Author Topic: Pop ups from eggdepo.co  (Read 14308 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20701
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups from eggdepo.co
« Reply #30 on: July 17, 2013, 02:58:13 PM »
Hi, Rachel.

You can continue using the free version of Malwarebytes by following the instructions at I keep getting notified that my trial has expired, how do I revert to the free version? to End trial.  The reason you ended up with the trial of the PRO version because you did not opt out of the free trial of Malwarebytes Anti-Malware PRO during the installation.  It is very important to read all options when installing software!

  • Please launch Google Chrome.
  • Click the Chrome menu button on the browser toolbar
  • Select Tools and then click on Extensions.
  • In the Extensions tab, remove (by clicking on the Recycle Bin) the Yealt, AddLyrics, DownloadTerms 1.0, LessTabs, TidyNetwork.com, WebCake 3.0 and any other unknown extensions from Google Chrome and any other extensions you did not install.

Please let me know if that solved the problem. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline guss000

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Pop ups from eggdepo.co
« Reply #31 on: July 22, 2013, 09:41:55 PM »
Hi Corrine

Yes this seems to have worked thank you. I have also downloaded the Microsoft Security Essentials as the Avast trial expired.

Is there anything else I need to do?

Rach

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20701
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups from eggdepo.co
« Reply #32 on: July 22, 2013, 09:59:00 PM »
Hi, Rachel.

Let's clean up the tools we used.

1.  Please do the following to uninstall AdwCleaner.
  •   Double-click AdwCleaner.exe to run the tool.
  •   Click Uninstall
  •   Confirm with yes
2.  Delete Junkware Removal Tool and SecurityCheck from your desktop.

3.  Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


Most likely the source of the problems you had was two-fold.  First, outdated third-part software such as Adobe programs and Oracle Java.  The other would have been "extras" included with installed software.  It is important to carefully watch each screen when installing software so those extra toolbars and the like can be unchecked.  When ever possible, I recommend installing software only from the developer's website rather than "download sites".

In addition, please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline guss000

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Pop ups from eggdepo.co
« Reply #33 on: July 22, 2013, 10:19:49 PM »
Ok I don't have any of those on my desktop, I must have ran them without saving to desktop first, all the logs were there which I have now deleted.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20701
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups from eggdepo.co
« Reply #34 on: July 22, 2013, 10:25:05 PM »
That's right.  I see ComboFix is in your downloads folder:  c:\users\Rachel\Downloads\ComboFix.exe

Move it to your desktop and then follow the instructions above.  That will remove the files that were needed to be created when running ComboFix.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline guss000

  • Jr. Member
  • **
  • Posts: 22
    • View Profile
Re: Pop ups from eggdepo.co
« Reply #35 on: July 25, 2013, 08:05:44 AM »
Ok done that. Here is the report...now what?
ComboFix 13-07-22.01 - Rachel 23/07/2013  13:14:30.5.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.64.1033.18.2909.1638 [GMT 12:00]
Running from: c:\users\Rachel\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-23 to 2013-07-23  )))))))))))))))))))))))))))))))
.
.
2013-07-23 01:24 . 2013-07-23 01:24   --------   d-----w-   c:\users\Joshua\AppData\Local\temp
2013-07-23 01:24 . 2013-07-23 01:24   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-22 22:45 . 2013-07-22 22:45   60872   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD8939E9-986D-4A39-87E1-D866970F38BE}\offreg.dll
2013-07-22 22:45 . 2013-07-22 22:45   29904   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD8939E9-986D-4A39-87E1-D866970F38BE}\MpKsl79c469ab.sys
2013-07-22 22:39 . 2013-07-22 22:39   698504   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAE203D0-8C55-4917-976D-EB828278FAF5}\gapaengine.dll
2013-07-22 22:39 . 2013-07-01 11:54   7143960   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD8939E9-986D-4A39-87E1-D866970F38BE}\mpengine.dll
2013-07-22 22:37 . 2013-07-22 22:37   --------   d-----w-   c:\program files\Microsoft Security Client
2013-07-22 22:36 . 2013-07-22 22:37   --------   d-----w-   C:\ec39d69998b7e59f462eccf225
2013-07-22 22:18 . 2013-07-02 06:54   7143960   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BAB9B4C-0C58-470B-BDBC-CE210A9972C5}\mpengine.dll
2013-07-17 08:09 . 2013-07-17 08:09   --------   d-----w-   c:\programdata\McAfee Security Scan
2013-07-17 08:09 . 2013-07-21 08:56   --------   d-----w-   c:\program files\McAfee Security Scan
2013-07-14 00:19 . 2013-07-14 00:19   --------   d-----w-   c:\programdata\Big Fish Games
2013-07-13 22:43 . 2013-06-11 23:43   217600   ----a-w-   c:\program files\Internet Explorer\sqmapi.dll
2013-07-13 20:23 . 2013-04-09 23:34   1247744   ----a-w-   c:\windows\system32\DWrite.dll
2013-07-13 20:23 . 2013-05-06 04:56   1620480   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-13 20:22 . 2013-06-04 04:53   509440   ----a-w-   c:\windows\system32\qedit.dll
2013-07-13 20:22 . 2013-06-05 03:05   2347520   ----a-w-   c:\windows\system32\win32k.sys
2013-07-13 20:22 . 2013-04-10 05:03   936448   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 20:22 . 2013-04-10 05:03   988672   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2013-07-13 20:22 . 2013-04-10 05:03   969216   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2013-07-13 20:22 . 2013-04-10 05:04   1221632   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2013-07-13 20:22 . 2013-05-27 04:57   680960   ----a-w-   c:\program files\Windows Defender\MpSvc.dll
2013-07-13 20:22 . 2013-05-27 04:57   392704   ----a-w-   c:\program files\Windows Defender\MpClient.dll
2013-07-13 20:22 . 2013-05-27 04:57   224768   ----a-w-   c:\program files\Windows Defender\MpCommu.dll
2013-07-09 09:15 . 2013-07-09 09:15   --------   d-----r-   c:\users\Rachel\AppData\Roaming\Brother
2013-07-02 00:37 . 2013-07-02 00:37   --------   d-----w-   c:\users\Rachel\AppData\Roaming\Malwarebytes
2013-07-02 00:37 . 2013-07-02 00:37   --------   d-----w-   c:\programdata\Malwarebytes
2013-07-02 00:37 . 2013-07-02 00:37   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-07-02 00:37 . 2013-04-04 02:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-06-30 08:38 . 2013-06-30 08:38   --------   d-----w-   c:\program files\ESET
2013-06-28 00:57 . 2013-06-28 00:57   --------   d-----w-   C:\Brother
2013-06-28 00:56 . 2013-06-28 00:57   --------   d-----w-   c:\program files\Browny02
2013-06-28 00:56 . 2010-05-10 08:45   103736   ----a-w-   c:\windows\system32\BRRBTOOL.EXE
2013-06-28 00:56 . 2005-01-17 07:10   45056   ----a-w-   c:\windows\system32\BRTCPCON.DLL
2013-06-28 00:56 . 2010-04-02 05:33   25299   ----a-w-   c:\windows\system32\BRLM03A.DLL
2013-06-28 00:56 . 2004-08-09 06:42   77824   ----a-w-   c:\windows\system32\BRLMW03A.DLL
2013-06-28 00:56 . 2013-06-28 00:56   --------   d-----w-   c:\program files\Brother
2013-06-28 00:56 . 2010-08-02 08:57   217088   ------w-   c:\windows\system32\NSSearch.dll
2013-06-28 00:56 . 2010-03-15 07:56   2560   ------w-   c:\windows\system32\BrDctF2S.dll
2013-06-28 00:56 . 2010-03-15 07:45   73728   ------w-   c:\windows\system32\BrDctF2.dll
2013-06-28 00:56 . 2007-12-13 10:16   5120   ------w-   c:\windows\system32\BrDctF2L.dll
2013-06-28 00:56 . 2010-02-04 23:42   180224   ------w-   c:\windows\system32\BroSNMP.dll
2013-06-28 00:56 . 2013-06-28 00:58   --------   d-----w-   c:\programdata\Brother
2013-06-26 08:13 . 2013-06-26 08:13   --------   d-----w-   c:\users\Rachel\AppData\Roaming\WinPatrol
2013-06-26 08:13 . 2013-06-26 08:13   --------   d-----w-   c:\program files\BillP Studios
2013-06-26 08:13 . 2013-06-26 08:13   --------   d-----w-   c:\programdata\InstallMate
2013-06-25 04:34 . 2013-06-25 04:34   --------   d-----w-   c:\windows\ERUNT
2013-06-25 04:34 . 2013-06-25 04:34   --------   d-----w-   C:\JRT
2013-06-24 08:46 . 2013-06-24 08:46   --------   d-----w-   c:\program files\Common Files\Java
2013-06-24 08:46 . 2013-06-24 08:46   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-17 08:09 . 2012-05-13 03:19   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-07-17 08:09 . 2011-08-16 04:07   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-24 08:46 . 2013-03-29 20:06   789416   ----a-w-   c:\windows\system32\deployJava1.dll
2013-06-24 08:46 . 2013-03-29 20:06   867240   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-05-23 04:35 . 2013-05-23 04:35   745472   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-23 04:35 . 2013-05-23 04:35   73728   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2013-05-23 04:35 . 2013-05-23 04:35   719360   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2013-05-23 04:35 . 2013-05-23 04:35   61952   ----a-w-   c:\windows\system32\tdc.ocx
2013-05-23 04:35 . 2013-05-23 04:35   523264   ----a-w-   c:\windows\system32\vbscript.dll
2013-05-23 04:35 . 2013-05-23 04:35   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2013-05-23 04:35 . 2013-05-23 04:35   38400   ----a-w-   c:\windows\system32\imgutil.dll
2013-05-23 04:35 . 2013-05-23 04:35   361984   ----a-w-   c:\windows\system32\html.iec
2013-05-23 04:35 . 2013-05-23 04:35   23040   ----a-w-   c:\windows\system32\licmgr10.dll
2013-05-23 04:35 . 2013-05-23 04:35   185344   ----a-w-   c:\windows\system32\elshyph.dll
2013-05-23 04:35 . 2013-05-23 04:35   158720   ----a-w-   c:\windows\system32\msls31.dll
2013-05-23 04:35 . 2013-05-23 04:35   150528   ----a-w-   c:\windows\system32\iexpress.exe
2013-05-23 04:35 . 2013-05-23 04:35   1441280   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-05-23 04:35 . 2013-05-23 04:35   138752   ----a-w-   c:\windows\system32\wextract.exe
2013-05-23 04:35 . 2013-05-23 04:35   137216   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-05-23 04:35 . 2013-05-23 04:35   12800   ----a-w-   c:\windows\system32\mshta.exe
2013-05-23 04:35 . 2013-05-23 04:35   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2013-05-23 04:34 . 2013-05-23 04:34   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-23 04:34 . 2013-05-23 04:34   906240   ----a-w-   c:\windows\system32\FntCache.dll
2013-05-23 04:34 . 2013-05-23 04:34   604160   ----a-w-   c:\windows\system32\d3d10level9.dll
2013-05-23 04:34 . 2013-05-23 04:34   5632   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-23 04:34 . 2013-05-23 04:34   5632   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-23 04:34 . 2013-05-23 04:34   417792   ----a-w-   c:\windows\system32\WMPhoto.dll
2013-05-23 04:34 . 2013-05-23 04:34   4096   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-23 04:34 . 2013-05-23 04:34   364544   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2013-05-23 04:34 . 2013-05-23 04:34   3584   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-23 04:34 . 2013-05-23 04:34   3419136   ----a-w-   c:\windows\system32\d2d1.dll
2013-05-23 04:34 . 2013-05-23 04:34   3072   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-23 04:34 . 2013-05-23 04:34   3072   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-23 04:34 . 2013-05-23 04:34   293376   ----a-w-   c:\windows\system32\dxgi.dll
2013-05-23 04:34 . 2013-05-23 04:34   2560   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-23 04:34 . 2013-05-23 04:34   249856   ----a-w-   c:\windows\system32\d3d10_1core.dll
2013-05-23 04:34 . 2013-05-23 04:34   2284544   ----a-w-   c:\windows\system32\msmpeg2vdec.dll
2013-05-23 04:34 . 2013-05-23 04:34   220160   ----a-w-   c:\windows\system32\d3d10core.dll
2013-05-23 04:34 . 2013-05-23 04:34   207872   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2013-05-23 04:34 . 2013-05-23 04:34   1988096   ----a-w-   c:\windows\system32\d3d10warp.dll
2013-05-23 04:34 . 2013-05-23 04:34   187392   ----a-w-   c:\windows\system32\UIAnimation.dll
2013-05-23 04:34 . 2013-05-23 04:34   161792   ----a-w-   c:\windows\system32\d3d10_1.dll
2013-05-23 04:34 . 2013-05-23 04:34   1158144   ----a-w-   c:\windows\system32\XpsPrint.dll
2013-05-23 04:34 . 2013-05-23 04:34   1080832   ----a-w-   c:\windows\system32\d3d10.dll
2013-05-23 04:34 . 2013-05-23 04:34   10752   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-13 04:45 . 2013-06-13 00:53   1160192   ----a-w-   c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-13 00:53   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 00:53   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-13 00:53   903168   ----a-w-   c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 00:53   43008   ----a-w-   c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-13 00:54   24576   ----a-w-   c:\windows\system32\cryptdlg.dll
2013-05-09 08:58 . 2010-06-28 00:03   229648   ----a-w-   c:\windows\system32\aswBoot.exe
2013-05-08 05:38 . 2013-06-13 00:53   1293672   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-13 00:54   3968872   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-13 00:54   3913576   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28 . 2010-06-27 23:45   238872   ------w-   c:\windows\system32\MpSigStub.exe
2013-04-26 04:55 . 2013-06-13 00:54   492544   ----a-w-   c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-13 00:54   1505280   ----a-w-   c:\windows\system32\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2009-07-21 2707526]
"SIP"="c:\programdata\d86c7a\SId86_2195.exe" [2011-01-27 0]
"Facebook Update"="c:\users\Rachel\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-10 1324384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-04-08 826880]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"OxigenServiceStart"="c:\program files\Oxigen\bin\OxigenService.exe" [2011-07-26 24888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-26 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Rachel\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-6 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSL79C469AB
*NewlyCreated* - NISDRV
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 21:29   1173456   ----a-w-   c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 08:09]
.
2013-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2943391463-3800702248-692433887-1004Core.job
- c:\users\Rachel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-26 05:14]
.
2013-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2943391463-3800702248-692433887-1004UA.job
- c:\users\Rachel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-26 05:14]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 10:19]
.
2013-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 10:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.co.nz/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-1ClickDownload - c:\program files\1ClickDownload\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-23  13:26:37
ComboFix-quarantined-files.txt  2013-07-23 01:26
ComboFix2.txt  2013-07-01 09:40
ComboFix3.txt  2013-07-01 09:17
ComboFix4.txt  2013-06-27 01:59
.
Pre-Run: 168,922,894,336 bytes free
Post-Run: 169,118,068,736 bytes free
.
- - End Of File - - 5322793A629A8F49DCE86E9CDC866DB0
5B5E648D12FCADC244C1EC30318E1EB9

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20701
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Pop ups from eggdepo.co
« Reply #36 on: July 25, 2013, 12:57:05 PM »
The following will implement some cleanup procedures as well as reset System Restore points in XP:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.