Solved MBAR/ESET found Viruses including win32/bundled

October 27, 2013 at 23:53:25
Specs: Windows 7
I ran MBAR quick scan and it found a problem which I was able to fix. It was run a few days ago, but my computer was still having problems. I looked for an MBAM file, but cannot find one. I might have deleted because I did a CClean run.

I ran ESET and it found Win32/Bundled variant... I found an ESET log in the ESET folder:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13695
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-25 05:06:38
# local_time=2013-04-26 12:06:38 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 30035 13381020 0 0
# compatibility_mode=5893 16776574 100 94 2929954 118540789 0 0
# scanned=105881
# found=1
# cleaned=1
# scan_time=6517
sh=868492D9D85623296822F01CCE6D5FA68D5E4443 ft=1 fh=923a72f4e0fb597d vn="a variant of Win32/Hao123.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Indy\Downloads\setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13699
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-26 01:04:50
# local_time=2013-04-26 08:04:50 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 26824 13409712 0 0
# compatibility_mode=5893 16776574 100 94 2958646 118569481 0 0
# scanned=105424
# found=0
# cleaned=0
# scan_time=6231
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13713
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-28 02:11:31
# local_time=2013-04-28 09:11:31 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 22093 13629713 0 0
# compatibility_mode=5893 16776574 100 94 3178647 118789482 0 0
# scanned=108069
# found=2
# cleaned=2
# scan_time=7370
sh=468DE5D77ACB5C81065B05852C3C3FA3CB5F69E9 ft=1 fh=b49088e24536a2a6 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Indy\Downloads\KeyFinderInstaller.exe"
sh=ED7FBFBC0B644CA1BAB5A70FB8C0D3B0733DCB9B ft=1 fh=fe534b1e8ca575ff vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\VTRoot\HarddiskVolume2\Users\Indy\AppData\Local\Temp\is-EE7GI.tmp\OCSetupHlp.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13715
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-29 03:23:11
# local_time=2013-04-29 10:23:11 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 13677213 0 0
# compatibility_mode=5893 16776574 100 94 3226147 118836982 0 0
# scanned=19
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13715
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-29 06:44:19
# local_time=2013-04-29 01:44:19 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 13689281 0 0
# compatibility_mode=5893 16776574 100 94 3238215 118849050 0 0
# scanned=106124
# found=0
# cleaned=0
# scan_time=3715
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13715
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-29 08:13:59
# local_time=2013-04-29 03:13:59 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 13694661 0 0
# compatibility_mode=5893 16776574 100 94 3243595 118854430 0 0
# scanned=106136
# found=0
# cleaned=0
# scan_time=3626
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13743
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-02 09:37:13
# local_time=2013-05-03 04:37:13 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 14002055 0 0
# compatibility_mode=5893 16776574 100 94 3550989 119161824 0 0
# scanned=104212
# found=0
# cleaned=0
# scan_time=6116
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13823
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-14 06:38:07
# local_time=2013-05-14 01:38:07 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 14984909 0 0
# compatibility_mode=5893 16776574 100 94 4533843 120144678 0 0
# scanned=182341
# found=2
# cleaned=1
# scan_time=11685
sh=9E3624911C97E9BEE6B16CEA9BFF0739DCD3F3A3 ft=1 fh=27668b19bdf9a05a vn="a variant of Win32/Keygen.BH application" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{7044D1A5-2A5F-4334-8928-90584AC6E1B3}"
sh=9E3624911C97E9BEE6B16CEA9BFF0739DCD3F3A3 ft=1 fh=27668b19bdf9a05a vn="a variant of Win32/Keygen.BH application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{7044D1A5-2A5F-4334-8928-90584AC6E1B3}"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=13933
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-28 10:12:15
# local_time=2013-05-28 05:12:15 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 16207357 0 0
# compatibility_mode=5893 16776574 100 94 5756291 121367126 0 0
# scanned=179981
# found=0
# cleaned=0
# scan_time=13054
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=14067
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-13 08:54:34
# local_time=2013-06-14 03:54:34 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 22049 17628296 0 0
# compatibility_mode=5893 16776574 100 94 7177230 122788065 0 0
# scanned=184863
# found=0
# cleaned=0
# scan_time=10166
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad5121e8ceac1641b534190530cb2982
# engine=15652
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-27 05:04:17
# local_time=2013-10-28 12:04:17 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 21425101 0 0
# compatibility_mode=5893 16776574 100 94 4863916 134524648 0 0
# scanned=208171
# found=1
# cleaned=1
# scan_time=12635
sh=34FB13B8E40C47E8CBE6B2E784A2F34D6E557173 ft=1 fh=06b7d218bd23a67b vn="a variant of Win32/Bunndle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Indy\AppData\Roaming\.spotflux\updates\dist\install.exe"

I ran RogueKiller a couple different times... here is the first one and then followed by the last. In between the first and last I ran UNHIDE. That log follows the last RogueKiller log:

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Indy [Admin rights]
Mode : Scan -- Date : 10/28/2013 12:52:56
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xCD4B333C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320325AS ATA Device +++++
--- User ---
[MBR] 614046c0c6081d43eb4887f31ca0d874
[BSP] e58067dc9dfe83a00a047cdc68f4fff3 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295636 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608536576 | Size: 8108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10282013_125256.txt >>

RogueKiller #2:

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Indy [Admin rights]
Mode : Scan -- Date : 10/28/2013 13:38:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xCBD4333C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320325AS ATA Device +++++
--- User ---
[MBR] 614046c0c6081d43eb4887f31ca0d874
[BSP] e58067dc9dfe83a00a047cdc68f4fff3 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295636 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608536576 | Size: 8108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10282013_133828.txt >>
RKreport[0]_D_10282013_125427.txt;RKreport[0]_S_10282013_125256.txt;RKreport[0]_S_10282013_130102.txt
RKreport[0]_S_10282013_131020.txt

UNHIDE:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 10/28/2013 01:26:08 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 243600 files processed.

The C:\Users\Indy\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 10/28/2013 01:34:21 PM
Execution time: 0 hours(s), 8 minute(s), and 12 seconds(s)

I'll post AdwCleaner log in next dialog section. I hope someone can review these logs and tell me if the virus is still there or gone. Thanks.


See More: MBAR/ESET found Viruses including win32/bundled

Report •


✔ Best Answer
October 28, 2013 at 01:45:02
I knew I must have helped you before, I see you have now gone from XP to W7 since April.

Only Java is out of date.
Java 7 Update 45
[color=red][b]Java version out of Date![/b][/color]

Here are the Wise running instructions again, just in case you don't have them.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif

Run TFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

I keep ESET, MBAM on a thumb drive as part of my toolkit, ESET updates itself next time you run it.
All the other tools need to be downloaded again. as they have new versions often.



#1
October 27, 2013 at 23:57:34
The AdwCleaner log:

# AdwCleaner v3.010 - Report created 28/10/2013 at 13:53:34
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Indy - INDYSHIBA
# Running from : C:\Users\Indy\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Indy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1620 octets] - [03/09/2013 11:11:46]
AdwCleaner[R1].txt - [1329 octets] - [27/10/2013 19:58:57]
AdwCleaner[R2].txt - [1136 octets] - [28/10/2013 13:50:44]
AdwCleaner[S0].txt - [1723 octets] - [03/09/2013 11:12:36]
AdwCleaner[S1].txt - [1400 octets] - [27/10/2013 20:01:17]
AdwCleaner[S2].txt - [1058 octets] - [28/10/2013 13:53:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1118 octets] ##########


Report •

#2
October 28, 2013 at 00:04:11
"I hope someone can review these logs and tell me if the virus is still there or gone. Thanks"
I'm having a look now, what else are planning on running?

Report •

#3
October 28, 2013 at 00:10:16
Junkware Removal:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x86
Ran by Indy on Mon 10/28/2013 at 14:00:07.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-165395240-540117260-740471157-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Indy\AppData\Roaming\mozilla\firefox\profiles\976omnfo.default\minidumps [14 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Indy\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/28/2013 at 14:08:08.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

Related Solutions

#4
October 28, 2013 at 00:11:00
Okay, I'll run Defogger/Combofix now and post the results. Then reboot. I'll follow that with MBAM quick and post that result.

message edited by Bangkokindy


Report •

#5
October 28, 2013 at 00:54:29
"Okay, I'll run Defogger/Combofix now and post the results. Then reboot. I'll follow that with MBAM quick and post that result"
Perfect, you really have been doing your research.

Report •

#6
October 28, 2013 at 01:06:33
Combofix:

ComboFix 13-10-26.01 - Indy 10/28/2013 14:52:38.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.2025 [GMT 7:00]
Running from: c:\users\Indy\Downloads\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-09-28 to 2013-10-28 )))))))))))))))))))))))))))))))
.
.
2013-10-28 08:00 . 2013-10-28 08:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-28 08:00 . 2013-10-28 08:00 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-10-28 08:00 . 2013-10-28 08:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-28 05:22 . 2013-10-28 05:22 -------- d-----w- c:\programdata\spotflux
2013-10-28 05:21 . 2013-10-28 05:22 -------- d-----w- c:\program files\Spotflux
2013-10-25 10:23 . 2013-10-25 10:23 -------- d-----w- c:\program files\UltraVNC
2013-10-22 14:32 . 2013-10-22 14:32 -------- d-----w- c:\programdata\Oracle
2013-10-22 14:30 . 2013-10-22 14:30 -------- d-----w- c:\program files\Common Files\Java
2013-10-22 14:30 . 2013-10-08 00:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-16 19:42 . 2013-09-04 01:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-16 19:42 . 2013-09-04 01:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-16 19:42 . 2013-09-04 01:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-16 19:42 . 2013-09-04 01:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-16 19:42 . 2013-09-04 01:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-16 19:42 . 2013-09-04 01:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-16 19:42 . 2013-09-04 01:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-15 08:45 . 2013-10-16 07:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-10-10 16:07 . 2013-09-08 02:07 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-10 16:07 . 2013-09-14 00:48 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-10 16:07 . 2013-09-08 02:03 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-10-10 16:06 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-10 16:06 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-10 16:06 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-10 16:06 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 16:05 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 16:05 . 2013-07-03 04:02 36352 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-10 16:05 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-10 16:05 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-10 15:48 . 2013-08-28 01:04 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 15:48 . 2013-07-12 10:08 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-10 15:48 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-06 07:05 . 2013-10-06 07:05 -------- d-----w- c:\users\Indy\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 14:52 . 2013-08-17 16:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-12 14:52 . 2013-08-17 16:31 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-24 10:54 . 2013-06-18 09:16 85464 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-09-24 10:54 . 2013-06-18 09:16 582936 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-09-24 10:54 . 2013-06-18 09:16 44752 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-09-24 10:54 . 2013-06-18 09:16 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-09-24 10:53 . 2013-06-18 09:15 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-09-24 10:53 . 2013-06-18 09:15 354240 ----a-w- c:\windows\system32\guard32.dll
2013-09-24 10:53 . 2013-06-18 09:15 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-09-24 10:53 . 2013-06-18 09:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-08-05 01:56 . 2013-09-11 16:57 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50 . 2013-09-11 16:57 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49 . 2013-09-11 16:57 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 16:57 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 00:52 . 2013-09-11 16:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43 . 2013-09-11 16:57 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:57 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:57 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:57 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-27 07:48 220632 ----a-w- c:\users\Indy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-27 07:48 220632 ----a-w- c:\users\Indy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-27 07:48 220632 ----a-w- c:\users\Indy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-10-20 1576152]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 22:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 15:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
2009-11-11 09:17 771360 ----a-w- c:\program files\AirPort\APAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 14:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-14 17:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 10:06 1612920 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 11:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-01-15 09:48 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-08-16 02:07 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-30 06:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 02:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 06:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-21 01:46 1545512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
2009-08-12 00:09 1324384 ----a-w- c:\program files\TOSHIBA\TECO\TEco.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-08-17 18:48 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-08-04 01:17 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosWaitSrv]
2009-08-07 01:05 611672 ----a-w- c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-21 17:29 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoxOx]
2013-02-15 00:48 8720384 ----a-w- c:\program files\VoxOx\VoxOx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 ALSysIO;ALSysIO;c:\users\Indy\AppData\Local\Temp\ALSysIO.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-09-24 131288]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-14 1343400]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-09-24 20072]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-09-24 582936]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-09-24 44752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-03 94024]
S2 SpotfluxUpdateService;Spotflux Update Service;c:\program files\Spotflux\services\SpotfluxUpdateService.exe [2013-10-08 28160]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
S3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys [2013-05-28 33728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 06:22 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 13:24]
.
2013-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 13:24]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165395240-540117260-740471157-1000Core.job
- c:\users\Indy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07 13:31]
.
2013-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165395240-540117260-740471157-1000UA.job
- c:\users\Indy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07 13:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{8850A270-1B5C-4DB7-B86C-E9F82F92368F}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{DDEB6388-A067-4BC4-BCE4-FD02039AADFE}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{DDEB6388-A067-4BC4-BCE4-FD02039AADFE}\94E64697537383: NameServer = 8.26.56.26,8.20.247.20
FF - ProfilePath - c:\users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\976omnfo.default\
FF - prefs.js: browser.startup.homepage - google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(580)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(4664)
c:\windows\system32\guard32.dll
.
Completion time: 2013-10-28 15:02:34
ComboFix-quarantined-files.txt 2013-10-28 08:02
ComboFix2.txt 2013-09-03 04:40
ComboFix3.txt 2013-04-29 04:31
.
Pre-Run: 227,267,768,320 bytes free
Post-Run: 227,231,686,656 bytes free
.
- - End Of File - - B6FD00D377F90F4E8D705B5CA03D9EC7
5B5E648D12FCADC244C1EC30318E1EB9


Report •

#7
October 28, 2013 at 01:20:20
MBAM log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.27.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Indy :: INDYSHIBA [administrator]

10/28/2013 3:10:05 PM
mbam-log-2013-10-28 (15-10-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214603
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#8
October 28, 2013 at 01:24:42
Looking good.

Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#9
October 28, 2013 at 01:35:53
Security Check:

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
[color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color]
Windows Firewall Disabled!
COMODO Antivirus
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Wise Disk Cleaner 7.82
Wise Registry Cleaner 7.69
Java 7 Update 45
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.9.900.117
Adobe Reader XI
Mozilla Firefox (24.0)
Mozilla Thunderbird (24.0.1)
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Comodo Firewall cmdagent.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 0%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#10
October 28, 2013 at 01:42:22
BTW here is the MBAM file that started all of this with the bad file it found... now I know how to find the LOGS I figured I would post it:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.27.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Indy :: INDYSHIBA [administrator]

10/27/2013 7:28:23 PM
mbam-log-2013-10-27 (19-28-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215613
Time elapsed: 15 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Indy\Downloads\SoftonicDownloader_for_intellisys-project-desktop.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.

(end)


Report •

#11
October 28, 2013 at 01:45:02
✔ Best Answer
I knew I must have helped you before, I see you have now gone from XP to W7 since April.

Only Java is out of date.
Java 7 Update 45
[color=red][b]Java version out of Date![/b][/color]

Here are the Wise running instructions again, just in case you don't have them.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif

Run TFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

I keep ESET, MBAM on a thumb drive as part of my toolkit, ESET updates itself next time you run it.
All the other tools need to be downloaded again. as they have new versions often.


Report •

#12
October 28, 2013 at 01:53:27
Yes, you helped me fix the XP of a family member and then I discovered similar problems on my Win 7 so we solved those issues as well. Now its just my Win 7 with a problem. I do have my own XP and I'm running ESET on that just as a precaution in case some files I transferred were bad.

As for Java, it has been extremely peculiar the last several weeks. I actually checked it earlier today to see if it needed an update (via control panel) and it said it is up to date. I tried the same a few weeks ago and it said it was out of date, but when I tried updating at the website it sent me to the site said it could not be reached. It was as if my internet was disconnected/blocked when I tried accessing that particular page. Very weird. I finally went to softpedia and downloaded the file there. I have no idea why it says it is out of date, but I'll go to Java's site and see what it says there and let you know.

I'll do the wise programs as well. Thanks


Report •

#13
October 28, 2013 at 01:56:43
Java reports I am "up to date" with the latest version Java ver. 7 update 45. I think it might be wise for me to uninstall and reinstall again and this time hopefully directly from Java.

Report •

#14
October 28, 2013 at 01:59:12
"C:\Users\Indy\Downloads\SoftonicDownloader_for_intellisys-project-desktop.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully"

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic )
http://dottech.org/23420/cnet-crapw...

A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
Stick with Softpedia, they make you aware the program is Ad-supported & down the bottom of the page, they will advise of what you have to watch out for.
Sample page.
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshot )of above.
http://i.imgur.com/CSBplyA.gif


Report •

#15
October 28, 2013 at 02:03:30
"I think it might be wise for me to uninstall and reinstall again and this time hopefully directly from Java"
If you don't have a program running Java, there are always alternatives to Java based programs. I don't have Java installed at all, it has too many security holes.

To uninstall Java, use this.

To remove old and redundant versions of the Java Runtime Environment:
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://singularlabs.com/software/ja...


Report •

#16
October 28, 2013 at 02:33:47
I uninstalled Java and then went to the website to get the new version. It downloaded with no issues this time around. I have no older versions on the system that I can find.

I re-ran the security scan and it still says Java is out of date. No idea on that... I posted it below.

What are the alternatives to java to run java programs? Do you have a few I can check out and see if they will work for me?

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Disabled!
COMODO Antivirus
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Wise Disk Cleaner 7.82
Wise Registry Cleaner 7.69
Java 7 Update 45
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.9.900.117
Adobe Reader XI
Mozilla Firefox (24.0)
Mozilla Thunderbird (24.0.1)
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Comodo Firewall cmdagent.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 1%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#17
October 28, 2013 at 02:48:33
"What are the alternatives to java to run java programs?"
Tell me the java based programs you are using.

Report •

#18
October 28, 2013 at 02:52:07
Mostly I run into needing java when I am streaming a movie or in a chat based environment. So, I don't have a specific application.

I ran Wise programs (uninstalled the old versions and installed the new).


Report •

#19
October 28, 2013 at 02:53:25
And just finished TFC... so I think I've done all the programs you suggested.

Report •

#20
October 28, 2013 at 02:55:31
Ok, got to go out now, you should be right, shall give the Java more thought later.

Edit: One of the things TFC does, is clean out the Java cache, your Java may be Ok now.

message edited by Johnw


Report •

#21
October 28, 2013 at 03:19:23
Okay thanks for your help, again!

Report •

#22
October 28, 2013 at 07:01:43
I'm out of my league, as I don't do either streaming or chat.

These links do cover those requirements & they are all FREEWARE. Just a matter of choosing a non Java program.

http://www.softpedia.com/catList/40...
http://www.softpedia.com/catList/10...
http://www.softpedia.com/catList/63...
http://www.softpedia.com/catList/39...

message edited by Johnw


Report •

#23
October 30, 2013 at 07:53:26
Thanks John,

I was actually seeking a true alternative to java in terms of someone using their base language and using it as an openware development project. However, after viewing various articles on the subject I find that they are not sharing anything. So I guess if the developer uses Java, you must use it to view the content. I guess some use alternatives such as ajax. There are competitors out there, but it comes down to whether they are willing to develop using their tech vs. Java. From what I understand it is similar to Android.

Anyway, I guess either Oracle will make sure they have no more leaks or they will become irrelevant as developers use other technologies to deliver the same.

Thanks again for your help (again). I hope I don't run into similar probs again down the road...


Report •

#24
October 30, 2013 at 15:02:31
"I was actually seeking a true alternative to java in terms of someone using their base language"
Got it Bangkokindy.

"Thanks again for your help (again)"
YW, you made it easy.


Report •


Ask Question