Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

here is my report not sure what to do from here

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

here is my report not sure what to do from here

Unread postby signman15 » March 1st, 2013, 8:36 pm

ComboFix 13-03-01.01 - Janet 03/01/2013 17:54:15.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.658 [GMT -6:00]
Running from: c:\users\Janet\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-02 to 2013-03-02 )))))))))))))))))))))))))))))))
.
.
2013-03-02 00:08 . 2013-03-02 00:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-01 23:43 . 2013-03-01 23:44 -------- d-----w- c:\program files\DomaIQ Uninstaller
2013-03-01 23:37 . 2013-02-19 09:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CEFC052-169A-423C-9830-F4ABF97E7002}\mpengine.dll
2013-03-01 04:23 . 2013-03-01 04:23 -------- d-----w- c:\program files\CCleaner
2013-02-28 23:03 . 2013-02-28 23:03 -------- d-----w- c:\users\Janet\AppData\Roaming\Uniblue
2013-02-28 23:03 . 2013-02-28 23:03 -------- d-----w- c:\program files (x86)\Uniblue
2013-02-28 23:03 . 2013-02-28 23:03 -------- d-----w- c:\users\Janet\AppData\Local\SwvUpdater
2013-02-28 03:21 . 2013-02-19 09:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-27 00:52 . 2012-10-23 12:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74784574-61C5-4DCF-9BAD-346AD150D1F4}\gapaengine.dll
2013-02-27 00:49 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EDE250C-7D2D-4D21-9B95-B24EBA4AF893}\mpengine.dll
2013-02-27 00:40 . 2013-02-27 00:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-02-27 00:38 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2013-02-25 02:51 . 2013-02-25 03:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-25 02:48 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-02-25 02:48 . 2013-02-25 02:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-02-25 02:48 . 2013-02-25 02:48 -------- d-----w- c:\users\Janet\AppData\Local\Programs
2013-02-24 22:53 . 2013-02-24 22:53 -------- d-----w- c:\users\Janet\AppData\Roaming\SpecialSavings
2013-02-24 22:40 . 2013-02-24 22:40 -------- d-----w- c:\program files (x86)\Delta
2013-02-24 22:40 . 2013-03-01 17:39 -------- d-----w- c:\users\Janet\AppData\Roaming\Yontoo
2013-02-24 22:40 . 2013-02-24 22:40 -------- d-----w- c:\users\Janet\AppData\Roaming\PerformerSoft
2013-02-24 22:40 . 2013-02-24 22:40 -------- d-----w- c:\programdata\Tarma Installer
2013-02-16 20:07 . 2013-02-27 00:40 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-16 20:04 . 2013-02-24 20:56 -------- d-----w- C:\ddee7e5233d06191cd77d95453cc
2013-02-16 02:44 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 02:44 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 02:37 . 2013-01-09 01:10 237056 ----a-w- c:\windows\system32\url.dll
2013-02-15 02:25 . 2013-01-04 05:37 243200 ----a-w- c:\windows\system32\wow64.dll
2013-02-03 19:23 . 2013-02-03 19:23 -------- d-----w- c:\program files (x86)\Conduit
2013-02-03 19:23 . 2013-02-24 20:57 -------- d-----w- c:\users\Janet\AppData\Local\Conduit
2013-02-03 19:23 . 2013-02-24 20:57 -------- d-----w- c:\program files (x86)\SocialSearchBar_App
2013-02-03 19:22 . 2013-02-03 19:22 -------- d-----w- c:\program files (x86)\ExFriendAlert
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 00:12 . 2012-11-22 02:44 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 00:12 . 2012-02-16 00:58 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2010-03-25 03:42 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 21:59 . 2013-01-20 21:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 21:59 . 2013-01-20 21:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-15 02:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 16:52 . 2012-12-21 17:44 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-21 17:44 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 17:44 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-21 17:44 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 16:00 . 2010-06-05 17:51 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-07 05:41 . 2013-01-10 00:52 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-10 00:52 2745856 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-10 00:52 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-10 00:52 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-10 00:52 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-10 00:53 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-10 00:52 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-10 00:52 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-10 00:52 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-10 00:52 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-10 00:52 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-10 00:52 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-10 00:52 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-10 00:52 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-10 00:52 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-10 00:52 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-10 00:52 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 03:45 . 