Jump to content

tree_fu_go

Honorary Members
  • Posts

    165
  • Joined

  • Last visited

Everything posted by tree_fu_go

  1. I don't have Battlefield 3, but I do have another EA game so I know how Origin and that work. I cannot help you with your problem, but I can provide you with useful links that may help. You should look at the EA Help Center for battlefield 3: https://help.ea.com/...d/battlefield-3 (^This is where I went first when I had trouble with an EA game) If you don't find anything there you could try having a look here: http://answers.ea.co.../215092#U215092 And here: http://answers.ea.co.../286004#U286004 If none of that helps you could ask a question about your problem here: http://answers.ea.co...p/battlefield-3 But you mentioned using "recommended things on how to improve PC speed". What was this? Where did you get it(them) from? Was it an ad? Here are a few questions you should answer to help describe the problem to either EA or here: Has Battlefield 3 ever worked properly before? What else do you remember doing when this problem happened? Does battlefield 3 start up at all? Are there any error codes? Do you have Origin? If you are sure that this is a problem with your Battlefield 3 and nothing else on your computer (e.g those "recommended things on how to improve PC speed") you should contact EA customer support Live Chat. Go here: https://help.ea.com/...t=battlefield-3 And enter your Product, Category then Platform. Near the bottom of the page should be a box saying: Choose A contact Method: Live Chat 'Begin a Live Chat session with an EA Advisor Your approximate wait time is under XX minutes.' ^^^ This is what I did when my Darkspore wouldn't work, before I did the live chat though, I searched around google to see if their customer support was good or not. Many people say that its crap so I was worried I was going to waste my time. But the few people that said that posted their live chat logs and they were a bit rude to the EA Advisor which is probably why. I was nice to them and they helped me fix my problem. But you may have a virus if you clicked on an advertisement that suggested using something to speed your PC up. These are scams. Most likely they will cause more problems than when you started with. Try downloading Malwarebytes and do a quick scan: http://www.malwareby...warebytes_free/ I should detect and remove most malware and It shouldn't interfere with any antivirus you may have. If you have a serious infection then you could have a look here: http://forums.malwar...?showtopic=9573 I hope I have helped and good luck with fixing your problem!
  2. I was researching and found a firefox add-on called Noscript. Long story short, everyone seems to know it so yeah. What are your honest thoughts and opinions on it? Im thinking of downloading it but I always try to research about stuff I download first. I've seen many good reviews but many say is hard to configure and a bit advanced or something along those lines.. Does it or has it ever done anything malicious to your computer on purpose? Will it make browsing difficult?? thanks btw sorry if I posted this in the wrong spot. EDIT: Nevermind, I decided to just download it. Sorry for wasting a topic.... :\
  3. Just letting you know, when I woke the computer up to delete CF_UNINSTL.exe it said: Internet Explorer has stopped working, Restarting Windows Explorer. Then my desktop flashed. Should I be worried about this? I just woke it up and did nothing else.
  4. Okay I ran OTL, uninstalled adwcleaner and deleted MBAR, roguekiller and security check. Can I delete CF_UNINSTL.exe? Thank you so much for helping!! I really appreciate it!! So was there actually anything on the computer or......... did.... I just.... waste your time.........?
  5. When I tried to run it it popped up immediately: Done! But after I clicked OK it came up with this: Program compatibility Assistant This program might not have installed correctly If this program didn't install correctly, try reinstalling using settings that are compatible with this version of Windows. Program: Unknown Program Publisher: Unknown Publisher Location: C:\Users\michelle\Desktop\CF_UNINST.exe My options are: Reinstall using recommended settings This Program installed correctly Cancel What settings are applied? What do I do??? Edit: I didn't feel comfortable with leaving it like that with avast turned off so I clicked cancel. I hope that didn't wreck anything... Now that I think about it maybe I should've left it... Now Im thinking about it all... Why didn't I think to disable avast while uninstalling combofix originally!! .....I've probably created a bigger problem now... Why didn't I think!!!!! Im so sorry!!!
  6. Sorry, I want to make sure and not do another mistake again. Firefox asks me to save the file, not run it, so do I just save the file then click on it to run it? If so do I Run as administrator? Sorry and thanks!
  7. Crap! I don't know if I was supposed to disable avast while uninstalling combofix but it blocked 2 actions while uninstalling!!! After i saw, while combofix was still uninstalling, i tried to quickly disable the shields. I'll type what they but I cant guarantee they'll be 100% the same because I hate writing registry! But I also attached pictures of them. Action blocked avast! Behavior Shield has blocked an action. No further action is required. Program: C:\Users\michelle\Desktop\Combofix.exe Action: Deny Target: \REGISTRY\USER\S-1-5-21-1973585710-1515046713-2421341157-1001\Software\Microsoft\Command Processor And Action blocked avast! Behavior Shield has blocked an action. No further action is required. Program: C:\32788R22FWJFW\pev.3XE Action: Deny Target: \REGISTRY\MACHINE\SOFTWARE\Classes|exefile\shell\open\command It still said Combofix was uninstalled but... Please tell me I haven't wrecked anything!!
  8. Okay, looks like I did it right. I posted it just in case: Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 15 Java version out of Date! Adobe Flash Player 11.6.602.168 Adobe Reader XI Mozilla Firefox (19.0) Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` So now I got to delete all the other stuff. btw thanks for helping me check the computer!! EDIT: Okay thats weird now its like really slow using firefox, maybe its just malwarebytes forum. Is it slow for you? It keeps loading and loading butt never stops when I click to load a page sometimes! EDIT2: Yeah its really slow, I checked task manager and for a second avast was using 16 CPU, so I checked the shields and it the files system shield kept scanning stuff. It was scanning stuff in the c:\Windows\Installer folder, they were around 5 characters long with random numbers and letters..I don't know if thats normal or not but I tried using malwarebytes forum on my other computer ands it slow on the forum aswell. It took awhile to get to edit this post!Im going to do a quick scan with malwarebytes and avast then ill do the cleanup. EDIT3: It could be my internet because I was on a different site with a differant computer and it was loading loading loading... btw avast scan is not done yet.. also sorry I keep re-editing the post over and over, I hope it doesn't keep sending you annoying email notifications...
  9. Its weird, it IS set to auto install and auto update. Okay I think I updated it right, can i run security check again to make sure I did it right or...?
  10. Sorry, Do I need to uninstall my flash player and re install a new one or just open the program and check for updates?
  11. Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 15 Java version out of Date! Adobe Flash Player 11.5.502.135 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (19.0) Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` Weird how the java's out of date since i uninstalled the old one and reinstalled the new one, unless theres a new update available or something.. Also, whats UAC? (Im guessing User Account Control).. What is ti and do I need to enable it> if so how?
  12. # AdwCleaner v2.112 - Logfile created 02/24/2013 at 01:07:39 # Updated 10/02/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : michelle - MICHELLE-PC # Boot Mode : Normal # Running from : C:\Users\michelle\Desktop\adwcleaner0.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v19.0 (en-US) File : C:\Users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\pb73dy6u.default\prefs.js [OK] File is clean. -\\ Google Chrome v24.0.1312.57 File : C:\Users\michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [862 octets] - [24/02/2013 01:07:39] ########## EOF - C:\AdwCleaner[R1].txt - [921 octets] ##########
  13. No all I see in C:\Quoobox\Quarantine is a folder called: C A folder called: Registry_Backups And 2 text documents called: catch_me I even searched DeQuarantine_log.txt in windows explorer and it didn't find anything. Well, as longs as that last combofix fun didn't wreck the computer I guess its ok.
  14. I did, i double checked!! I still have it saved, I opened it and it has the right name in it!! There is a log in C:\Qoobox called: CFScript_used_2013-02-23_23.43.48 But all it is is that script you got me to save. It has the right name so I'm not sure what i did wrong: I opened notepad, copied and pasted that script, I made sure to change the xxx's. I saved it to dekstop, then I disabled avast and dragged the cfscript.txt onto combofix from the dekstop. but I dont think its that important now.EDIT: I only changed the xxxx's, was I suppose to change the whole file?
  15. Um not sure, Only the one I posted popped up, I had a look and couldn't find dequarantine_log.txt... Did I do something wrong??
  16. Okay I did the dequarantine thing, hope i did it right because I had a look through the log and I couldnt find that file in there: ComboFix 13-02-23.01 - michelle 23/02/2013 23:44:12.5.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6072.4215 [GMT 8:00] Running from: c:\users\michelle\Desktop\ComboFix.exe Command switches used :: c:\users\michelle\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-01-23 to 2013-02-23 ))))))))))))))))))))))))))))))) . . 2013-02-23 15:50 . 2013-02-23 15:50 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-02-23 15:50 . 2013-02-23 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-22 15:42 . 2013-02-22 15:42 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-02-21 18:45 . 2013-02-21 18:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-02-21 18:44 . 2013-02-21 18:44 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-21 18:44 . 2013-02-21 18:44 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-21 15:49 . 2013-02-21 15:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-21 18:44 . 2010-09-07 02:21 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-13 07:33 . 2011-03-27 07:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2013-01-13 07:33 . 2011-05-06 00:51 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2013-01-11 06:19 . 2011-04-25 10:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2013-01-11 06:19 . 2011-03-27 07:13 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-12-16 17:11 . 2012-12-21 20:10 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 20:10 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 20:10 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 20:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 08:49 . 2013-01-09 14:23 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 10:00 . 2011-11-29 03:06 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 13:55 . 2012-04-01 06:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 13:55 . 2011-12-19 21:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 13:55 . 2012-12-12 13:55 16363960 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-25 1255736] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-09-14 353384] R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192] R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-22 822192] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-09-02 482384] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-05-08 80384] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2011-04-25 53760] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-08-31 6656] S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2009-08-31 26624] S3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys [2009-08-31 68096] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-06 291328] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-06-11 1110560] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 02750089 *NewlyCreated* - 13685351 *Deregistered* - 02750089 *Deregistered* - 13685351 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-01 18:46 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:55] . 2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 21:21] . 2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 21:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-10 10103840] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-10 896032] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com.au/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\pb73dy6u.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1973585710-1515046713-2421341157-1001\Software\SecuROM\License information*] "datasecu"=hex:25,15,87,64,f1,b8,dd,5e,91,be,63,db,b0,bb,53,e4,46,c4,74,6e,5e, 2a,37,dc,1c,a2,5d,47,5e,30,73,42,0e,3e,71,8d,cb,8c,a9,79,1e,4d,1c,d2,b0,56,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-23 23:52:25 ComboFix-quarantined-files.txt 2013-02-23 15:52 ComboFix2.txt 2013-02-22 17:21 . Pre-Run: 639,215,890,432 bytes free Post-Run: 639,223,734,272 bytes free . - - End Of File - - 15EFC89530FCDAEC9A5EDD1EA632BA86
  17. lol thats what ive been reading which is why I started asking that.. But it looks like resource monitor shows most of that stuff tcpview does. It shows PID, local address, local port, remote address, remote port, packet loss (%) and latency. The only thing it looks like it doesn't show is Protocol and State. Well, nevermind then Just wanted to see if it was a hacker maybe.. But you would've seen a trojan on one of those logs right?? Anyway, I will de-quarantine that file after avast has done its scheduled scan... Which can take 1-3 hours..........
  18. In resource monitor under Network, under TCP Connections there are connections that are just: Normally that have a name but there are a few that are just this sign: - My other computer doesn't do this. I could take a screenshot, but will it give away network information that could be used to hack me or something?
  19. Okay yeah I will do that soon, just a question, what are all these - TCP connections in resource monitor. Their image is: -Their PID is: - What does this mean?
  20. The xxxxxx.doc thing. It has a name in it which is why I x'd it out..But, Im not 100% sure if she needs it but I think so. It would'nt of been infected right?
  21. I updated the post a little late, I already found it. See it again.
  22. This one? Because I didnt see combofix-quarantined-files.txt where else do I look? Nevermind I found it: 2013-02-22 17:20:07 . 2013-02-22 17:20:07 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-00TCrdMain.reg.dat 2013-02-22 17:20:07 . 2013-02-22 17:20:07 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-HDMICtrlMan.reg.dat 2013-02-22 17:20:07 . 2013-02-22 17:20:07 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-HSON.reg.dat 2013-02-22 17:20:07 . 2013-02-22 17:20:07 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat 2013-02-22 17:20:07 . 2013-02-22 17:20:07 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TosReelTimeMonitor.reg.dat 2013-02-22 17:19:57 . 2013-02-22 17:19:57 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-02750089.sys.reg.dat 2013-02-22 17:19:48 . 2013-02-22 17:19:48 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat 2013-02-22 17:07:24 . 2013-02-22 17:07:24 6,892 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2013-02-22 17:01:31 . 2013-02-22 17:01:31 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2012-09-10 04:52:56 . 2012-09-10 04:52:56 145 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Roaming\Microsoft\Windows\Recent\xxxxxxxxxxxxx.doc.url.vir 2012-04-03 11:18:12 . 2012-04-03 11:18:12 154,759 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CE02F8E8-7ABA-4937-BC10-A2559F32535D}.xps.vir 2012-04-03 11:17:12 . 2012-04-03 11:17:12 154,777 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E773A8A2-D3CA-4817-A86F-0863974810DD}.xps.vir 2012-03-31 09:08:27 . 2012-03-31 09:08:27 159,380 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{827839EF-D7DB-4C34-9E48-F828439F344D}.xps.vir 2012-03-17 03:35:21 . 2012-03-17 03:35:21 67,030 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0228EB75-2B65-4A9C-A91E-87EB67763250}.xps.vir 2012-01-13 08:09:16 . 2012-01-13 08:09:16 281,173 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35F9C242-3F20-4395-A0A1-DD7439AAF30E}.xps.vir 2012-01-13 08:06:30 . 2012-01-13 08:06:30 281,202 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{646786F5-2241-4B87-912C-74B3DFFCAB48}.xps.vir 2012-01-13 07:55:58 . 2012-01-13 07:56:00 281,180 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{85AD52CD-CA25-4675-94E5-1E44F5842236}.xps.vir 2012-01-11 18:59:32 . 2012-01-11 18:59:32 137,290 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F80CD8F7-CB65-4A18-AC01-92DAEF54AC35}.xps.vir 2012-01-11 18:59:05 . 2012-01-11 18:59:05 137,290 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5DF293B8-0361-41D9-AB5B-F452AAA5F811}.xps.vir 2012-01-09 12:47:20 . 2012-01-09 12:47:20 159,934 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3343A7D0-129D-4EBF-9995-6123EDBB9B43}.xps.vir 2012-01-05 19:18:36 . 2012-01-05 19:18:36 41,634 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{689C4334-4EC2-40FE-AD86-0A4A74048F63}.xps.vir 2012-01-05 19:18:04 . 2012-01-05 19:18:04 337,860 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{04580C5C-AADE-4156-8B3E-60D96EBD5619}.xps.vir 2012-01-05 19:17:43 . 2012-01-05 19:17:43 41,634 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9FA47A3D-E656-48F8-867A-4B55E55A34BD}.xps.vir 2012-01-05 19:17:14 . 2012-01-05 19:17:14 41,634 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{94700790-5E4C-4CD4-BC7D-0DD3C8255AF0}.xps.vir 2012-01-05 16:57:56 . 2012-01-05 16:57:56 276,743 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8CE6CE51-006D-4899-8430-289206404199}.xps.vir 2012-01-05 12:42:40 . 2012-01-05 12:42:40 45,565 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7DA095F7-2B00-451B-BF85-A16FB62E061E}.xps.vir 2012-01-05 12:41:46 . 2012-01-05 12:41:46 45,565 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{655B3F82-CD38-4D66-B0B1-8330206C2A99}.xps.vir 2012-01-05 12:41:19 . 2012-01-05 12:41:19 45,565 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{22C3F479-CBB6-402A-9850-A5D34CF045B6}.xps.vir 2012-01-05 12:40:37 . 2012-01-05 12:40:37 56,198 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB2C67A1-5EA5-4B02-AE74-EC6A1495DCC6}.xps.vir 2012-01-03 16:10:40 . 2012-01-03 16:10:40 287,858 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{48217826-70E0-48B2-9BAF-208B964705A3}.xps.vir 2012-01-01 13:01:01 . 2012-01-01 13:01:01 110,254 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{238D25C0-0807-4E06-A875-12E143F5C37B}.xps.vir 2012-01-01 12:53:59 . 2012-01-01 12:53:59 110,254 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9FDBC374-528B-44A9-A585-66502E4C8FB0}.xps.vir 2012-01-01 12:50:00 . 2012-01-01 12:50:00 110,254 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{39F6315C-87FC-40E9-B414-5B46BB985BA1}.xps.vir 2012-01-01 12:49:24 . 2012-01-01 12:49:24 110,254 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{97170214-BAF2-4A2D-A71F-07210E3CE3B9}.xps.vir 2011-12-07 06:33:50 . 2011-12-07 06:33:50 230,064 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AC23C443-8F78-4131-8A7A-49D34023AC2F}.xps.vir 2011-12-07 05:41:20 . 2011-12-07 05:41:20 230,061 ----a-w- C:\Qoobox\Quarantine\C\Users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F53C8705-2C1A-4A24-AE95-09B867BF9F62}.xps.vir
  23. Combofix is running, (Im using a differant computer to post) Its done its 50 stages, its deleting some temporary internet files, but it hasnt done anything since. its been 5 minutes. Ill give it some more time. It looks like i can scroll down the list but Im not sure if I should... I tried moving the mouse the tiniest tiniest bit and it didn't move, im not sure if its just it stalling because combofix probably uses alot of resources or something or if the computer actually froze. The little thing on the blue box is still flashing so im guessing not. EDIT: Okay its creating log report now. But taking a little while... Ill post it when its done.. EDIT2: Okay its done: (Note: the Xxxxxxxxxxxxxxxxxxxxxxxxxxx.doc.url file I blanked out, its not really called that) ComboFix 13-02-22.01 - michelle 23/02/2013 1:03.4.