Jump to content

Xiduth

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for spending time to help me, can't express how happy I am. Have a great day!
  2. # AdwCleaner v2.306 - Logfile created 07/25/2013 at 16:02:03 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Ultimate (32 bits) # User : Jhon - JHON-PC # Boot Mode : Normal # Running from : C:\Users\Jhon\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Users\Jhon\AppData\Local\APN Folder Deleted : C:\Users\Jhon\AppData\Local\Babylon Folder Deleted : C:\Users\Jhon\AppData\Local\PackageAware Folder Deleted : C:\Users\Jhon\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\Jhon\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\Jhon\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Jhon\AppData\LocalLow\Guffins Folder Deleted : C:\Users\Jhon\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\Jhon\AppData\LocalLow\xfirexo Folder Deleted : C:\Users\Jhon\AppData\Roaming\Babylon Folder Deleted : C:\Users\Jhon\AppData\Roaming\Mozilla\Firefox\Profiles\pd5dqy0h.default\extensions\avg@toolbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKCU\Software\SMTTB2009 Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Somoto Toolbar Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start.1 Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009 Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3 Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D4DB7D0-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.17006 -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\Jhon\AppData\Roaming\Mozilla\Firefox\Profiles\pd5dqy0h.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.72 File : C:\Users\Jhon\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [10839 octets] - [25/07/2013 15:38:00] AdwCleaner[R2].txt - [10900 octets] - [25/07/2013 16:01:34] AdwCleaner[s1].txt - [10965 octets] - [25/07/2013 16:02:03] ########## EOF - C:\AdwCleaner[s1].txt - [11026 octets] ########## ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Results of screen317's Security Check version 0.99.71 Windows 7 x86 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java DB 10.5.3.0 JavaFX 2.1.1 JavaFX 2.1.1 SDK Java 7 Update 25 Java SE Development Kit 7 Update 25 Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  3. Ok, so it won't allow me to repair Safe mode as when I run the program it says it is the wrong OS and only supports xp and 2000. I'm running windows 7 so is there a version for that? Adware Log: # AdwCleaner v2.306 - Logfile created 07/25/2013 at 15:38:00# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Ultimate (32 bits)# User : Jhon - JHON-PC# Boot Mode : Normal# Running from : C:\Users\Jhon\Desktop\adwcleaner.exe# Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files\Common Files\AVG Secure SearchFolder Found : C:\ProgramData\BabylonFolder Found : C:\Users\Jhon\AppData\Local\APNFolder Found : C:\Users\Jhon\AppData\Local\BabylonFolder Found : C:\Users\Jhon\AppData\Local\PackageAwareFolder Found : C:\Users\Jhon\AppData\LocalLow\AVG Secure SearchFolder Found : C:\Users\Jhon\AppData\LocalLow\AVG Security ToolbarFolder Found : C:\Users\Jhon\AppData\LocalLow\BabylonToolbarFolder Found : C:\Users\Jhon\AppData\LocalLow\GuffinsFolder Found : C:\Users\Jhon\AppData\LocalLow\Toolbar4Folder Found : C:\Users\Jhon\AppData\LocalLow\xfirexoFolder Found : C:\Users\Jhon\AppData\Roaming\BabylonFolder Found : C:\Users\Jhon\AppData\Roaming\Mozilla\Firefox\Profiles\pd5dqy0h.default\extensions\avg@toolbar ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\ToolbarKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Key Found : HKCU\Software\SMTTB2009Key Found : HKCU\Software\SoftonicKey Found : HKCU\Software\Somoto ToolbarKey Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1Key Found : HKLM\SOFTWARE\Classes\Conduit.EngineKey Found : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start.1Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWndKey Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocolKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbarKey Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtilsKey Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManagerKey Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManagerKey Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequestKey Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTaskKey Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelperKey Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifierKey Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImplKey Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D4DB7D0-6EC9-47A3-BD87-1E41684E07BB}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHookKey Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Found : HKLM\Software\Freeze.comKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahlaKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dllKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Found : HKU\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.17006 -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\Jhon\AppData\Roaming\Mozilla\Firefox\Profiles\pd5dqy0h.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.72 File : C:\Users\Jhon\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [10708 octets] - [25/07/2013 15:38:00] ########## EOF - C:\AdwCleaner[R1].txt - [10769 octets] ##########
  4. Is it OK to download avast free antivirus right now, because to run Combofix I had to delete AVG 2011, and I'm thinking about getting a new antivirus program, as AVG isn't that great from what I've heard. Thank you again MrC, it means a lot.
  5. Copied and Pasted twice sorry, if you want I attached a doc if you'd like. ComboFix.txt
  6. ComboFix 13-07-25.02 - Jhon 07/25/2013 14:35:01.2.2 - x86 Running from: c:\users\Jhon\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jhon\AppData\Roaming\193334A8D1A6415994998556736BDFE0.dat c:\users\Jhon\AppData\Roaming\AdVantage c:\users\Jhon\AppData\Roaming\RSBot.db c:\users\Jhon\WINDOWS c:\users\Jhon\WINDOWS\crc32.crc c:\windows\system32\3500_256.dll c:\windows\system32\bin c:\windows\system32\frapsvid.dll c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2013-06-26 to 2013-07-26 ))))))))))))))))))))))))))))))) . . 2013-07-26 02:43 . 2013-07-26 02:43 -------- d-----w- c:\users\Jhon\AppData\Local\temp 2013-07-26 02:43 . 2013-07-26 02:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-26 02:12 . 2013-07-26 02:12 -------- d-----w- c:\program files\AVG Secure Search 2013-07-25 00:01 . 2013-07-25 00:05 -------- d-----w- C:\.soulsplit2 2013-07-24 23:58 . 2013-07-24 23:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-23 22:25 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll 2013-07-22 23:18 . 2013-07-22 23:18 -------- d-----w- c:\users\Jhon\AppData\Roaming\Malwarebytes 2013-07-22 23:17 . 2013-07-22 23:17 -------- d-----w- c:\programdata\Malwarebytes 2013-07-22 23:17 . 2013-07-22 23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-22 23:17 . 2013-04-05 02:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-22 23:17 . 2013-07-22 23:17 -------- d-----w- c:\users\Jhon\AppData\Local\Programs 2013-07-08 00:00 . 2013-07-08 00:00 -------- d-----w- c:\users\Jhon\validuscache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-24 23:56 . 2012-05-26 15:04 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-24 23:56 . 2010-07-19 23:59 789416 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2006-04-09 232912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-08-28 09:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] 2011-09-10 14:28 2338656 ----a-w- c:\program files\AVG\AVG10\avgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2009-11-19 00:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2011-08-01 23:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2013-07-26 02:12 218440 ------w- c:\program files\AVG Secure Search\vprot.exe . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-05 701512] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 22416] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-15 3583592] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-04-29 11232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-01 1343400] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-24 35560] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-05 418376] S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2013-07-26 246600] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-05 22856] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3737616515-2033285701-3433021707-1000Core.job - c:\users\Jhon\AppData\Local\Google\Update\GoogleUpdate.exe [2006-01-12 06:54] . 2013-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3737616515-2033285701-3433021707-1000UA.job - c:\users\Jhon\AppData\Local\Google\Update\GoogleUpdate.exe [2006-01-12 06:54] . . ------- Supplementary Scan ------- . IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Trusted Zone: adobe.com\www Trusted Zone: facebook.com\www TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll SafeBoot-01684263.sys SafeBoot-12887236.sys SafeBoot-72862528.sys MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-Logitech Vid - c:\program files\Logitech\Vid HD\Vid.exe MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\Logitech WebCam Software\LWS.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe AddRemove-Logitech Vid - c:\program files\Logitech\Vid HD\uninst.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariDownload" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (S-1-5-21-3737616515-2033285701-3433021707-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (S-1-5-21-3737616515-2033285701-3433021707-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariExtension" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (S-1-5-21-3737616515-2033285701-3433021707-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (S-1-5-21-3737616515-2033285701-3433021707-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (S-1-5-21-3737616515-2033285701-3433021707-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-25 14:44:37 ComboFix-quarantined-files.txt 2013-07-26 02:44 . Pre-Run: 113,297,268,736 bytes free Post-Run: 113,370,013,696 bytes free . - - End Of File - - BD7C9B3E66A27E5EA2BB39ECA5F27400 A36C5E4F47E84449FF07ED3517B43A31 ComboFix 13-07-25.02 - Jhon 07/25/2013 14:35:01.2.2 - x86 Running from: c:\users\Jhon\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jhon\AppData\Roaming\193334A8D1A6415994998556736BDFE0.dat c:\users\Jhon\AppData\Roaming\AdVantage c:\users\Jhon\AppData\Roaming\RSBot.db c:\users\Jhon\WINDOWS c:\users\Jhon\WINDOWS\crc32.crc c:\windows\system32\3500_256.dll c:\windows\system32\bin c:\windows\system32\frapsvid.dll c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2013-06-26 to 2013-07-26 ))))))))))))))))))))))))))))))) . . 2013-07-26 02:43 . 2013-07-26 02:43 -------- d-----w- c:\users\Jhon\AppData\Local\temp 2013-07-26 02:43 . 2013-07-26 02:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-26 02:12 . 2013-07-26 02:12 -------- d-----w- c:\program files\AVG Secure Search 2013-07-25 00:01 . 2013-07-25 00:05 -------- d-----w- C:\.soulsplit2 2013-07-24 23:58 . 2013-07-24 23:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-23 22:25 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll 2013-07-22 23:18 . 2013-07-22 23:18 -------- d-----w- c:\users\Jhon\AppData\Roaming\Malwarebytes 2013-07-22 23:17 . 2013-07-22 23:17 -------- d-----w- c:\programdata\Malwarebytes 2013-07-22 23:17 . 2013-07-22 23:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-22 23:17 . 2013-04-05 02:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-22 23:17 . 2013-07-22 23:17 -------- d-----w- c:\users\Jhon\AppData\Local\Programs 2013-07-08 00:00 . 2013-07-08 00:00 -------- d-----w- c:\users\Jhon\validuscache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-24 23:56 . 2012-05-26 15:04 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-24 23:56 . 2010-07-19 23:59 789416 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2006-04-09 232912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-08-28 09:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] 2011-09-10 14:28 2338656 ----a-w- c:\program files\AVG\AVG10\avgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2009-11-19 00:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2011-08-01 23:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2013-07-26 02:12 218440 ------w- c:\program files\AVG Secure Search\vprot.exe . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-05 701512] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 22416] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-15 3583592] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-04-29 11232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-01 1343400] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-24 35560] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-05 418376] S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2013-07-26 246600] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-05 22856] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3737616515-2033285701-3433021707-1000Core.job - c:\users\Jhon\AppData\Local\Google\Update\GoogleUpdate.exe [2006-01-12 06:54] . 2013-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3737616515-2033285701-3433021707-1000UA.job - c:\users\Jhon\AppData\Local\Google\Update\GoogleUpdate.exe [2006-01-12 06:54] . . ------- Supplementary Scan ------- . IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Trusted Zone: adobe.com\www Trusted Zone: facebook.com\www TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll SafeBoot-01684263.sys SafeBoot-12887236.sys SafeBoot-72862528.sys MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-Logitech Vid - c:\program files\Logitech\Vid HD\Vid.exe MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\Logitech WebCam Software\LWS.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe AddRemove-Logitech Vid - c:\program files\Logitech\Vid HD\uninst.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariDownload" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (S-1-5-21-3737616515-2033285701-3433021707-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (S-1-5-21-3737616515-2033285701-3433021707-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariExtension" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (S-1-5-21-3737616515-2033285701-3433021707-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (S-1-5-21-3737616515-2033285701-3433021707-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (S-1-5-21-3737616515-2033285701-3433021707-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3737616515-2033285701-3433021707-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-25 14:44:37 ComboFix-quarantined-files.txt 2013-07-26 02:44 . Pre-Run: 113,297,268,736 bytes free Post-Run: 113,370,013,696 bytes free . - - End Of File - - BD7C9B3E66A27E5EA2BB39ECA5F27400 A36C5E4F47E84449FF07ED3517B43A31
  7. Thank you again. TDSSKiller.2.8.18.0_25.07.2013_12.31.54_log.txtTDSSKiller.2.8.18.0_25.07.2013_12.21.38_log.txtTDSSKiller.2.8.18.0_25.07.2013_12.12.49_log.txt
  8. I read as you had stated above, leave all of the /device/harddisk0/dr0 as skip, however I just wanted to confirm whether to skip/cure. Clearing up the above post.
  9. Thank you again MrC, It came up with an entry I'm not sure about, however it says its high risk: Rootkit.Boot.Pihar \Device\Harddisk0\DR0 It shows 2 of the \Device\Harddisk0\DR0, one of them as shown above and the other as the TDSS File System. Do I still leave it as skip? Im confused as whether to leave all of them as skip or certain ones as Copy to Quarantine.
  10. Sorry for the double but it also won't allow me to update windows if that helps.
  11. Thank you for the fast response. I downloaded RK and moved it to my desktop. However, when I ran as administrator, RK just disappeared. It wasn't in the recycle bin or anywhere. I re-downloaded it, but now it says I don't have permission to move it to the desktop, which has never happened before.
  12. Just to clear things up, this is different from my laptop and the post HERE. Ok, lets move on. So this PC has been giving me problems since my little sister has been using it. I haven't really used the computer till recently, it's been gathering dust because of the headaches its been giving me. I found out about malwarebytes, and ran the scanner, and got rid of a lot of malware I didn't know about. Thankfully I hadn't used this computer for anything security wise/personal. These are what MB cleared off my computer, be warned, its not for the faint of heart: However, now it is saying that it is blocking: 95.211.194.79 Type: outgoing Port: 59372 Process: svchost.exe And it is saying this a lot. I'm thinking there is still remnants of an infection here and I was wondering if anyone could help me clean this computer. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.17006 BrowserJavaVersion: 10.25.2Run by Jhon at 10:08:43 on 2013-07-25.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exeC:\Windows\system32\conhost.exeC:\Windows\system32\sppsvc.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\AVG Secure Search\vprot.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\SearchIndexer.exeC:\Users\Jhon\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Users\Jhon\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Jhon\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Jhon\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Jhon\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Jhon\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Jhon\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k WerSvcGroup.============== Pseudo HJT Report ===============.uSearch Bar = PreserveuURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [Google Update] "c:\users\jhon\appdata\local\google\update\GoogleUpdate.exe" /cmRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activexuPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{D5923959-5239-43FB-906C-D776B33DDD90} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{E21997EF-0D24-4E8F-B488-64A90FE16DEF} : DHCPNameServer = 192.168.1.1Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dllSSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============..=============== File Associations ===============..vbe: <filetype is not registered>FileExt: .vbs: VBSFile - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [userChoice] [default=openas].=============== Created Last 30 ================.2013-07-25 03:06:50 -------- d-sh--w- C:\$RECYCLE.BIN2013-07-25 03:04:48 -------- d-s---w- C:\ComboFix2013-07-25 01:01:46 -------- d-----w- c:\users\jhon\Buried614_Cache2013-07-25 00:22:23 -------- d-----w- c:\users\jhon\.soulsplit22013-07-25 00:01:27 -------- d-----w- C:\.soulsplit22013-07-24 23:58:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-07-23 22:25:36 768512 ----a-w- c:\windows\system32\localspl.dll2013-07-23 03:16:27 98816 ----a-w- c:\windows\sed.exe2013-07-23 03:16:27 256000 ----a-w- c:\windows\PEV.exe2013-07-23 03:16:27 208896 ----a-w- c:\windows\MBR.exe2013-07-22 23:18:43 -------- d-----w- c:\users\jhon\appdata\roaming\Malwarebytes2013-07-22 23:17:38 -------- d-----w- c:\programdata\Malwarebytes2013-07-22 23:17:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-07-22 23:17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-07-22 23:17:26 -------- d-----w- c:\users\jhon\appdata\local\Programs2013-07-08 00:00:08 -------- d-----w- c:\users\jhon\validuscache.