Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse AdInjector.c Virus On my Google Chrome [Closed]

Started by HarleyMurphy , Sep 17 2013 02:12 PM

  • This topic is locked This topic is locked

#16
HarleyMurphy
Posted 18 September 2013 - 08:03 PM

HarleyMurphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
The only Problem that I had was after the log it was hard to reconnect to the internet
The computer seems to be running good

ComboFix 13-09-17.01 - harley 2013-09-18 18:29:08.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.5251.3673 [GMT -7:00]
Running from: c:\users\harley\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
ADS - windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-08-19 to 2013-09-19 )))))))))))))))))))))))))))))))
.
.
2013-09-19 01:36 . 2013-09-19 01:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-09-19 00:55 . 2013-09-19 00:55 -------- d-----w- c:\windows\ERUNT
2013-09-18 20:40 . 2013-09-18 20:44 -------- d-----w- C:\AdwCleaner
2013-09-17 22:48 . 2013-09-17 22:48 -------- d-----w- c:\users\harley\AppData\Roaming\Malwarebytes
2013-09-17 22:48 . 2013-09-17 22:48 -------- d-----w- c:\programdata\Malwarebytes
2013-09-17 22:48 . 2013-09-17 22:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-17 22:48 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-16 22:49 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll
2013-09-15 17:52 . 2013-09-15 19:51 -------- d-----w- C:\sh4ldr
2013-09-15 17:52 . 2013-09-15 17:52 -------- d-----w- c:\program files\Enigma Software Group
2013-09-15 17:52 . 2013-09-15 19:51 -------- d-----w- c:\windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-15 17:33 . 2013-09-17 22:40 -------- d-----w- c:\program files (x86)\Google
2013-09-12 15:19 . 2013-07-03 00:22 2839552 ----a-w- c:\windows\system32\msftedit.dll
2013-09-12 15:19 . 2013-06-10 19:15 1156096 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-09-12 15:19 . 2013-07-06 00:16 1025024 ----a-w- c:\windows\system32\localspl.dll
2013-09-12 15:19 . 2013-07-03 00:23 778752 ----a-w- c:\windows\system32\oleaut32.dll
2013-09-12 15:19 . 2013-07-03 00:11 551424 ----a-w- c:\windows\SysWow64\oleaut32.dll
2013-09-12 12:18 . 2013-08-03 04:30 4038144 ----a-w- c:\windows\system32\win32k.sys
2013-09-12 12:16 . 2013-09-12 12:16 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-05 08:43 . 2013-09-05 08:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-08-27 21:30 . 2013-08-27 21:30 -------- d-----w- C:\toolbarImages
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-16 22:37 . 2013-03-10 18:37 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-09-15 17:08 . 2012-12-26 20:47 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 20:09 . 2013-05-25 18:58 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2013-05-25 18:58 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-14 23:27 . 2012-12-25 00:15 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-20 08:51 . 2013-07-20 08:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 08:50 . 2013-07-20 08:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 08:50 . 2013-07-20 08:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 08:50 . 2013-07-20 08:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-18 09:04 . 2013-07-18 09:04 248632 ----a-w- c:\windows\system32\drivers\avgwfpa.sys
2013-07-15 18:06 . 2013-07-15 18:06 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-07-13 06:18 . 2013-08-14 15:06 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-14 15:06 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-14 15:06 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-14 15:06 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 06:15 . 2013-08-14 15:06 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-13 04:24 . 2013-08-14 15:06 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-14 15:06 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-14 15:06 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 15:06 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-14 15:09 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-02 00:44 . 2013-08-14 15:08 36288 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-14 15:08 247216 ----a-w- c:\windows\system32\drivers\WdFilter.sys
2013-07-01 08:45 . 2013-07-01 08:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-28 19:12 . 2013-06-28 19:12 66728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-04-02 10:01 1467528 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\harley\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-27 138096]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-09-06 1811368]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19636840]
"MendFast"="c:\program files (x86)\MendFast\MFLauncher.exe" [2013-03-17 133944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-07-26 508656]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-05-02 548864]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-07-27 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-07-27 167024]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-15 1534504]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-8-26 1346936]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;@oem21.inf,%DeviceName% (WDM);Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-17 22:40 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-261124486-1905081341-3828901183-1001Core.job
- c:\users\harley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27 02:54]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-17 22:39]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-17 22:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-10-15 17079376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-10-15 191568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
FF - ProfilePath - c:\users\harley\AppData\Roaming\Mozilla\Firefox\Profiles\r5z3kwko.default\
FF - ExtSQL: 2013-08-12 19:49; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\harley\AppData\Roaming\Mozilla\Firefox\Profiles\r5z3kwko.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-18 15:15; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
Toolbar-Locked - (no file)
AddRemove-TeamSpeak 3 Client - c:\users\harley\Desktop\New folder (3)\uninstall.exe
AddRemove-VisualBee for Microsoft PowerPoint - c:\users\harley\AppData\Local\VisualBeeExe\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-09-18 18:39:52
ComboFix-quarantined-files.txt 2013-09-19 01:39
.
Pre-Run: 558,734,508,032 bytes free
Post-Run: 558,646,353,920 bytes free
.
- - End Of File - - 59EB1E6083C56103C024C88467FCB929
  • 0

Advertisements

#17
gringo_pr
Posted 18 September 2013 - 08:07 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello HarleyMurphy


:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:


AV: AVG AntiVirus Free Edition 2013
AV: McAfee Anti-Virus and Anti-Spyware


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.





At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#18
HarleyMurphy
Posted 18 September 2013 - 08:25 PM

HarleyMurphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I actually have to go in 5 minutes can i continue this tomorrow?
  • 0

#19
gringo_pr
Posted 18 September 2013 - 08:35 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


Of course!!


Gringo
  • 0

#20
HarleyMurphy
Posted 19 September 2013 - 01:42 PM

HarleyMurphy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I dont really see a change

ComboFix 13-09-19.01 - harley 2013-09-19 12:24:23.3.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.5251.3909 [GMT -7:00]
Running from: c:\users\harley\Desktop\ComboFix.exe
Command switches used :: c:\users\harley\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((( Files Created from 2013-08-19 to 2013-09-19 )))))))))))))))))))))))))))))))
.
.
2013-09-19 19:29 . 2013-09-19 19:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-09-19 19:29 . 2013-09-19 19:29 -------- d-----w- c:\users\dj-mu_000\AppData\Local\temp
2013-09-19 19:29 . 2013-09-19 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-19 00:55 . 2013-09-19 00:55 -------- d-----w- c:\windows\ERUNT
2013-09-18 20:40 . 2013-09-18 20:44 -------- d-----w- C:\AdwCleaner
2013-09-17 22:48 . 2013-09-17 22:48 -------- d-----w- c:\users\harley\AppData\Roaming\Malwarebytes
2013-09-17 22:48 . 2013-09-17 22:48 -------- d-----w- c:\programdata\Malwarebytes
2013-09-17 22:48 . 2013-09-17 22:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-17 22:48 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-16 22:49 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll
2013-09-15 17:52 . 2013-09-15 19:51 -------- d-----w- C:\sh4ldr
2013-09-15 17:52 . 2013-09-15 17:52 -------- d-----w- c:\program files\Enigma Software Group
2013-09-15 17:52 . 2013-09-15 19:51 -------- d-----w- c:\windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-15 17:33 . 2013-09-17 22:40 -------- d-----w- c:\program files (x86)\Google
2013-09-12 15:19 . 2013-07-03 00:22 2839552 ----a-w- c:\windows\system32\msftedit.dll
2013-09-12 15:19 . 2013-06-10 19:15 1156096 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-09-12 15:19 . 2013-07-06 00:16 1025024 ----a-w- c:\windows\system32\localspl.dll
2013-09-12 15:19 . 2013-07-03 00:23 778752 ----a-w- c:\windows\system32\oleaut32.dll
2013-09-12 15:19 . 2013-07-03 00:11 551424 ----a-w- c:\windows\SysWow64\oleaut32.dll
2013-09-12 12:18 . 2013-08-03 04:30 4038144 ----a-w- c:\windows\system32\win32k.sys
2013-09-12 12:16 . 2013-09-12 12:16 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-05 08:43 . 2013-09-05 08:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-08-27 21:30 . 2013-08-27 21:30 -------- d-----w- C:\toolbarImages
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-16 22:37 . 2013-03-10 18:37 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-09-15 17:08 . 2012-12-26 20:47 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 20:09 . 2013-05-25 18:58 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2013-05-25 18:58 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-14 23:27 . 2012-12-25 00:15 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-20 08:51 . 2013-07-20 08:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 08:50 . 2013-07-20 08:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 08:50 . 2013-07-20 08:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 08:50 . 2013-07-20 08:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-18 09:04 . 2013-07-18 09:04 248632 ----a-w- c:\windows\system32\drivers\avgwfpa.sys
2013-07-15 18:06 . 2013-07-15 18:06 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-07-13 06:18 . 2013-08-14 15:06 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-14 15:06 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-14 15:06 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-14 15:06 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 06:15 . 2013-08-14 15:06 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-13 04:24 . 2013-08-14 15:06 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-14 15:06 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-14 15:06 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 15:06 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-14 15:09 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-02 00:44 . 2013-08-14 15:08 36288 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-14 15:08 247216 ----a-w- c:\windows\system32\drivers\WdFilter.sys
2013-07-01 08:45 . 2013-07-01 08:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-28 19:12 . 2013-06-28 19:12 66728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-04-02 10:01 1467528 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\harley\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-27 138096]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-09-06 1811368]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19636840]
"MendFast"="c:\program files (x86)\MendFast\MFLauncher.exe" [2013-03-17 133944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-07-26 508656]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-05-02 548864]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-07-27 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-07-27 167024]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-8-26 1346936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe [x]
S3 EuMusDesignVirtualAudioCableWdm;@oem21.inf,%DeviceName% (WDM);Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-17 22:40 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-261124486-1905081341-3828901183-1001Core.job
- c:\users\harley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27 02:54]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-17 22:39]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-17 22:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-10-15 17079376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-10-15 191568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
FF - ProfilePath - c:\users\harley\AppData\Roaming\Mozilla\Firefox\Profiles\r5z3kwko.default\
FF - ExtSQL: 2013-08-12 19:49; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\harley\AppData\Roaming\Mozilla\Firefox\Profiles\r5z3kwko.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-18 15:15; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-09-19 12:31:22
ComboFix-quarantined-files.txt 2013-09-19 19:31
ComboFix2.txt 2013-09-19 01:39
.
Pre-Run: 556,013,494,272 bytes free
Post-Run: 555,957,641,216 bytes free
.
- - End Of File - - 6FE10D715EDDB6A44E91068CB31C56C9
  • 0

#21
gringo_pr
Posted 19 September 2013 - 07:31 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BrowserProtect
Delta toolbar
Free Ride Games Player
IB Updater 2.0.0.574
Incredibar Toolbar on IE
Java 7 Update 13
Java 7 Update 17 (64-bit)
KeyBar 1.14 Toolbar
McAfee Security Scan Plus
PricePeep
Search Protect by conduit
Wajam

 [/list]

Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#22
gringo_pr
Posted 23 September 2013 - 02:42 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#23
gringo_pr
Posted 28 September 2013 - 07:13 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP