PC MightyMaz 2011

Posted 8/10/2012 8:13 PM
#94252
User avatar

yokobeatdown Member

Date Joined Nov 2016
Total Posts: 4
Hello, <br/>My parents have a desktop running 64bit Vista and they downloaded something somewhere which lead to PC MightyMax 2011. I have been charged with solving this issue (Removing it) but I'm severely under qualified. <br/> <br/>As per different instructions I have taken some preparatory steps in compiling logs. <br/> <br/>I have two DDs logs, two OTL logs, a Hijackthis log and an Mbam log which were all formed with the Norton Antivirus software disabled. <br/> <br/>If you would please, instruct me on which logs would be helpful and need posted. <br/> <br/>If there is anything else I can do please let me know. <br/> <br/>Thank you very much
Posted 8/10/2012 8:17 PM
#94253
User avatar

yokobeatdown Member

Date Joined Nov 2016
Total Posts: 4
...Also I ran Ccleaner and removed all out of date java versions. <br/> <br/>Thank you
Posted 8/12/2012 4:33 AM
#94254
User avatar

Advanced member

Run a Combofix scan just to be on the safe side and run a sfc /scannow comand from an elevated command prompt as well. Most of the work was already done. <br/>Only post the combofix and hijacthis logs for now.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 8/13/2012 3:46 PM
#94257
User avatar

yokobeatdown Member

Date Joined Nov 2016
Total Posts: 4
Here you are <br/> <br/> <br/> <br/> <br/> <br/>ComboFix 12-08-13.01 - MUZAKERS 08/13/2012 11:15:07.1.8 - x64 <br/>Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4086.2025 [GMT -4:00] <br/>Running from: c:\users\MUZAKERS\Downloads\ComboFix.exe <br/>AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} <br/>SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} <br/>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>c:\users\MUZAKERS\AppData\Roaming\DataSafeDotNet.exe <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2012-08-13 15:26 . 2012-08-13 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2012-08-10 18:31 . 2012-08-10 18:31 -------- d-----w- c:\program files (x86)\Trend Micro <br/>2012-08-10 18:20 . 2012-08-10 18:20 -------- d-----w- c:\programdata\McAfee <br/>2012-08-10 15:28 . 2012-08-10 15:28 -------- d-----w- c:\program files\CCleaner <br/>2012-08-09 02:16 . 2012-08-10 15:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy <br/>2012-08-09 02:16 . 2012-08-09 02:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy <br/>2012-08-08 14:35 . 2012-08-08 14:35 -------- d-----w- c:\users\MUZAKERS\temp <br/>2012-08-08 14:35 . 2012-08-08 14:35 -------- d-----w- c:\program files (x86)\TeamViewer <br/>2012-08-07 23:39 . 2012-08-07 23:40 -------- d-----w- c:\program files (x86)\ERUNT <br/>2012-08-07 18:35 . 2012-08-07 18:35 -------- d-----w- c:\users\MUZAKERS\AppData\Roaming\licenses <br/>2012-08-07 18:35 . 2012-08-07 18:36 -------- d-----w- c:\users\MUZAKERS\AppData\Roaming\PCMM2009 <br/>2012-08-07 18:35 . 2012-08-07 18:35 -------- d-----w- c:\users\MUZAKERS\AppData\Roaming\PCMM2012 <br/>2012-08-07 18:35 . 2012-08-07 18:36 -------- d-----w- c:\users\MUZAKERS\AppData\Local\PC MightyMax 2012 <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2012-08-10 18:27 . 2012-06-20 20:28 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll <br/>2012-08-10 18:27 . 2010-07-09 13:22 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll <br/>2012-07-13 20:28 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe <br/>2012-07-03 17:46 . 2011-11-21 01:17 24904 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2012-06-16 00:16 . 2012-06-16 00:16 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll <br/>2012-06-16 00:16 . 2012-06-16 00:16 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll <br/>2012-06-13 13:58 . 2012-07-13 20:26 2769408 ----a-w- c:\windows\system32\win32k.sys <br/>2012-06-08 17:59 . 2012-07-12 12:55 12899840 ----a-w- c:\windows\system32\shell32.dll <br/>2012-06-05 16:47 . 2012-07-12 12:55 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll <br/>2012-06-05 16:47 . 2012-07-12 12:55 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll <br/>2012-06-05 16:22 . 2012-07-12 12:55 1797120 ----a-w- c:\windows\system32\msxml6.dll <br/>2012-06-05 16:22 . 2012-07-12 12:55 1869824 ----a-w- c:\windows\system32\msxml3.dll <br/>2012-06-04 15:29 . 2012-07-12 12:55 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys <br/>2012-06-02 22:19 . 2012-06-22 14:29 38424 ----a-w- c:\windows\system32\wups.dll <br/>2012-06-02 22:19 . 2012-06-22 14:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll <br/>2012-06-02 22:19 . 2012-06-22 14:29 57880 ----a-w- c:\windows\system32\wuauclt.exe <br/>2012-06-02 22:19 . 2012-06-22 14:29 44056 ----a-w- c:\windows\system32\wups2.dll <br/>2012-06-02 22:19 . 2012-06-22 14:29 35864 ----a-w- c:\windows\SysWow64\wups.dll <br/>2012-06-02 22:19 . 2012-06-22 14:29 701976 ----a-w- c:\windows\system32\wuapi.dll <br/>2012-06-02 22:19 . 2012-06-22 14:29 577048 ----a-w- c:\windows\SysWow64\wuapi.dll <br/>2012-06-02 22:15 . 2012-06-22 14:29 2622464 ----a-w- c:\windows\system32\wucltux.dll <br/>2012-06-02 22:15 . 2012-06-22 14:29 99840 ----a-w- c:\windows\system32\wudriver.dll <br/>2012-06-02 22:12 . 2012-06-22 14:29 88576 ----a-w- c:\windows\SysWow64\wudriver.dll <br/>2012-06-02 19:19 . 2012-06-22 14:29 186752 ----a-w- c:\windows\system32\wuwebv.dll <br/>2012-06-02 19:19 . 2012-06-22 14:29 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll <br/>2012-06-02 19:15 . 2012-06-22 14:29 36864 ----a-w- c:\windows\system32\wuapp.exe <br/>2012-06-02 19:12 . 2012-06-22 14:29 33792 ----a-w- c:\windows\SysWow64\wuapp.exe <br/>2012-06-02 12:49 . 2012-07-13 20:26 17807360 ----a-w- c:\windows\system32\mshtml.dll <br/>2012-06-02 12:17 . 2012-07-13 20:26 10924032 ----a-w- c:\windows\system32\ieframe.dll <br/>2012-06-02 12:12 . 2012-07-13 20:26 2311680 ----a-w- c:\windows\system32\jscript9.dll <br/>2012-06-02 12:05 . 2012-07-13 20:26 1346048 ----a-w- c:\windows\system32\urlmon.dll <br/>2012-06-02 12:05 . 2012-07-13 20:26 1392128 ----a-w- c:\windows\system32\wininet.dll <br/>2012-06-02 12:04 . 2012-07-13 20:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl <br/>2012-06-02 12:04 . 2012-07-13 20:26 237056 ----a-w- c:\windows\system32\url.dll <br/>2012-06-02 12:03 . 2012-07-13 20:26 85504 ----a-w- c:\windows\system32\jsproxy.dll <br/>2012-06-02 12:01 . 2012-07-13 20:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe <br/>2012-06-02 12:00 . 2012-07-13 20:26 818688 ----a-w- c:\windows\system32\jscript.dll <br/>2012-06-02 11:59 . 2012-07-13 20:26 2144768 ----a-w- c:\windows\system32\iertutil.dll <br/>2012-06-02 11:57 . 2012-07-13 20:26 96768 ----a-w- c:\windows\system32\mshtmled.dll <br/>2012-06-02 11:57 . 2012-07-13 20:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb <br/>2012-06-02 11:54 . 2012-07-13 20:26 248320 ----a-w- c:\windows\system32\ieui.dll <br/>2012-06-02 08:33 . 2012-07-13 20:26 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll <br/>2012-06-02 08:25 . 2012-07-13 20:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll <br/>2012-06-02 08:25 . 2012-07-13 20:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl <br/>2012-06-02 08:20 . 2012-07-13 20:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe <br/>2012-06-02 08:16 . 2012-07-13 20:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb <br/>2012-06-02 00:22 . 2012-07-12 12:55 347136 ----a-w- c:\windows\system32\schannel.dll <br/>2012-06-02 00:22 . 2012-07-12 12:55 254464 ----a-w- c:\windows\system32\ncrypt.dll <br/>2012-06-02 00:05 . 2012-07-12 12:55 77312 ----a-w- c:\windows\SysWow64\secur32.dll <br/>2012-06-02 00:04 . 2012-07-12 12:55 278528 ----a-w- c:\windows\SysWow64\schannel.dll <br/>2012-06-02 00:03 . 2012-07-12 12:55 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] <br/>"{38542454-dfb6-44f5-b052-d4e071a3d073}"= "c:\program files (x86)\Elf_1.12\prxtbElf0.dll" [2011-01-17 175912] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{38542454-dfb6-44f5-b052-d4e071a3d073}] <br/>. <br/>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] <br/>2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{38542454-dfb6-44f5-b052-d4e071a3d073}] <br/>2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Elf_1.12\prxtbElf0.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] <br/>"{38542454-dfb6-44f5-b052-d4e071a3d073}"= "c:\program files (x86)\Elf_1.12\prxtbElf0.dll" [2011-01-17 175912] <br/>"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{38542454-dfb6-44f5-b052-d4e071a3d073}] <br/>. <br/>[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] <br/>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-12-05 19:17 94208 ----a-w- c:\users\MUZAKERS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] <br/>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-12-05 19:17 94208 ----a-w- c:\users\MUZAKERS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] <br/>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-12-05 19:17 94208 ----a-w- c:\users\MUZAKERS\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll <br/>. <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] <br/>"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] <br/>"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192] <br/>"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-05 95576] <br/>"PC MightyMax 2011 Tray Icon"="c:\users\MUZAKERS\AppData\Local\PC MightyMax 2012\TrayIcon.exe" [2012-05-29 126888] <br/>"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] <br/>"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320] <br/>"SPIRunE"="SPIRunE.dll" [2009-03-05 18432] <br/>"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-14 61440] <br/>"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952] <br/>"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192] <br/>"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232] <br/>"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] <br/>"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] <br/>"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] <br/>"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-16 296056] <br/>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] <br/>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] <br/>. <br/>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-8-27 53248] <br/>. <br/>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] <br/>@="Service" <br/>. <br/>--- Other Services/Drivers In Memory --- <br/>. <br/>*NewlyCreated* - WS2IFSL <br/>. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs <br/>Themes <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 13:00] <br/>. <br/>2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 13:00] <br/>. <br/>. <br/>--------- X64 Entries ----------- <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] <br/>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-12-05 19:17 97792 ----a-w- c:\users\MUZAKERS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] <br/>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-12-05 19:17 97792 ----a-w- c:\users\MUZAKERS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] <br/>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-12-05 19:17 97792 ----a-w- c:\users\MUZAKERS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] <br/>@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] <br/>2011-12-05 19:17 97792 ----a-w- c:\users\MUZAKERS\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568] <br/>"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] <br/>"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] <br/>"LoadAppInit_DLLs"=0x0 <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uLocal Page = c:\windows\system32\blank.htm <br/>uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933 <br/>mLocal Page = c:\windows\SysWOW64\blank.htm <br/>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 <br/>TCP: DhcpNameServer = 207.69.188.186 207.69.188.187 <br/>DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB <br/>CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll <br/>FF - ProfilePath - c:\users\MUZAKERS\AppData\Roaming\Mozilla\Firefox\Profiles\nosnxvqh.default\ <br/>FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search <br/>FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/ctid=CT1060933&SearchSource=13 <br/>FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspxctid=CT1060933&SearchSource=2&q= <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) <br/>Wow6432Node-HKLM-Run-NPSStartup - (no file) <br/>Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe <br/>SafeBoot-WudfPf <br/>SafeBoot-WudfRd <br/>WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file) <br/>WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) <br/>WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file) <br/>HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe <br/>. <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV] <br/>"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Shockwave Flash Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] <br/>@="0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="ShockwaveFlash.ShockwaveFlash.10" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="ShockwaveFlash.ShockwaveFlash" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Macromedia Flash Factory Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="FlashFactory.FlashFactory.1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="FlashFactory.FlashFactory" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker4" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] <br/>@="Shockwave Flash" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] <br/>@Denied: (A 2) (Everyone) <br/>@="" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] <br/>@="FlashBroker" <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] <br/>"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, <br/> 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ <br/>. <br/>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] <br/>"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, <br/> 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ <br/>. <br/>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] <br/>@Denied: (A) (Users) <br/>@Denied: (A) (Everyone) <br/>@Allowed: (B 1 2 3 4 5) (S-1-5-20) <br/>"BlindDial"=dword:00000000 <br/>. <br/>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] <br/>@Denied: (A) (Users) <br/>@Denied: (A) (Everyone) <br/>@Allowed: (B 1 2 3 4 5) (S-1-5-20) <br/>"BlindDial"=dword:00000000 <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\program files\Dell\DellDock\DockLogin.exe <br/>c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE <br/>c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE <br/>c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe <br/>c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe <br/>c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE <br/>c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe <br/>c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe <br/>c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe <br/>c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe <br/>c:\windows\SysWOW64\rundll32.exe <br/>c:\program files (x86)\Dell Remote Access\ezi_ra.exe <br/>c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe <br/>c:\program files (x86)\Internet Explorer\IELowutil.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2012-08-13 11:40:01 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2012-08-13 15:39 <br/>. <br/>Pre-Run: 307,170,992,128 bytes free <br/>Post-Run: 307,035,258,880 bytes free <br/>. <br/>- - End Of File - - F9D231A22BA191DF8F44E07B858FE6FB <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 2:38:52 PM, on 8/10/2012 <br/>Platform: Windows Vista SP2 (WinNT 6.00.1906) <br/>MSIE: Internet Explorer v9.00 (9.00.8112.16447) <br/>Boot mode: Safe mode <br/> <br/>Running processes: <br/>C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1060933 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>R3 - URLSearchHook: Elf 1.12 Toolbar - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\prxtbElf0.dll <br/>R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) <br/>O1 - Hosts: ::1 localhost <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll <br/>O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll <br/>O2 - BHO: Elf 1.12 - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\prxtbElf0.dll <br/>O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL <br/>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll <br/>O3 - Toolbar: Elf 1.12 Toolbar - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\prxtbElf0.dll <br/>O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll <br/>O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) <br/>O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r <br/>O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry <br/>O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun <br/>O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m <br/>O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume <br/>O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" <br/>O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter <br/>O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe <br/>O4 - HKLM\..\Run: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon <br/>O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun <br/>O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe <br/>O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe <br/>O4 - HKCU\..\Run: [PC MightyMax 2011 Tray Icon] "C:\Users\MUZAKERS\AppData\Local\PC MightyMax 2012\TrayIcon.exe" <br/>O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe <br/>O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') <br/>O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') <br/>O4 - Global Startup: Dell Remote Access.lnk = ? <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll <br/>O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll <br/>O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL <br/>O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll <br/>O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll <br/>O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics <br/>O13 - Gopher Prefix: <br/>O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB <br/>O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab <br/>O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB <br/>O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/T27L10NSP11_PSOBOEING/webex/ieatgpc1.cab <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://sslvpn.boeing.com/dana-cached/sc/JuniperSetupClient.cab <br/>O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) <br/>O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) <br/>O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe <br/>O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe <br/>O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) <br/>O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe <br/>O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe <br/>O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe <br/>O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE <br/>O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) <br/>O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe <br/>O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) <br/>O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe <br/>O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) <br/>O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe <br/>O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe <br/>O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe <br/>O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) <br/>O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) <br/>O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) <br/>O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing) <br/> <br/>-- <br/>End of file - 12541 bytes <br/> <br/> <br/>Thank you
Posted 8/14/2012 4:33 AM
#94258
User avatar

Advanced member

Ok, delete these folders: <br/> <br/>C:\Users\MUZAKERS\AppData\Local\PC MightyMax 2012 <br/>c:\users\MUZAKERS\AppData\Roaming\PCMM2012 <br/>c:\users\MUZAKERS\AppData\Roaming\PCMM2009 <br/>If you can't, you can use Malwarebytes to remove them, or Unlocker. <br/> <br/>Run Hijackthis and place a checkmark by these entries: <br/>R3 - URLSearchHook: Elf 1.12 Toolbar - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\prxtbElf0.dll <br/>R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) <br/>O1 - Hosts: ::1 localhost <br/>O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll <br/>O2 - BHO: Elf 1.12 - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\prxtbElf0.dll <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O3 - Toolbar: Elf 1.12 Toolbar - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files (x86)\Elf_1.12\prxtbElf0.dll <br/>O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll <br/>O4 - HKCU\..\Run: [PC MightyMax 2011 Tray Icon] "C:\Users\MUZAKERS\AppData\Local\PC MightyMax 2012\TrayIcon.exe" <br/> <br/>Check the installed addons for Firefox and disable Conduit. <br/>Then delete this folder c:\program files (x86)\ConduitEngine\ and this folder c:\program files (x86)\Elf_1.12 <br/> <br/>Last but not least, disable the Tea-Timer for Spybot as it is in conflict with your Norton.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 8/17/2012 6:49 PM
#94266
User avatar

yokobeatdown Member

Date Joined Nov 2016
Total Posts: 4
Thank you, <br/>I followed your directions and can find no remnants of MightyMax2012. <br/> <br/>If there is anything else please let me know, otherwise thank you very much.
Posted 8/18/2012 3:51 AM
#94267
User avatar

Advanced member

No that pretty much did the job. <br/> <br/>Even if there are any remnants that we did not find (which always is a possibility) those can no longer harm your computer. They become part of the so called "dead weight" of a computer...useless files or registry keys.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 8/20/2012 11:51 PM
#94275
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Yes, TeaTimer, which can block both good and bad Registry changes, is usually the very first program needing to be disabled, so make sure it is. <br/> <br/>Unfortunately, just having HijackThis only removed the unwanted startups, and then deleting the folders, basically "broke" the uninstallers that likely would have worked through Control Panel - Uninstall/Programs and Features. ComboFix also errantly removed this legit Dell file: <br/> <br/>c:\users\MUZAKERS\AppData\Roaming\DataSafeDotNet.exe <br/> <br/>Why not go ahead and correct all that, to make things right. <br/> <br/>You will also need to fix your Hosts files - this is the legit entry for a Vista system: <br/> <br/>O1 - Hosts: ::1 localhost <br/> <br/>-------------- <br/> <br/>The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. <br/> <br/>And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" <br/> <br/> <br/> <br/>To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. [URL="http://www.bleepingcomputer.com/forums/topic114351.html"]Here[/URL] are some antivirus disable tips if needed. <br/> <br/>------- <br/> <br/>In Firefox, go to Help - Restart with Add-ons Disabled. In that "Firefox Safe Mode" display that opens, place checks next to the following, then click "Make changes and restart". <br/> <br/>Reset toolbars and controls <br/> <br/>Reset all user preferences to Firefox defaults <br/> <br/>Restore default search engines <br/> <br/>That will remove items, instead of just disabling them, and remove things like those Conduit search hijacker setting that might remain. <br/> <br/>------------ <br/> <br/>Go here and download and install the free trial version of Revo's Uninstaller. Revo will be able to bypass the broken uninstallers and remove Registry entries and files left behind. <br/> <br/>In Revo, locate and uninstall each of the following, since their normal methods have been corrupted: <br/> <br/>Elf_1.12 - Just a front for Conduit search hijacking. <br/>ConduitEngine - If it still shows there after the Elf removal. <br/>PC MightyMax 2011 <br/> <br/>Leave the default setting of "Moderate" for each uninstall, and it is okay to use "Select All" to Delete what Revo finds. <br/> <br/>----------- <br/> <br/>Download System Repair Engineer. Use the Local Download button to download sreng2.zip. <br/> <br/>Extract (unzip) it to it's own folder on your Desktop, then double click SREngLdr.exe to run it. <br/> <br/>When the display opens, click the System Repair - HOSTS File tab. Instead of us going back-and-forth and delaying checks of the Hosts file, just click the red "Reset" option in the lower left corner, and click "Yes" for SREng to create a default Hosts file. Then just click the X upper right to close the display. I strongly recommend you not be tempted to run any other scans/make any other changes using SREng unless we discuss them here. <br/> <br/>-------- <br/> <br/>Open notepad (go to Start Search, type notepad and press Enter) and copy/paste the text in the codebox below into it: <br/> <br/>[code]DEQUARANTINE:: <br/>C:\Qoobox\Quarantine\c\users\MUZAKERS\AppData\Roaming\DataSafeDotNet.exe.vir <br/>QUIT::[/code] <br/>Save this to your desktop as CFScript.txt <br/> <br/> <br/>You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan. <br/> <br/>ComboFix will run a brief limited scan, after which a log will pop up (also located at C:\DeQuarantine.txt).
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 1:11 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 37,967 registered members. Please welcome our newest member, ConcepcionJAbbate.
There are currently no users on-line.