==================== Find3M ====================.2013-07-24 23:56:58 867240 ----a-w- c:\windows\system32\npDeployJava1.dll2013-07-24 23:56:58 789416 ----a-w- c:\windows\system32\deployJava1.dll2013-06-01 10:40:11 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys.=================== ROOTKIT ====================.Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 6.1.7600 Disk: WDC_WD16 rev.10.0 -> Harddisk0\DR0 -> .device: opened successfullyuser: MBR read successfully.Disk trace:called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8689B4B1]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x868a293c]; MOV EAX, [0x868a2ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }1 ntkrnlpa!IofCallDriver[0x82C49458] -> \Device\Harddisk0\DR0[0x8651C888]3 CLASSPNP[0x837D759E] -> ntkrnlpa!IofCallDriver[0x82C49458] -> [0x859DFF08]5 ACPI[0x833B33B2] -> ntkrnlpa!IofCallDriver[0x82C49458] -> \00000079[0x859DF9D0]\Driver\nvstor[0x8686FCE8] -> IRP_MJ_CREATE -> 0x8689B4B1kernel: MBR read successfully_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }detected disk devices:\Device\00000079 -> \??\SCSI#Disk&Ven_WDC_WD16&Prod_00JS-08NCB1#4&2a9db3b6&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not founddetected hooks:user & kernel MBR OK Warning: possible TDL3 rootkit infection !.============= FINISH: 10:13:39.85 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01)..==== Disk Partitions =========================..==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.32 Bit HP CIO Components InstallerAdobe Download AssistantAdobe Download ManagerAdobe Flash Player 10 ActiveXAdobe Reader 9.5.2Adobe Shockwave Player 11.5Apple Mobile Device SupportApple Software UpdateATI Catalyst Install ManagerAVG 2011AVG 2012AVG Security ToolbarBonjourBufferChmCCleanerCompatibility Pack for the 2007 Office systemCopyDestinationsDeviceDiscoveryDJ_AIO_06_F4500_SW_MINF4500Google ChromeGoogle Talk PluginGPBaseService2HP Customer Participation Program 14.0HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6HP Imaging Device Functions 14.0HP Smart Web Printing 4.60HP Solution Center 14.0HP UpdateHPPhotoGadgetHPProductAssistantHPSSupplyHyperCamJava 7 Update 25Java Auto UpdaterJava DB 10.5.3.0Java SE Development Kit 7 Update 25JavaFX 2.1.1JavaFX 2.1.1 SDKLogitech Vid HDLogitech Webcam Software Driver PackageMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Multi-Targeting PackMicrosoft Application Error ReportingMicrosoft Help Viewer 1.0Microsoft IntelliPoint 8.2Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Word Viewer 2003Microsoft SQL Server Compact 3.5 SP2 ENUMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MSVCRT RedistsMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NetworkOGA Notifier 2.0.0048.0ScanSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Shop for HP SuppliesSkype™ 5.1SmartWebPrintingSolutionCenterStatusToolboxTrayAppUpdate for Microsoft .NET Framework 4 Client Profile (KB2473228)WebRegWindows Media Player Firefox PluginWinRAR archiver.==== End Of File ===========================
  13. This is a different computer however I will look at the thread you have recommended. Thanks again!
  14. 95.211.194.79 Type: outgoing Port: 59372 Process: svchost.exe It keep's showing this up every 5 seconds. Should I be concerned? P.S: I also recently had MB clear a Trojan/Rootkit recently, which have been on my computer for a long time without my knowledge, however they were for some toolbar that got downloaded to my computer. So could it have anything to do with that? My computer is running fine with the a blue screen once in a while, which I know is bad, however It just dumps physical memory or something like that and starts up again, working perfectly fine. Should I do something?
  15. Alright, doing that right now thanks. Well it was recommended to me by a friend, they said it worked really nice for them. Other than the problem I just started having, ccleaner has helped with clearing some unwanted files, deleted program shortcuts, etc... I will check to see if it was a coincidence thanks for the info! Will update as soon as I'm done with both suggestions.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.