2013-01-10 00:52 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 03:21 . 2013-01-10 00:53 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-10 00:52 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-10 00:52 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-10 00:52 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-10 00:52 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-10 00:52 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-10 00:52 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-10 00:52 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-10 00:52 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-10 00:52 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-10 00:52 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-10 00:52 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-10 00:52 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-10 00:52 15360 ----a-w- c:\windows\SysWow64\djctq.rs
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2421d847-721c-404f-87b4-bbd2b95d1087}"= "c:\program files (x86)\SocialSearchBar_App\prxtbSoci.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{2421d847-721c-404f-87b4-bbd2b95d1087}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2421d847-721c-404f-87b4-bbd2b95d1087}]
2012-11-06 12:01 183112 ----a-w- c:\program files (x86)\SocialSearchBar_App\prxtbSoci.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}]
2013-01-29 03:39 391200 ----a-w- c:\program files (x86)\ExFriendAlert\IE\common.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A057A204-BACC-4D26-8092-38E8C3A72484}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-01-23 12:24 247704 ----a-w- c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2421d847-721c-404f-87b4-bbd2b95d1087}"= "c:\program files (x86)\SocialSearchBar_App\prxtbSoci.dll" [2012-11-06 183112]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
.
[HKEY_CLASSES_ROOT\clsid\{2421d847-721c-404f-87b4-bbd2b95d1087}]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Informer"="c:\program files (x86)\Software Informer\softinfo.exe" [2009-11-26 2011205]
"Yontoo Desktop"="c:\users\Janet\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-02-02 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2009-10-02 2596712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261095~1.52\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1255736]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-02-21 2561488]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-22 54320]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NISDRV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-26 02:42 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-22 00:12]
.
2013-03-01 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Janet\AppData\Local\SwvUpdater\Updater.exe [2013-02-28 23:03]
.
2013-02-25 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-02-25 20:08]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 04:45]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 04:45]
.
2013-02-25 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-02-25 20:07]
.
2013-02-25 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-02-25 20:07]
.
2013-02-28 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\sump.exe [2013-02-28 17:27]
.
2013-02-28 c:\windows\Tasks\spmonitor.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-02-28 17:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.delta-search.com/?affID=1196 ... 607657b011
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t47l2x298
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t47l2x298
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.10
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{A057A204-BACC-4D26-8092-38E8C3A72484} - (no file)
WebBrowser-{2421D847-721C-404F-87B4-BBD2B95D1087} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-01 18:15:34
ComboFix-quarantined-files.txt 2013-03-02 00:15
.
Pre-Run: 78,417,371,136 bytes free
Post-Run: 78,041,513,984 bytes free
.
- - End Of File - - 60818474BFD91289F06BB709FCD33348
signman15
Active Member
 
Posts: 1
Joined: March 1st, 2013, 8:30 pm
Advertisement
Register to Remove

Re: here is my report not sure what to do from here

Unread postby Gary R » March 2nd, 2013, 2:03 am

Please read the following topic ... viewtopic.php?p=491381#p491381 ... then start a new topic with the logs and information we require.

By the way, running Combofix without the advice of a person trained in its use is foolish in the extreme, if used inappropriately you could well have been left with a malfunctioning computer as a result. That's why sUBs the creator of Combofix specifically includes a message with Combofix telling people not to run it on their own, a message you seem to have seen fit to disregard, presumably because you believe he writes things for the good of his health, rather than for the good of your computer.

This topic is now closed.

Please start a new one with the logs and information asked for in the topic I linked you to. Include the fact that you've already run Combofix, but do not include the Combofix log unless your helper asks to see it.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware