14 04:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 04:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2009/07/14 01:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2009/07/14 01:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/06/16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Silvercrest MTS2220 driver\MouseHook.dll


========== Services (SafeList) ==========

SRV - [2012/11/01 07:24:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/28 16:46:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/10/09 18:02:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 16:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/13 19:47:49 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService)
SRV - [2011/06/17 17:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/08 11:07:46 | 000,201,216 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Silvercrest MTS2220 driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - [2012/10/31 13:54:54 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/28 16:46:36 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/10/28 16:46:34 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/10/28 16:46:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/07/03 16:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 16:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 16:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 16:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 16:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/03 16:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/07/13 22:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.my-too...&as=0&isid=9848
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files\GadgetBox\gadgetBoxTB.dll (GadgetBox)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.ie/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files\GadgetBox\gadgetBoxTB.dll (GadgetBox)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enIE474
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
FF - prefs.js..extensions.enabledAddons: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.16.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:5.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.9.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/11 17:10:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\TelevisionFanatic\bar\1.bin [2012/03/13 19:47:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\[email protected] [2012/04/21 17:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/01 07:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/01 07:24:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/01 10:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/11/07 08:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions
[2012/11/07 08:01:51 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/04/21 17:51:11 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\[email protected]
[2012/04/30 21:41:12 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\[email protected]
[2012/11/05 22:22:06 | 000,005,375 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\[email protected]
[2012/08/01 15:36:07 | 000,216,359 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\[email protected]
[2012/11/01 07:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/01 07:24:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 20:47:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/23 00:02:55 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: MyTools (Enabled)
CHR - default_search_provider: search_url = http://search.my-too...q={searchTerms}
CHR - default_search_provider: suggest_url = http://suggestquerie...u={searchTerms}
CHR - homepage: http://search.my-too...&as=0&isid=9848
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (BFlix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files\BFlix\Bflix.dll (BFlix)
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (GagetBox) - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files\GadgetBox\gadgetBoxTB.dll (GadgetBox)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (TelevisionFanatic) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KMCONFIG] "C:\Program Files\Silvercrest MTS2220 driver\StartAutorun.exe" KMConfig.exe File not found
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (MindSpark)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F85848B-A762-474E-8F27-810164CCE31B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 09:29:38 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/09 08:06:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D2BD6C4F-F40C-498B-9306-47A84FA81360}
[2012/11/08 08:24:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{41E43D49-6255-41E1-95C7-474BFC3EB717}
[2012/11/07 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mega Codec Pack
[2012/11/07 20:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mega Codec Pack
[2012/11/07 18:45:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C9CEA724-4099-41A7-8690-6D01043992BB}
[2012/11/06 09:20:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1820EAD7-9B61-4588-A00F-1F4A83858852}
[2012/11/05 14:02:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5209C436-3E0A-41D5-9007-B8CC1A30CA1E}
[2012/11/04 13:48:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{53783DAB-75DA-4472-9029-6D0BD37B0999}
[2012/11/01 22:19:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{75B74E60-0FF6-44D4-A476-F1706207D9B0}
[2012/11/01 07:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/01 07:11:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{457E819B-1811-48C6-B451-D82261FD79C2}
[2012/10/28 16:46:34 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/10/27 10:16:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2F628DE3-DC5F-4283-AD4C-70C395451604}
[2012/10/26 09:23:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DF536416-AB31-41C5-B986-266FB51039F8}
[2012/10/25 19:12:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FF3C3BE1-D0F0-4A5A-B827-CAE9957924C6}
[2012/10/25 06:49:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5EEBAB40-A5A9-43FD-8900-7EB20A0D48AD}
[2012/10/24 13:13:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B9A02307-0577-417C-B0AC-4A7224BC9919}
[2012/10/23 23:34:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{69623414-20B0-49AE-8358-0B415A146639}
[2012/10/23 09:09:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F55BC8ED-1D65-4C20-B26E-032F0EDD886F}
[2012/10/22 17:24:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5D30D648-F04E-4C0D-8523-23BBF9A0F980}
[2012/10/21 18:32:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{27BC92FD-FB4C-4810-8984-AAD104A40AC8}
[2012/10/19 05:34:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2454B718-7BE6-444F-B72C-294BEFABBEE7}
[2012/10/18 12:27:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AC51CD4B-A762-4E32-B7DB-DEF969ADC7D4}
[2012/10/17 22:51:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9E21426C-4531-43A2-A896-82EA8438A8D5}
[2012/10/17 10:23:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5458D133-97D4-4EAF-8451-FDF843B4CFCF}
[2012/10/16 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0FC58DAE-7DA4-499D-A929-27BACD00776C}
[2012/10/16 09:17:02 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Mag santander-camden
[2012/10/16 08:23:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6476403B-3604-4259-BC9F-762DC91E5FAA}
[2012/10/15 20:23:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A9768DFD-2826-4E95-A216-6EBC30F64871}
[2012/10/15 07:51:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2F21190A-E805-4B78-9EB7-478DC733EF25}
[2012/10/14 19:51:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1FD12C07-1667-45D3-B80D-CBEC6C73509E}
[2012/10/12 07:22:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8204D6D5-B0D9-40C2-B4FE-866E8B75714B}
[2012/10/11 12:37:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{02D314E7-E7F3-4CE6-9167-9024BD762BF6}
[2012/10/10 19:49:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1BD3F421-B43D-462D-98DD-F7F4B9328065}
[2012/10/01 21:46:13 | 000,049,152 | ---- | C] (Stirling) -- C:\Program Files\_ISREG32.DLL

========== Files - Modified Within 30 Days ==========

[2012/11/09 08:39:50 | 000,001,078 | ---- | M] () -- C:\Users\User\Desktop\OTL - Shortcut.lnk
[2012/11/09 08:11:35 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/09 08:11:35 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/09 08:08:41 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/09 08:08:41 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/09 08:06:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 08:04:35 | 000,000,374 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job
[2012/11/09 08:04:34 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 08:04:34 | 000,000,354 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job
[2012/11/09 08:04:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/09 08:04:17 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/09 00:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/05 23:38:48 | 000,024,064 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/28 16:46:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/10/16 09:26:00 | 000,078,966 | ---- | M] () -- C:\Users\User\Desktop\tony C.jpg
[2012/10/11 07:34:54 | 003,343,728 | ---- | M] () -- C:\Users\User\Desktop\casino crowd skimmer.pdf
[2012/10/11 07:34:14 | 002,315,912 | ---- | M] () -- C:\Users\User\Desktop\tony C.pdf
[2012/10/11 07:33:58 | 001,947,169 | ---- | M] () -- C:\Users\User\Desktop\liol ol wine.pdf

========== Files Created - No Company Name ==========

[2012/11/09 08:39:50 | 000,001,078 | ---- | C] () -- C:\Users\User\Desktop\OTL - Shortcut.lnk
[2012/10/16 09:26:00 | 000,078,966 | ---- | C] () -- C:\Users\User\Desktop\tony C.jpg
[2012/10/11 07:34:53 | 003,343,728 | ---- | C] () -- C:\Users\User\Desktop\casino crowd skimmer.pdf
[2012/10/11 07:34:13 | 002,315,912 | ---- | C] () -- C:\Users\User\Desktop\tony C.pdf
[2012/10/11 07:33:54 | 001,947,169 | ---- | C] () -- C:\Users\User\Desktop\liol ol wine.pdf
[2012/10/01 21:46:13 | 000,000,147 | ---- | C] () -- C:\Program Files\_DEISREG.ISR
[2012/10/01 21:45:58 | 000,006,006 | ---- | C] () -- C:\Program Files\DeIsL1.isu
[2012/01/26 09:19:53 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2012/01/26 09:19:51 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/26 09:17:19 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2012/01/25 09:38:46 | 000,024,064 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/20 13:06:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/20 13:06:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/01/20 12:52:42 | 000,002,475 | ---- | C] () -- C:\Users\User\Address.csv

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 01:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/08 21:56:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus
[2012/01/25 21:50:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2012/01/25 07:33:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
[2012/04/30 21:19:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2012/05/30 06:50:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ScanSoft
[2012/11/09 00:54:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2012/01/21 08:29:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
[2012/05/30 06:50:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Zeon

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB19678$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Dont know if ive messed this up, if so please let me know, thanks tom!

Edited by slappyjoe, 09 November 2012 - 03:25 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there it looks like a zero access problem..

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
slappyjoe

slappyjoe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
C:\ComboFix.txt
Hi Essexboy, ran the combofix and seems to have worked without much work on my part - relief not a true geek! many thanks - great site.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the combofix log please as I need to ensure that all the problems have gone
  • 0

#5
slappyjoe

slappyjoe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi, if this not the one just let me know, thanks
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BFlix\BFLIx.dll
c:\program files\GadgetBox\gaDGetboxtb.dll
c:\program files\TelevisionFanatic
c:\program files\TelevisionFanatic\bar\1.bin\64auxstb.dll
c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll
c:\program files\TelevisionFanatic\bar\1.bin\64barsvc.exe
c:\program files\TelevisionFanatic\bar\1.bin\64brmon.exe
c:\program files\TelevisionFanatic\bar\1.bin\64brstub.dll
c:\program files\TelevisionFanatic\bar\1.bin\64datact.dll
c:\program files\TelevisionFanatic\bar\1.bin\64dlghk.dll
c:\program files\TelevisionFanatic\bar\1.bin\64dyn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64feedmg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64highin.exe
c:\program files\TelevisionFanatic\bar\1.bin\64hkstub.dll
c:\program files\TelevisionFanatic\bar\1.bin\64html.dll
c:\program files\TelevisionFanatic\bar\1.bin\64htmlmu.dll
c:\program files\TelevisionFanatic\bar\1.bin\64httpct.dll
c:\program files\TelevisionFanatic\bar\1.bin\64idle.dll
c:\program files\TelevisionFanatic\bar\1.bin\64ieovr.dll
c:\program files\TelevisionFanatic\bar\1.bin\64impipe.exe
c:\program files\TelevisionFanatic\bar\1.bin\64medint.exe
c:\program files\TelevisionFanatic\bar\1.bin\64mlbtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\64msg.dll
c:\program files\TelevisionFanatic\bar\1.bin\64Plugin.dll
c:\program files\TelevisionFanatic\bar\1.bin\64radio.dll
c:\program files\TelevisionFanatic\bar\1.bin\64regfft.dll
c:\program files\TelevisionFanatic\bar\1.bin\64reghk.dll
c:\program files\TelevisionFanatic\bar\1.bin\64regiet.dll
c:\program files\TelevisionFanatic\bar\1.bin\64script.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skin.dll
c:\program files\TelevisionFanatic\bar\1.bin\64sknlcr.dll
c:\program files\TelevisionFanatic\bar\1.bin\64skplay.exe
c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll
c:\program files\TelevisionFanatic\bar\1.bin\64SrchMn.exe
c:\program files\TelevisionFanatic\bar\1.bin\64tpinst.dll
c:\program files\TelevisionFanatic\bar\1.bin\64uabtn.dll
c:\program files\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST
c:\program files\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar
c:\program files\TelevisionFanatic\bar\1.bin\INSTALL.RDF
c:\program files\TelevisionFanatic\bar\1.bin\installKeys.js
c:\program files\TelevisionFanatic\bar\1.bin\LOGO.BMP
c:\program files\TelevisionFanatic\bar\1.bin\NP64Stub.dll
c:\program files\TelevisionFanatic\bar\1.bin\T8RES.DLL
c:\program files\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat
c:\programdata\100
c:\programdata\Bcool
c:\programdata\Bcool\background.html
c:\programdata\Bcool\content.js
c:\programdata\Bcool\data\content.js
c:\programdata\Bcool\data\jsondb.js
c:\programdata\Bcool\fgnippahjheicjenccifemomfgjofdhp.crx
c:\programdata\Bcool\inkefoidfpcjnmlpgfghfkbkokkioonk.crx
c:\programdata\Bcool\settings.ini
c:\windows\$NtUninstallKB19678$
c:\windows\$NtUninstallKB19678$\228140057
c:\windows\$NtUninstallKB19678$\4091658047\@
c:\windows\$NtUninstallKB19678$\4091658047\Desktop.ini
c:\windows\$NtUninstallKB19678$\4091658047\L\00000004.@
c:\windows\$NtUninstallKB19678$\4091658047\L\201d3dde
c:\windows\$NtUninstallKB19678$\4091658047\L\xadqgnnk
c:\windows\$NtUninstallKB19678$\4091658047\U\00000004.@
c:\windows\$NtUninstallKB19678$\4091658047\U\00000008.@
c:\windows\$NtUninstallKB19678$\4091658047\U\000000cb.@
c:\windows\$NtUninstallKB19678$\4091658047\U\80000000.@
c:\windows\$NtUninstallKB19678$\4091658047\U\80000032.@
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TelevisionFanaticService
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 17:24 . 2012-11-09 17:28 -------- d-----w- c:\users\User\AppData\Local\temp
2012-11-09 17:24 . 2012-11-09 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-09 17:13 . 2009-07-13 23:12 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-11-07 20:01 . 2012-11-07 20:02 -------- d-----w- c:\program files\Mega Codec Pack
2012-10-28 16:46 . 2012-10-28 16:46 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 18:02 . 2012-04-14 17:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:02 . 2012-01-20 13:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
1999-04-08 10:18 . 2012-10-01 21:46 49152 ----a-w- c:\program files\_ISREG32.DLL
2012-11-01 07:24 . 2012-11-01 07:24 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-07 20:02 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"KMCONFIG"="c:\program files\Silvercrest MTS2220 driver\StartAutorun.exe" [2008-05-30 212992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 00:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [x]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest MTS2220 driver\KMWDSrv.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 18:02]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-09 17:56]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-09 17:56]
.
2012-11-09 c:\windows\Tasks\TheBflixUpdaterLogonTask.job
- c:\programdata\TheBflixUpdater\updater.exe [2012-06-03 13:52]
.
2012-11-09 c:\windows\Tasks\TheBflixUpdaterRefreshTask.job
- c:\programdata\TheBflixUpdater\updater.exe [2012-06-03 13:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ww.google.ie/
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - ExtSQL: 2012-11-05 22:22; [email protected]; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2012-04-21 18:51; [email protected]; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\[email protected]
FF - user.js: extentions.y2layers.installId - ecc74d82-cedf-458b-9a56-818c1426f689
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MyTools - c:\program files\MyTools\uninstall.exe
AddRemove-TheBflix - c:\programdata\TheBflix\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-11-09 17:31:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-09 17:31
.
Pre-Run: 483,743,776,768 bytes free
Post-Run: 484,750,233,600 bytes free
.
- - End Of File - - 7DF389AED67256F74CE29197B9FE16DF
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye there is still one to kill

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Firefox::
FF - ExtSQL: 2012-11-05 22:22; [email protected]; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2012-04-21 18:51; [email protected]; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3lpggt3j.default\extensions\[email protected]




Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP