ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 08-13-2013, 01:33 AM   #11
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 29,988
Default

Physically delete it from the program files folder. Also, go ahead and run combofix for me.
johnb35 is offline   Reply With Quote
Sponsored Links
Old 08-14-2013, 04:03 AM   #12
Byte Member
 
Join Date: Dec 2007
Posts: 38
Default

1. I can't physically delete the News.net folder from Crogram Files\ etc. because it says "it is being used in another program"

2. After running Combofix Internet Explorer would only allow me to access the home page and not move from it, but my Outlook and emails worked fine. I contacted Bigpond and they assisted me to get Internet explorer working again.

3. New.Net popup actually came up when Combofix was scanning.

================================================== ===
4. Combofix Log:
ComboFix 13-08-13.02 - User 14/08/2013 12:15:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16335.14334 [GMT 10:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf
.
.
((((((((((((((((((((((((( Files Created from 2013-07-14 to 2013-08-14 )))))))))))))))))))))))))))))))
.
.
2013-08-14 02:18 . 2013-08-14 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-11 08:38 . 2013-08-11 08:38 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\ {45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-11 08:38 . 2013-08-11 08:38 -------- d-----w- c:\program files (x86)\Trend Micro
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\programdata\Malwarebytes
2013-08-11 08:29 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-09 21:43 . 2013-08-09 21:44 -------- d-----w- c:\windows\system32\MRT
2013-08-03 07:33 . 2013-08-04 00:16 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss
2013-08-03 07:32 . 2013-08-12 23:25 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2013-08-03 01:31 . 2013-08-03 23:24 -------- d-----w- c:\programdata\DVD Shrink
2013-08-03 01:31 . 2013-08-03 01:31 -------- d-----w- c:\program files (x86)\DVD Shrink
2013-08-03 01:27 . 2013-08-03 01:27 -------- d-----w- c:\users\User\AppData\Local\Google
2013-08-03 01:27 . 2013-08-13 21:08 -------- d-----w- c:\program files\News.net
2013-07-25 21:19 . 2013-08-03 08:10 -------- d-----w- c:\users\User\AppData\Local\CrashDumps
2013-07-19 15:51 . 2013-07-19 15:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 15:50 . 2013-07-19 15:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 15:50 . 2013-07-19 15:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 15:50 . 2013-07-19 15:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-08-11 08:16 . 2013-07-01 05:43 363 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-09 15:32 . 2013-07-09 15:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-08 22:01 . 2012-07-17 04:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2013-06-30 15:45 . 2013-06-30 15:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-27 07:11 . 2013-06-21 09:14 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-23 14:57 . 2013-06-06 23:27 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 20:47 . 2013-06-21 20:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-21 20:47 . 2013-06-21 20:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:32 . 2013-06-16 22:32 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-16 22:32 . 2013-06-16 22:32 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-16 22:32 . 2013-06-16 22:32 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-16 22:32 . 2013-06-16 22:32 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-16 22:32 . 2013-06-16 22:32 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-16 22:32 . 2013-06-16 22:32 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-16 22:32 . 2013-06-16 22:32 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-16 22:32 . 2013-06-16 22:32 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-16 22:32 . 2013-06-16 22:32 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-16 22:32 . 2013-06-16 22:32 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-16 22:32 . 2013-06-16 22:32 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-16 22:32 . 2013-06-16 22:32 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-16 22:32 . 2013-06-16 22:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-16 22:32 . 2013-06-16 22:32 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-16 22:32 . 2013-06-16 22:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-16 22:32 . 2013-06-16 22:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-16 22:32 . 2013-06-16 22:32 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-16 22:32 . 2013-06-16 22:32 441856 ----a-w- c:\windows\system32\html.iec
2013-06-16 22:32 . 2013-06-16 22:32 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-16 22:32 . 2013-06-16 22:32 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-16 22:32 . 2013-06-16 22:32 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-16 22:32 . 2013-06-16 22:32 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-16 22:32 . 2013-06-16 22:32 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-16 22:32 . 2013-06-16 22:32 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-16 22:32 . 2013-06-16 22:32 235008 ----a-w- c:\windows\system32\url.dll
2013-06-16 22:32 . 2013-06-16 22:32 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-16 22:32 . 2013-06-16 22:32 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-16 22:32 . 2013-06-16 22:32 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-16 22:32 . 2013-06-16 22:32 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-16 22:32 . 2013-06-16 22:32 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-16 22:32 . 2013-06-16 22:32 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-16 22:32 . 2013-06-16 22:32 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-16 22:32 . 2013-06-16 22:32 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-16 22:32 . 2013-06-16 22:32 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-16 22:32 . 2013-06-16 22:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-16 22:32 . 2013-06-16 22:32 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-16 22:32 . 2013-06-16 22:32 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-16 22:32 . 2013-06-16 22:32 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-16 22:32 . 2013-06-16 22:32 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-16 22:32 . 2013-06-16 22:32 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-16 22:32 . 2013-06-16 22:32 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-16 22:32 . 2013-06-16 22:32 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-16 22:32 . 2013-06-16 22:32 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-16 22:32 . 2013-06-16 22:32 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-16 22:32 . 2013-06-16 22:32 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-16 22:32 . 2013-06-16 22:32 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-16 22:32 . 2013-06-16 22:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-16 22:32 . 2013-06-16 22:32 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-16 22:32 . 2013-06-16 22:32 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-16 22:31 . 2013-06-16 22:31 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-16 22:31 . 2013-06-16 22:31 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-16 22:31 . 2013-06-16 22:31 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-16 22:31 . 2013-06-16 22:31 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-16 22:31 . 2013-06-16 22:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-16 22:31 . 2013-06-16 22:31 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-16 22:31 . 2013-06-16 22:31 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-16 22:31 . 2013-06-16 22:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-16 22:31 . 2013-06-16 22:31 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-16 22:31 . 2013-06-16 22:31 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-16 22:31 . 2013-06-16 22:31 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-16 22:31 . 2013-06-16 22:31 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-16 22:31 . 2013-06-16 22:31 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-16 22:31 . 2013-06-16 22:31 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-16 22:31 . 2013-06-16 22:31 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-16 22:31 . 2013-06-16 22:31 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-16 22:31 . 2013-06-16 22:31 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-16 22:31 . 2013-06-16 22:31 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-16 22:31 . 2013-06-16 22:31 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-16 22:31 . 2013-06-16 22:31 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-16 22:31 . 2013-06-16 22:31 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-16 22:31 . 2013-06-16 22:31 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-16 22:31 . 2013-06-16 22:31 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-06-16 22:31 . 2013-06-16 22:31 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-06-16 22:31 . 2013-06-16 22:31 1175552 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-09-11 133408]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\run-disabled]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE"/logon
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64 .sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\ windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asah ci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgi dsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\ windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c: \windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c: \windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c: \windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS \avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c: \windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\ windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.s ys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\window s\SYSNATIVE\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\progr am files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NewsNetService;NewsNetService;c:\program files\News.net\NewsNetService.exe;c:\program files\News.net\NewsNetService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\pro gram files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c :\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c :\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\w indows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c: \windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c: \windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c: \windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\ windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MRXDAV
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2013-06-21 20:47]
.
2013-08-13 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-07-22 07:32]
.
2013-08-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 01:54]
.
2013-08-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 01:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-13 12936848]
"AtherosBtStack"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 1023104]
"AthBtTray"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 801920]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://go.bigpond.com/home/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - c:\program files\News.net\IE\ScriptHost64.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,44,d8,d6,b8,94,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-14 12:19:04
ComboFix-quarantined-files.txt 2013-08-14 02:19
.
Pre-Run: 421,838,880,768 bytes free
Post-Run: 421,684,273,152 bytes free
.
- - End Of File - - BF499A8275F569D43CBD0A1D61A7A946
A36C5E4F47E84449FF07ED3517B43A31

================================================== ====
5. Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:54:00 PM, on 14/08/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\VIA_XHCI\usb3Monitor.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.bigpond.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NewsNetService - International News Network Limited - C:\Program Files\News.net\NewsNetService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9254 bytes
bacdj is offline   Reply With Quote
Old 08-14-2013, 04:18 AM   #13
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 29,988
Default

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:
Folder::

c:\program files\News.net

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!




ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
johnb35 is offline   Reply With Quote
Old 08-14-2013, 06:12 AM   #14
Byte Member
 
Join Date: Dec 2007
Posts: 38
Default

Since doing what you instructed I can't open any programs and get the words "Illegal operation attemted on a registry key that has been marked for deletion".

Lucky I have a laptop so I can send messages separately.

What now?
bacdj is offline   Reply With Quote
Old 08-14-2013, 08:47 AM   #15
Byte Member
 
Join Date: Dec 2007
Posts: 38
Default

I turned off the computer left it off for some time and have now turned it back on again and it APPEARS to be working OK again.

I also had a look at the Program files and noticed that news.net is not there anymore.

I then went in to the combifix folder and found this log and suspect it is the last one.

PLEASE tell me that it is now FIXED! but I guess I won't know for a day or two to see if it pops up again.

SPECIAL THANKS in anticipation!

BD

================================================== =======
ComboFix 13-08-13.02 - User 14/08/2013 14:57:44.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16333.13928 [GMT 10:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\News.net
c:\program files\News.net\BreakingNews\DesktopContainer.exe
c:\program files\News.net\BreakingNews\headline.js
c:\program files\News.net\BreakingNews\html\code\animation.js
c:\program files\News.net\BreakingNews\html\code\Gadget.js
c:\program files\News.net\BreakingNews\html\image\close.png
c:\program files\News.net\BreakingNews\html\index.html
c:\program files\News.net\BreakingNews\html\style\gadget.css
c:\program files\News.net\BreakingNews\icon.ico
c:\program files\News.net\BreakingNews\NavigateError.html
c:\program files\News.net\BreakingNews\settings.xml
c:\program files\News.net\BreakingNews\update.exe
c:\program files\News.net\NewsNetService.exe
c:\program files\News.net\npapi.dll
c:\program files\News.net\uuid
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NewsNetService
-------\Service_NewsNetService
.
.
((((((((((((((((((((((((( Files Created from 2013-07-14 to 2013-08-14 )))))))))))))))))))))))))))))))
.
.
2013-08-11 08:38 . 2013-08-11 08:38 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\ {45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-11 08:38 . 2013-08-11 08:38 -------- d-----w- c:\program files (x86)\Trend Micro
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\programdata\Malwarebytes
2013-08-11 08:29 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-09 21:43 . 2013-08-09 21:44 -------- d-----w- c:\windows\system32\MRT
2013-08-03 07:33 . 2013-08-04 00:16 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss
2013-08-03 07:32 . 2013-08-12 23:25 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2013-08-03 01:31 . 2013-08-03 23:24 -------- d-----w- c:\programdata\DVD Shrink
2013-08-03 01:31 . 2013-08-03 01:31 -------- d-----w- c:\program files (x86)\DVD Shrink
2013-08-03 01:27 . 2013-08-03 01:27 -------- d-----w- c:\users\User\AppData\Local\Google
2013-07-25 21:19 . 2013-08-03 08:10 -------- d-----w- c:\users\User\AppData\Local\CrashDumps
2013-07-19 15:51 . 2013-07-19 15:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 15:50 . 2013-07-19 15:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 15:50 . 2013-07-19 15:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 15:50 . 2013-07-19 15:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-08-11 08:16 . 2013-07-01 05:43 363 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-09 15:32 . 2013-07-09 15:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-08 22:01 . 2012-07-17 04:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2013-06-30 15:45 . 2013-06-30 15:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-27 07:11 . 2013-06-21 09:14 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-23 14:57 . 2013-06-06 23:27 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 20:47 . 2013-06-21 20:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-21 20:47 . 2013-06-21 20:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:32 . 2013-06-16 22:32 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-16 22:32 . 2013-06-16 22:32 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-16 22:32 . 2013-06-16 22:32 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-16 22:32 . 2013-06-16 22:32 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-16 22:32 . 2013-06-16 22:32 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-16 22:32 . 2013-06-16 22:32 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-16 22:32 . 2013-06-16 22:32 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-16 22:32 . 2013-06-16 22:32 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-16 22:32 . 2013-06-16 22:32 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-16 22:32 . 2013-06-16 22:32 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-16 22:32 . 2013-06-16 22:32 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-16 22:32 . 2013-06-16 22:32 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-16 22:32 . 2013-06-16 22:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-16 22:32 . 2013-06-16 22:32 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-16 22:32 . 2013-06-16 22:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-16 22:32 . 2013-06-16 22:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-16 22:32 . 2013-06-16 22:32 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-16 22:32 . 2013-06-16 22:32 441856 ----a-w- c:\windows\system32\html.iec
2013-06-16 22:32 . 2013-06-16 22:32 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-16 22:32 . 2013-06-16 22:32 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-16 22:32 . 2013-06-16 22:32 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-16 22:32 . 2013-06-16 22:32 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-16 22:32 . 2013-06-16 22:32 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-16 22:32 . 2013-06-16 22:32 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-16 22:32 . 2013-06-16 22:32 235008 ----a-w- c:\windows\system32\url.dll
2013-06-16 22:32 . 2013-06-16 22:32 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-16 22:32 . 2013-06-16 22:32 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-16 22:32 . 2013-06-16 22:32 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-16 22:32 . 2013-06-16 22:32 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-16 22:32 . 2013-06-16 22:32 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-16 22:32 . 2013-06-16 22:32 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-16 22:32 . 2013-06-16 22:32 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-16 22:32 . 2013-06-16 22:32 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-16 22:32 . 2013-06-16 22:32 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-16 22:32 . 2013-06-16 22:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-16 22:32 . 2013-06-16 22:32 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-16 22:32 . 2013-06-16 22:32 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-16 22:32 . 2013-06-16 22:32 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-16 22:32 . 2013-06-16 22:32 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-16 22:32 . 2013-06-16 22:32 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-16 22:32 . 2013-06-16 22:32 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-16 22:32 . 2013-06-16 22:32 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-16 22:32 . 2013-06-16 22:32 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-16 22:32 . 2013-06-16 22:32 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-16 22:32 . 2013-06-16 22:32 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-16 22:32 . 2013-06-16 22:32 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-16 22:32 . 2013-06-16 22:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-16 22:32 . 2013-06-16 22:32 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-16 22:32 . 2013-06-16 22:32 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-16 22:31 . 2013-06-16 22:31 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-16 22:31 . 2013-06-16 22:31 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-16 22:31 . 2013-06-16 22:31 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-16 22:31 . 2013-06-16 22:31 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-16 22:31 . 2013-06-16 22:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-16 22:31 . 2013-06-16 22:31 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-16 22:31 . 2013-06-16 22:31 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-16 22:31 . 2013-06-16 22:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-16 22:31 . 2013-06-16 22:31 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-16 22:31 . 2013-06-16 22:31 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-16 22:31 . 2013-06-16 22:31 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-16 22:31 . 2013-06-16 22:31 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-16 22:31 . 2013-06-16 22:31 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-16 22:31 . 2013-06-16 22:31 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-16 22:31 . 2013-06-16 22:31 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-16 22:31 . 2013-06-16 22:31 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-16 22:31 . 2013-06-16 22:31 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-16 22:31 . 2013-06-16 22:31 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-16 22:31 . 2013-06-16 22:31 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-16 22:31 . 2013-06-16 22:31 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-16 22:31 . 2013-06-16 22:31 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-16 22:31 . 2013-06-16 22:31 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-16 22:31 . 2013-06-16 22:31 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-06-16 22:31 . 2013-06-16 22:31 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-06-16 22:31 . 2013-06-16 22:31 1175552 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-09-11 133408]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\run-disabled]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE"/logon
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\progr am files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64 .sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\ windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asah ci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgi dsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\ windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c: \windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c: \windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c: \windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS \avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c: \windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\ windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.s ys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\window s\SYSNATIVE\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\pro gram files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c :\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c :\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\w indows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c: \windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c: \windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c: \windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\ windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2013-06-21 20:47]
.
2013-08-14 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-07-22 07:32]
.
2013-08-14 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 01:54]
.
2013-08-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 01:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E}]
c:\program files\News.net\IE\ScriptHost64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17. 0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-13 12936848]
"AtherosBtStack"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 1023104]
"AthBtTray"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 801920]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://go.bigpond.com/home/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,44,d8,d6,b8,94,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Glary Utilities 3\Integrator.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
************************************************** ************************
.
Completion time: 2013-08-14 15:04:01 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-14 05:04
ComboFix2.txt 2013-08-14 02:19
.
Pre-Run: 421,186,453,504 bytes free
Post-Run: 420,934,266,880 bytes free
.
- - End Of File - - 695C16C7DF5EDDEF6BE9B4313EEBCE73
A36C5E4F47E84449FF07ED3517B43A31
bacdj is offline   Reply With Quote
Old 08-14-2013, 02:05 PM   #16
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 29,988
Default

Looks good. Let me know if it reappears but I doubt it will.

The info about the illegal operation message was at the bottom of my combofix instructions. It does help to read through all the posts I make. It's all good now though.

Quote:
If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running
johnb35 is offline   Reply With Quote

Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Popup identification and removal bacdj Computer Security 7 04-05-2013 08:00 AM
'You have a security problem' popup happysaz133 Computer Security 11 10-11-2008 03:12 PM
Keep getting this popup Kazoon Computer Security 22 01-04-2008 11:56 AM
rond.starsdoor.com popup slazman999 Computer Security 0 04-10-2007 04:07 AM
Internet Explorer 6 popup blocker fred2028 Internet Discussion 2 12-01-2005 07:57 AM


All times are GMT +1. The time now is 05:02 AM.


Powered by: vBulletin Version 3.8.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2002-2014 Computer Forum