News.net popup

bacdj

Member
I am having difficulty removing a recent news.net popup.

I have goggled and read heaps on this problem but cant remove it.

If I try to delete it or uninstall it I just get the message "This action cannot been completed because the file is open in another program"

Any suggestions appreciated.

Brian DJ
 

johnb35

Administrator
Staff member
Please do the following.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with OK
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.


Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 

bacdj

Member
Here is what log I could get:

# AdwCleaner v2.306 - Logfile created 08/11/2013 at 18:16:27
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

*************************

AdwCleaner[S1].txt - [8308 octets] - [01/07/2013 15:43:44]
AdwCleaner[S2].txt - [2285 octets] - [10/08/2013 09:00:47]
AdwCleaner[S3].txt - [3308 octets] - [11/08/2013 18:16:27]

########## EOF - C:\AdwCleaner[S3].txt - [3368 octets] ##########

======================================================

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
User :: USER-PC [administrator]

Protection: Enabled

11/08/2013 6:30:21 PM
mbam-log-2013-08-11 (18-30-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213019
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

========================================================

I used hijack This and this is the screen instruction I received:

For some reason your system denied access to the host file. If any hijacked domains are in this file Hijack This may not be able to fix this.
If this happens you need to edit the file yourself. To do this click Start, Run, and type Notepad C:\Windows\System32\drivers\etc\hosts and press enter. Find the lines Hijack this reports and delete them. Save the file as 'hosts' with quotes and reboot.
below are the results of the hijack this scan, be careful what you delete withy the fix checked button . Scan results do not determine whether an item is bad or not. The best thing to do is analyse this and show the log file to knowledgeable folks.
=============================================

I was unable to copy and paste a log file that came up after I clicked Analyse This.

Brian DJ
 

johnb35

Administrator
Staff member
Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.

Thats why I have explicit directions in red to run it as administrator. :) Once you follow those directions, it will run correctly.
 

bacdj

Member
Sorry for my slack interpretation skills.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:54:02 AM, on 12/08/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
C:\VIA_XHCI\usb3Monitor.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.bigpond.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: news.net - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\News.net\IE\ScriptHost.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NewsNetService - International News Network Limited - C:\Program Files\News.net\NewsNetService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10003 bytes
 

johnb35

Administrator
Staff member
Are you still getting the popup? If so, please do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 

bacdj

Member
I have not got the popup since yesterday afternoon, but I thought I had gotten rid of it on previous occasions also.

I see it came up in the HijackThis log:

O2 - BHO: news.net - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\News.net\IE\ScriptHost.dll

I also notice that it is still has a folder in the program files (as above) and I can't uninstall or delete it because it says it is in use by another program.

I also looked in Taskmanager to see if I could find it operating, but it is not there.

Seeing it has not popped up for a while perhaps I should leave it a bit longer to see what happens.

Brian DJ
 

johnb35

Administrator
Staff member
Good catch there as I overlooked it when I got home from work last night.

Rerun hijackthis and place a check next to this entry.

O2 - BHO: news.net - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\News.net\IE\ScriptHost.dll

Then click on fix checked.

Also go into add/remove programs and see if there is software listed as News.net and uninstall it.
 

bacdj

Member
Slowly getting there.

I have not had the popup recently so I guess we have killed the program.

I rerun hijackthis and placed a check next to this entry.

O2 - BHO: news.net - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\News.net\IE\ScriptHost.dll

Then I clicked on 'fix checked' and it is now removed from the Hijackthis scan log.

I had previously removed it from the add/remove programs list, but it is still there in the C:\Program files\News.net\etc. Since deleting it from the Hijackthis log I have now been able to remove some of the sub folders, but can't delete the main news.net folder, as it says: "This action cannot been completed because the file is open in another program"

Any suggestions:

Brian DJ
 

johnb35

Administrator
Staff member
Physically delete it from the program files folder. Also, go ahead and run combofix for me.
 

bacdj

Member
1. I can't physically delete the News.net folder from C:program Files\ etc. because it says "it is being used in another program"

2. After running Combofix Internet Explorer would only allow me to access the home page and not move from it, but my Outlook and emails worked fine. I contacted Bigpond and they assisted me to get Internet explorer working again.

3. New.Net popup actually came up when Combofix was scanning.

=====================================================
4. Combofix Log:
ComboFix 13-08-13.02 - User 14/08/2013 12:15:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16335.14334 [GMT 10:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf
.
.
((((((((((((((((((((((((( Files Created from 2013-07-14 to 2013-08-14 )))))))))))))))))))))))))))))))
.
.
2013-08-14 02:18 . 2013-08-14 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-11 08:38 . 2013-08-11 08:38 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-11 08:38 . 2013-08-11 08:38 -------- d-----w- c:\program files (x86)\Trend Micro
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\programdata\Malwarebytes
2013-08-11 08:29 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-09 21:43 . 2013-08-09 21:44 -------- d-----w- c:\windows\system32\MRT
2013-08-03 07:33 . 2013-08-04 00:16 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss
2013-08-03 07:32 . 2013-08-12 23:25 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2013-08-03 01:31 . 2013-08-03 23:24 -------- d-----w- c:\programdata\DVD Shrink
2013-08-03 01:31 . 2013-08-03 01:31 -------- d-----w- c:\program files (x86)\DVD Shrink
2013-08-03 01:27 . 2013-08-03 01:27 -------- d-----w- c:\users\User\AppData\Local\Google
2013-08-03 01:27 . 2013-08-13 21:08 -------- d-----w- c:\program files\News.net
2013-07-25 21:19 . 2013-08-03 08:10 -------- d-----w- c:\users\User\AppData\Local\CrashDumps
2013-07-19 15:51 . 2013-07-19 15:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 15:50 . 2013-07-19 15:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 15:50 . 2013-07-19 15:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 15:50 . 2013-07-19 15:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 08:16 . 2013-07-01 05:43 363 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-09 15:32 . 2013-07-09 15:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-08 22:01 . 2012-07-17 04:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-30 15:45 . 2013-06-30 15:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-27 07:11 . 2013-06-21 09:14 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-23 14:57 . 2013-06-06 23:27 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 20:47 . 2013-06-21 20:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-21 20:47 . 2013-06-21 20:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:32 . 2013-06-16 22:32 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-16 22:32 . 2013-06-16 22:32 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-16 22:32 . 2013-06-16 22:32 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-16 22:32 . 2013-06-16 22:32 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-16 22:32 . 2013-06-16 22:32 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-16 22:32 . 2013-06-16 22:32 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-16 22:32 . 2013-06-16 22:32 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-16 22:32 . 2013-06-16 22:32 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-16 22:32 . 2013-06-16 22:32 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-16 22:32 . 2013-06-16 22:32 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-16 22:32 . 2013-06-16 22:32 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-16 22:32 . 2013-06-16 22:32 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-16 22:32 . 2013-06-16 22:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-16 22:32 . 2013-06-16 22:32 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-16 22:32 . 2013-06-16 22:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-16 22:32 . 2013-06-16 22:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-16 22:32 . 2013-06-16 22:32 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-16 22:32 . 2013-06-16 22:32 441856 ----a-w- c:\windows\system32\html.iec
2013-06-16 22:32 . 2013-06-16 22:32 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-16 22:32 . 2013-06-16 22:32 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-16 22:32 . 2013-06-16 22:32 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-16 22:32 . 2013-06-16 22:32 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-16 22:32 . 2013-06-16 22:32 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-16 22:32 . 2013-06-16 22:32 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-16 22:32 . 2013-06-16 22:32 235008 ----a-w- c:\windows\system32\url.dll
2013-06-16 22:32 . 2013-06-16 22:32 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-16 22:32 . 2013-06-16 22:32 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-16 22:32 . 2013-06-16 22:32 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-16 22:32 . 2013-06-16 22:32 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-16 22:32 . 2013-06-16 22:32 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-16 22:32 . 2013-06-16 22:32 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-16 22:32 . 2013-06-16 22:32 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-16 22:32 . 2013-06-16 22:32 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-16 22:32 . 2013-06-16 22:32 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-16 22:32 . 2013-06-16 22:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-16 22:32 . 2013-06-16 22:32 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-16 22:32 . 2013-06-16 22:32 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-16 22:32 . 2013-06-16 22:32 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-16 22:32 . 2013-06-16 22:32 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-16 22:32 . 2013-06-16 22:32 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-16 22:32 . 2013-06-16 22:32 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-16 22:32 . 2013-06-16 22:32 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-16 22:32 . 2013-06-16 22:32 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-16 22:32 . 2013-06-16 22:32 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-16 22:32 . 2013-06-16 22:32 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-16 22:32 . 2013-06-16 22:32 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-16 22:32 . 2013-06-16 22:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-16 22:32 . 2013-06-16 22:32 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-16 22:32 . 2013-06-16 22:32 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-16 22:31 . 2013-06-16 22:31 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-16 22:31 . 2013-06-16 22:31 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-16 22:31 . 2013-06-16 22:31 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-16 22:31 . 2013-06-16 22:31 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-16 22:31 . 2013-06-16 22:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-16 22:31 . 2013-06-16 22:31 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-16 22:31 . 2013-06-16 22:31 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-16 22:31 . 2013-06-16 22:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-16 22:31 . 2013-06-16 22:31 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-16 22:31 . 2013-06-16 22:31 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-16 22:31 . 2013-06-16 22:31 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-16 22:31 . 2013-06-16 22:31 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-16 22:31 . 2013-06-16 22:31 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-16 22:31 . 2013-06-16 22:31 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-16 22:31 . 2013-06-16 22:31 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-16 22:31 . 2013-06-16 22:31 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-16 22:31 . 2013-06-16 22:31 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-16 22:31 . 2013-06-16 22:31 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-16 22:31 . 2013-06-16 22:31 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-16 22:31 . 2013-06-16 22:31 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-16 22:31 . 2013-06-16 22:31 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-16 22:31 . 2013-06-16 22:31 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-16 22:31 . 2013-06-16 22:31 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-06-16 22:31 . 2013-06-16 22:31 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-06-16 22:31 . 2013-06-16 22:31 1175552 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-09-11 133408]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE"/logon
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NewsNetService;NewsNetService;c:\program files\News.net\NewsNetService.exe;c:\program files\News.net\NewsNetService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MRXDAV
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-21 20:47]
.
2013-08-13 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-07-22 07:32]
.
2013-08-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 01:54]
.
2013-08-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 01:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-13 12936848]
"AtherosBtStack"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 1023104]
"AthBtTray"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 801920]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://go.bigpond.com/home/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - c:\program files\News.net\IE\ScriptHost64.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,44,d8,d6,b8,94,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-14 12:19:04
ComboFix-quarantined-files.txt 2013-08-14 02:19
.
Pre-Run: 421,838,880,768 bytes free
Post-Run: 421,684,273,152 bytes free
.
- - End Of File - - BF499A8275F569D43CBD0A1D61A7A946
A36C5E4F47E84449FF07ED3517B43A31

======================================================
5. Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:54:00 PM, on 14/08/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\VIA_XHCI\usb3Monitor.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.bigpond.com/home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NewsNetService - International News Network Limited - C:\Program Files\News.net\NewsNetService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9254 bytes
 

johnb35

Administrator
Staff member
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:
Folder::

c:\program files\News.net


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 

bacdj

Member
Since doing what you instructed I can't open any programs and get the words "Illegal operation attemted on a registry key that has been marked for deletion".

Lucky I have a laptop so I can send messages separately.

What now?
 

bacdj

Member
I turned off the computer left it off for some time and have now turned it back on again and it APPEARS to be working OK again.

I also had a look at the Program files and noticed that news.net is not there anymore.

I then went in to the combifix folder and found this log and suspect it is the last one.

PLEASE tell me that it is now FIXED! but I guess I won't know for a day or two to see if it pops up again.

SPECIAL THANKS in anticipation!

BD

=========================================================
ComboFix 13-08-13.02 - User 14/08/2013 14:57:44.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16333.13928 [GMT 10:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\News.net
c:\program files\News.net\BreakingNews\DesktopContainer.exe
c:\program files\News.net\BreakingNews\headline.js
c:\program files\News.net\BreakingNews\html\code\animation.js
c:\program files\News.net\BreakingNews\html\code\Gadget.js
c:\program files\News.net\BreakingNews\html\image\close.png
c:\program files\News.net\BreakingNews\html\index.html
c:\program files\News.net\BreakingNews\html\style\gadget.css
c:\program files\News.net\BreakingNews\icon.ico
c:\program files\News.net\BreakingNews\NavigateError.html
c:\program files\News.net\BreakingNews\settings.xml
c:\program files\News.net\BreakingNews\update.exe
c:\program files\News.net\NewsNetService.exe
c:\program files\News.net\npapi.dll
c:\program files\News.net\uuid
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NewsNetService
-------\Service_NewsNetService
.
.
((((((((((((((((((((((((( Files Created from 2013-07-14 to 2013-08-14 )))))))))))))))))))))))))))))))
.
.
2013-08-11 08:38 . 2013-08-11 08:38 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-11 08:38 . 2013-08-11 08:38 -------- d-----w- c:\program files (x86)\Trend Micro
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-11 08:29 . 2013-08-11 08:29 -------- d-----w- c:\programdata\Malwarebytes
2013-08-11 08:29 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-09 21:43 . 2013-08-09 21:44 -------- d-----w- c:\windows\system32\MRT
2013-08-03 07:33 . 2013-08-04 00:16 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss
2013-08-03 07:32 . 2013-08-12 23:25 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2013-08-03 01:31 . 2013-08-03 23:24 -------- d-----w- c:\programdata\DVD Shrink
2013-08-03 01:31 . 2013-08-03 01:31 -------- d-----w- c:\program files (x86)\DVD Shrink
2013-08-03 01:27 . 2013-08-03 01:27 -------- d-----w- c:\users\User\AppData\Local\Google
2013-07-25 21:19 . 2013-08-03 08:10 -------- d-----w- c:\users\User\AppData\Local\CrashDumps
2013-07-19 15:51 . 2013-07-19 15:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 15:50 . 2013-07-19 15:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 15:50 . 2013-07-19 15:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 15:50 . 2013-07-19 15:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 08:16 . 2013-07-01 05:43 363 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-09 15:32 . 2013-07-09 15:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-08 22:01 . 2012-07-17 04:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-30 15:45 . 2013-06-30 15:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-27 07:11 . 2013-06-21 09:14 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-23 14:57 . 2013-06-06 23:27 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 20:47 . 2013-06-21 20:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-21 20:47 . 2013-06-21 20:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:32 . 2013-06-16 22:32 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-16 22:32 . 2013-06-16 22:32 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-16 22:32 . 2013-06-16 22:32 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-16 22:32 . 2013-06-16 22:32 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-16 22:32 . 2013-06-16 22:32 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-16 22:32 . 2013-06-16 22:32 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-16 22:32 . 2013-06-16 22:32 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-16 22:32 . 2013-06-16 22:32 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-16 22:32 . 2013-06-16 22:32 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-16 22:32 . 2013-06-16 22:32 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-16 22:32 . 2013-06-16 22:32 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-16 22:32 . 2013-06-16 22:32 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-16 22:32 . 2013-06-16 22:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-16 22:32 . 2013-06-16 22:32 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-16 22:32 . 2013-06-16 22:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-16 22:32 . 2013-06-16 22:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-16 22:32 . 2013-06-16 22:32 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-16 22:32 . 2013-06-16 22:32 441856 ----a-w- c:\windows\system32\html.iec
2013-06-16 22:32 . 2013-06-16 22:32 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-16 22:32 . 2013-06-16 22:32 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-16 22:32 . 2013-06-16 22:32 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-16 22:32 . 2013-06-16 22:32 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-16 22:32 . 2013-06-16 22:32 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-16 22:32 . 2013-06-16 22:32 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-16 22:32 . 2013-06-16 22:32 235008 ----a-w- c:\windows\system32\url.dll
2013-06-16 22:32 . 2013-06-16 22:32 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-16 22:32 . 2013-06-16 22:32 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-16 22:32 . 2013-06-16 22:32 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-16 22:32 . 2013-06-16 22:32 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-16 22:32 . 2013-06-16 22:32 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-16 22:32 . 2013-06-16 22:32 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-16 22:32 . 2013-06-16 22:32 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-16 22:32 . 2013-06-16 22:32 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-16 22:32 . 2013-06-16 22:32 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-16 22:32 . 2013-06-16 22:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-16 22:32 . 2013-06-16 22:32 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-16 22:32 . 2013-06-16 22:32 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-16 22:32 . 2013-06-16 22:32 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-16 22:32 . 2013-06-16 22:32 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-16 22:32 . 2013-06-16 22:32 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-16 22:32 . 2013-06-16 22:32 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-16 22:32 . 2013-06-16 22:32 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-16 22:32 . 2013-06-16 22:32 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-16 22:32 . 2013-06-16 22:32 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-16 22:32 . 2013-06-16 22:32 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-16 22:32 . 2013-06-16 22:32 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-16 22:32 . 2013-06-16 22:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-16 22:32 . 2013-06-16 22:32 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-16 22:32 . 2013-06-16 22:32 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-16 22:31 . 2013-06-16 22:31 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-16 22:31 . 2013-06-16 22:31 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-16 22:31 . 2013-06-16 22:31 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-16 22:31 . 2013-06-16 22:31 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-16 22:31 . 2013-06-16 22:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-16 22:31 . 2013-06-16 22:31 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-16 22:31 . 2013-06-16 22:31 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-16 22:31 . 2013-06-16 22:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-16 22:31 . 2013-06-16 22:31 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-16 22:31 . 2013-06-16 22:31 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-16 22:31 . 2013-06-16 22:31 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-16 22:31 . 2013-06-16 22:31 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-16 22:31 . 2013-06-16 22:31 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-16 22:31 . 2013-06-16 22:31 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-16 22:31 . 2013-06-16 22:31 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-16 22:31 . 2013-06-16 22:31 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-16 22:31 . 2013-06-16 22:31 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-16 22:31 . 2013-06-16 22:31 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-16 22:31 . 2013-06-16 22:31 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-16 22:31 . 2013-06-16 22:31 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-16 22:31 . 2013-06-16 22:31 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-16 22:31 . 2013-06-16 22:31 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-16 22:31 . 2013-06-16 22:31 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-16 22:31 . 2013-06-16 22:31 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-06-16 22:31 . 2013-06-16 22:31 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-06-16 22:31 . 2013-06-16 22:31 1175552 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-08 22:50 222832 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-09-11 133408]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE"/logon
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-21 20:47]
.
2013-08-14 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-07-22 07:32]
.
2013-08-14 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 01:54]
.
2013-08-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 01:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E}]
c:\program files\News.net\IE\ScriptHost64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-08 22:50 261744 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-13 12936848]
"AtherosBtStack"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 1023104]
"AthBtTray"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 801920]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://go.bigpond.com/home/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,44,d8,d6,b8,94,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Glary Utilities 3\Integrator.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-08-14 15:04:01 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-14 05:04
ComboFix2.txt 2013-08-14 02:19
.
Pre-Run: 421,186,453,504 bytes free
Post-Run: 420,934,266,880 bytes free
.
- - End Of File - - 695C16C7DF5EDDEF6BE9B4313EEBCE73
A36C5E4F47E84449FF07ED3517B43A31
 

johnb35

Administrator
Staff member
Looks good. Let me know if it reappears but I doubt it will.

The info about the illegal operation message was at the bottom of my combofix instructions. It does help to read through all the posts I make. It's all good now though.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running
 
Top