Jump to content

Uriah

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Nikilet, please provide proof from a widely known and legit source of any anti Malware and anti virus program that provides 100% protection as you seem to want from MBAM. I've never heard of thundercloud.net and cloudlight info ave until you promoted them and I'm sure that about everyone else here had had no knowledge of them either. Is that your site? We have to wonder if all this from you was just a attempt to promote yourself and that site.
  2. exile360, in the knowledgebase article, the linked to spycar site is no longer active, it states the domain has expired.
  3. All right, thank you for the quick reply.
  4. MBAM Pro blocked this. The log.... 2013/04/17 11:45:55 -0400 TF-PC TF IP-BLOCK 65.254.250.103 (Type: outgoing, Port: 49691, Process: avp.exe) Info on the address.....http://whois.domaintools.com/65.254.250.103 Also this site claims that avp.exe is mostly connected with Kaspersky, http://www.avpexe.com/ , I have Kaspersky Internet Security 2013. I also have Kaspersky on the MBAM Pro ignore list.
  5. After the CometBird browser crashed a few times on me, I uninstalled it. So hopefully if geek uninstaller removed everything in regards to it, there will be no more troubles in regards to it.
  6. Here's the protection log..... 2013/03/17 16:50:56 -0400 TF-PC TF IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49307, Process: cometbird.exe) http://whois.domaintools.com/208.91.197.101 http://ip.robtex.com/208.91.197.101.html It's out of the Virgin Islands and domain tools states that over 300,000 websites use this ip address.
  7. Just started using CometBird browser today and after using it for several minutes, Malwarebytes Pro gave notice that it blocked it from calling out because it could possibly be malicious. So is CometBird a safe browser to use or not? http://www.cometbird.com/ Softpedia claims it is clean. http://www.softpedia.com/get/Internet/Browsers/CometBird.shtml
  8. Thank You, Maurice. The cmd method worked in removing combofix and I ran OTC for whatever else and deleted Dr. Web and Stinger. I also reinstalled Secunia PSI after uninstalling it before I reinstalled Windows a week or so ago in attempt to get rid of any malware I had. I'm skeptical about WOT because a lot of the ratings are based on someones biases or on people just giving a site a bad rating just to do it. I've learned my lesson and will never download and install any torrents again. Thanks again for your help and time, Maurice.
  9. Maurice, the reports...... McAfee® Labs Stinger Version 10.2.0.936 built on Jan 1 2013 Copyright © 2012 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on Jan 1 2013. Ready to scan for 6091 viruses, trojans and variants. Scan initiated on Tue Jan 01 22:45:04 2013 Rootkit scan result : Not Scanned Master Boot Record(s):....1 Possibly Infected:.............0 Boot Sector(s):.................1 Possibly Infected: ............0 Number of clean files: 13996 ____________________________________ With Dr Web CureIt, I couldn't find any option to save a report. However the scan results were as follows. Express Scan--- 22034 objects scanned---0 Threats Found Custom Scan---22086 objects scanned---0 Threats Found ________________________________________________________________________ In my attempt to copy and paste the JRT report it got dumped but it did say it deleted 7 or 8 items. As of right now since I ran Combofix earlier I have not had Malwarebytes give a notification that it blocked a call out to that IP address and everything in the system seems to be working good. Thank You for all your help and time, Maurice.
  10. Maurice, did everything as you instructed this time and as of right now I haven't gotten any notification from MB it has blocked the call out to that IP address. Here's the Combofix report. ComboFix 13-01-01.02 - AF 01/01/2013 13:33:18.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6133.4530 [GMT -5:00] Running from: c:\users\AF\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\AF\AppData\Roaming\Microsoft\Windows\Recent\Your Software Deals.url . . ((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 ))))))))))))))))))))))))))))))) . . 2013-01-01 18:36 . 2013-01-01 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-31 05:47 . 2013-01-01 18:17 -------- d-----w- c:\programdata\Sophos 2012-12-29 06:32 . 2010-01-11 00:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2012-12-29 06:32 . 2010-01-11 00:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-12-29 06:32 . 2012-12-30 20:22 -------- d-----w- c:\program files (x86)\SpywareBlaster 2012-12-23 22:03 . 2012-12-23 22:03 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2012-12-23 22:03 . 2012-12-23 22:03 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-12-23 22:03 . 2012-12-23 22:03 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2012-12-23 22:03 . 2012-12-23 22:03 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-12-23 22:03 . 2012-12-23 22:03 -------- d-----w- c:\program files (x86)\OpenAL 2012-12-23 02:08 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL 2012-12-21 22:29 . 2012-12-21 22:29 -------- d-----w- c:\program files (x86)\RarmaRadio 2012-12-21 14:20 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 14:20 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 14:20 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 14:20 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 10:31 . 2012-12-17 20:59 -------- d-----w- c:\windows\Panther 2012-12-18 10:30 . 2012-12-18 10:30 -------- d-----w- c:\windows\system32\oem 2012-12-18 05:21 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-12-18 05:21 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-12-18 05:21 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-12-18 05:21 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-12-18 05:13 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-12-18 05:13 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2012-12-18 05:13 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2012-12-18 05:13 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-12-18 05:13 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2012-12-18 05:13 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2012-12-18 05:13 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-12-18 05:13 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-12-18 05:13 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-12-18 05:10 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-12-18 05:10 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-12-18 05:10 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-12-18 05:09 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-12-18 05:09 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-12-18 04:15 . 2012-12-18 04:15 -------- d-----w- c:\programdata\QFX Software 2012-12-18 04:15 . 2012-12-18 04:15 -------- d-----w- c:\program files (x86)\KeyScrambler 2012-12-18 04:15 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys 2012-12-17 20:39 . 2012-12-17 20:39 -------- d-----w- c:\program files\Sandboxie 2012-12-17 20:36 . 2012-12-17 20:36 -------- d-----w- c:\program files (x86)\PrivaZer 2012-12-17 20:33 . 2012-12-17 20:33 -------- d-----w- c:\program files (x86)\ClipboardHistory 2012-12-17 19:52 . 2012-12-17 19:52 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-12-17 18:33 . 2012-12-17 18:33 -------- d-----w- c:\windows\system32\SPReview 2012-12-17 18:33 . 2012-12-17 18:33 -------- d-----w- c:\windows\system32\EventProviders 2012-12-17 18:27 . 2010-11-20 13:26 3391488 ----a-w- c:\windows\system32\dbgeng.dll 2012-12-17 18:26 . 2010-11-20 13:27 372736 ----a-w- c:\windows\system32\mtxclu.dll 2012-12-17 18:25 . 2010-11-20 13:27 68096 ----a-w- c:\windows\system32\vfwwdm32.dll 2012-12-17 18:24 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2012-12-17 17:51 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-12-17 17:51 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-12-17 17:51 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-12-17 17:33 . 2012-12-17 17:33 -------- d-----w- c:\program files (x86)\MSECache 2012-12-17 17:23 . 2012-12-17 17:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-17 17:23 . 2012-12-17 17:23 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-17 17:23 . 2012-12-17 17:23 -------- d-----w- c:\windows\SysWow64\Macromed 2012-12-17 17:23 . 2012-12-17 17:23 -------- d-----w- c:\windows\system32\Macromed 2012-12-17 17:23 . 2012-12-17 17:23 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-12-17 17:22 . 2012-12-17 17:22 -------- d-----w- c:\program files (x86)\SumatraPDF 2012-12-17 17:16 . 2012-12-17 18:36 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-12-17 10:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-17 10:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-17 10:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-12-17 10:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-17 10:07 . 2012-11-28 20:58 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-17 09:55 . 2012-12-17 09:55 -------- d-----w- c:\windows\SysWow64\Wat 2012-12-17 09:55 . 2012-12-17 09:55 -------- d-----w- c:\windows\system32\Wat 2012-12-17 09:23 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-17 09:23 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-17 09:23 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-17 09:23 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-17 09:23 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-17 09:23 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-17 09:23 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-17 09:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-12-17 09:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-12-17 09:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-12-17 09:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-12-17 09:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-12-17 08:48 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2012-12-17 08:48 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2012-12-17 08:48 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe 2012-12-17 08:48 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe 2012-12-17 08:48 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-17 08:48 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-17 08:48 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll 2012-12-17 08:48 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll 2012-12-17 08:48 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2012-12-17 08:48 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll 2012-12-17 08:48 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2012-12-17 08:48 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2012-12-17 08:45 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-12-17 08:45 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-12-17 08:45 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-12-17 08:45 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-12-17 08:45 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-12-17 08:45 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2012-12-17 08:44 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll 2012-12-17 08:44 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-12-17 08:44 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-12-17 08:44 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2012-12-17 08:44 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2012-12-17 08:44 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-17 08:41 . 2012-12-17 08:41 -------- d-----w- c:\programdata\Malwarebytes 2012-12-17 08:41 . 2012-12-28 18:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-17 08:41 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-17 08:41 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-17 08:41 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-12-17 08:41 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-12-17 08:39 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2012-12-17 08:38 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-17 08:37 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-12-17 08:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-12-17 08:37 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-12-17 08:37 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-12-17 08:37 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-12-17 08:37 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-12-17 08:37 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-12-17 08:37 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-12-17 08:37 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-12-17 08:37 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-12-17 08:36 . 2013-01-01 18:26 -------- d-sh--w- c:\windows\Installer 2012-12-17 08:36 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr 2012-12-17 08:36 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-12-17 08:36 . 2012-12-17 08:36 -------- d-----w- c:\programdata\AVAST Software . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-17 18:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-12-17 18:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-10-28 21:09 . 2012-10-28 21:09 38624 ----a-w- c:\windows\system32\drivers\tap0901.sys 2012-10-16 08:38 . 2012-12-17 08:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-12-17 08:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-12-17 08:34 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-04 16:40 . 2012-12-17 08:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ClipboardHistory"="c:\program files (x86)\ClipboardHistory\ClipboardHistory.exe" [2012-08-05 512392] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-17 1255736] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 222904] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . Contents of the 'Scheduled Tasks' folder . 2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-17 17:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: {{40354A83-504E-4611-ACAE-3D137F6F595E} - {40354A83-504E-4611-ACAE-3D137F6F595E} - c:\users\AF\AppData\Roaming\Dashlane\bin\Dashlanei.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\AF\AppData\Roaming\Mozilla\Firefox\Profiles\ozz1k4lr.default\ FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS FF - ExtSQL: 2012-11-29 11:15; {442718d9-475e-452a-b3e1-fb1ee16b8e9f}; c:\users\AF\AppData\Roaming\Dashlane\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} FF - ExtSQL: 2012-12-17 03:06; firefox@ghostery.com; c:\users\AF\AppData\Roaming\Mozilla\Firefox\Profiles\ozz1k4lr.default\extensions\firefox@ghostery.com FF - ExtSQL: 2012-12-17 03:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\AF\AppData\Roaming\Mozilla\Firefox\Profiles\ozz1k4lr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-12-17 03:09; adblockpopups@jessehakanen.net; c:\users\AF\AppData\Roaming\Mozilla\Firefox\Profiles\ozz1k4lr.default\extensions\adblockpopups@jessehakanen.net.xpi FF - ExtSQL: 2012-12-17 03:11; tiletabs@DW-dev; c:\users\AF\AppData\Roaming\Mozilla\Firefox\Profiles\ozz1k4lr.default\extensions\tiletabs@DW-dev.xpi FF - ExtSQL: 2012-12-17 03:47; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2012-12-17 23:15; keyscrambler@qfx.software.corporation; c:\users\AF\AppData\Roaming\Mozilla\Firefox\Profiles\ozz1k4lr.default\extensions\keyscrambler@qfx.software.corporation FF - ExtSQL: 2012-12-19 13:23; {1018e4d6-728f-4b20-ad56-37578a4de76b}; c:\users\AF\AppData\Roaming\Mozilla\Firefox\Profiles\ozz1k4lr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} . - - - - ORPHANS REMOVED - - - - . SafeBoot-66711353.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-01 13:38:07 ComboFix-quarantined-files.txt 2013-01-01 18:38 . Pre-Run: 584,443,187,200 bytes free Post-Run: 584,084,561,920 bytes free . - - End Of File - - C4C901EEBF4A3814A62C83F5F26F5DB8
  11. Sorry Maurice, I overlooked your warning to not click any fix buttons in Roque Killer and thus did click them after it ran.
  12. Maurice, I have gotten one notification that Malwarebytes blocked the call out to that IP address since my last post. I can't copy the report from tdsskiller but it showed that it scanned 1225 objects and found 0 threats. Yesterday I ran Sophos virus removal tool and it claimed adwCleaner was malware. Today I ran Comodo Cleaning Essentials along with the autoruns in it and it found nothing and autoruns said everything was safe. The follow reports......... # AdwCleaner v2.104 - Logfile created 12/30/2012 at 19:47:55 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : # Boot Mode : Normal # Running from : C:\Users\\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\ozz1k4lr.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [784 octets] - [30/12/2012 15:11:25] AdwCleaner[R2].txt - [841 octets] - [30/12/2012 15:14:50] AdwCleaner[R3].txt - [900 octets] - [30/12/2012 15:17:08] AdwCleaner[R4].txt - [1018 octets] - [30/12/2012 19:45:17] AdwCleaner[R5].txt - [1079 octets] - [30/12/2012 19:46:28] AdwCleaner[s1].txt - [959 octets] - [30/12/2012 15:17:36] AdwCleaner[s2].txt - [1011 octets] - [30/12/2012 19:47:55] ########## EOF - C:\AdwCleaner[s2].txt - [1071 octets] ########## Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.31.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 [administrator] Protection: Enabled 12/31/2012 4:03:41 PM mbam-log-2012-12-31 (16-03-41).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 289675 Time elapsed: 18 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Roquekiller found two items, but there was no option to delete them. RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : [Admin rights] Mode : Scan -- Date : 12/31/2012 15:22:01 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 ATA Device +++++ --- User --- [MBR] 7f8231df87a5c382b5ffd188d3cf627e [bSP] 7567ed5fdfee1369e7103943ecdf6210 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12312012_02d1522.txt >> RKreport[1]_S_12312012_02d1522.txt
  13. Hi Maurice and thank you for your help. I ran Kaspersky TDSS Killer and it found nothing and then I ran AdwCleaner and the search result as far as I could tell didn't show anything but I proceeded with the delete process and as of right now Malwarebytes Pro has not shown a notification pop up that it has blocked my computer from calling out to that IP address.
  14. I need to stop my computer from calling out to IP 195.226.218.205 which is in Latvia. Here are the attached filesfrom DDS. attach.zip dds.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.