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6072.4669 [GMT 8:00] Running from: c:\users\michelle\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0228EB75-2B65-4A9C-A91E-87EB67763250}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{04580C5C-AADE-4156-8B3E-60D96EBD5619}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{22C3F479-CBB6-402A-9850-A5D34CF045B6}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{238D25C0-0807-4E06-A875-12E143F5C37B}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3343A7D0-129D-4EBF-9995-6123EDBB9B43}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35F9C242-3F20-4395-A0A1-DD7439AAF30E}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{39F6315C-87FC-40E9-B414-5B46BB985BA1}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{48217826-70E0-48B2-9BAF-208B964705A3}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5DF293B8-0361-41D9-AB5B-F452AAA5F811}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{646786F5-2241-4B87-912C-74B3DFFCAB48}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{655B3F82-CD38-4D66-B0B1-8330206C2A99}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{689C4334-4EC2-40FE-AD86-0A4A74048F63}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7DA095F7-2B00-451B-BF85-A16FB62E061E}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{827839EF-D7DB-4C34-9E48-F828439F344D}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{85AD52CD-CA25-4675-94E5-1E44F5842236}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8CE6CE51-006D-4899-8430-289206404199}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{94700790-5E4C-4CD4-BC7D-0DD3C8255AF0}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{97170214-BAF2-4A2D-A71F-07210E3CE3B9}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9FA47A3D-E656-48F8-867A-4B55E55A34BD}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9FDBC374-528B-44A9-A585-66502E4C8FB0}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AC23C443-8F78-4131-8A7A-49D34023AC2F}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CE02F8E8-7ABA-4937-BC10-A2559F32535D}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E773A8A2-D3CA-4817-A86F-0863974810DD}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F53C8705-2C1A-4A24-AE95-09B867BF9F62}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F80CD8F7-CB65-4A18-AC01-92DAEF54AC35}.xps c:\users\michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB2C67A1-5EA5-4B02-AE74-EC6A1495DCC6}.xps c:\users\michelle\AppData\Roaming\Microsoft\Windows\Recent\Xxxxxxxxxxxxxxxxxxxxxxxxxxx.doc.url . . ((((((((((((((((((((((((( Files Created from 2013-01-22 to 2013-02-22 ))))))))))))))))))))))))))))))) . . 2013-02-22 17:09 . 2013-02-22 17:09 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-02-22 17:09 . 2013-02-22 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-22 15:42 . 2013-02-22 15:42 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-02-22 15:42 . 2013-02-22 15:42 157000 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-02-21 18:45 . 2013-02-21 18:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-02-21 18:44 . 2013-02-21 18:44 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-21 18:44 . 2013-02-21 18:44 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-21 15:49 . 2013-02-21 15:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-21 18:44 . 2010-09-07 02:21 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-13 07:33 . 2011-03-27 07:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2013-01-13 07:33 . 2011-05-06 00:51 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2013-01-11 06:19 . 2011-04-25 10:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2013-01-11 06:19 . 2011-03-27 07:13 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-12-16 17:11 . 2012-12-21 20:10 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 20:10 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 20:10 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 20:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 08:49 . 2013-01-09 14:23 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 10:00 . 2011-11-29 03:06 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 13:55 . 2012-04-01 06:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 13:55 . 2011-12-19 21:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 13:55 . 2012-12-12 13:55 16363960 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-25 1255736] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-09-14 353384] R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192] R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-22 822192] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-09-02 482384] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-05-08 80384] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2011-04-25 53760] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-08-31 6656] S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2009-08-31 26624] S3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys [2009-08-31 68096] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-06 291328] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-06-11 1110560] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 02750089 *NewlyCreated* - 13685351 *Deregistered* - 02750089 *Deregistered* - 13685351 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-01 18:46 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:55] . 2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 21:21] . 2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 21:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-10 10103840] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-10 896032] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com.au/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\pb73dy6u.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-02750089.sys HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1973585710-1515046713-2421341157-1001\Software\SecuROM\License information*] "datasecu"=hex:25,15,87,64,f1,b8,dd,5e,91,be,63,db,b0,bb,53,e4,46,c4,74,6e,5e, 2a,37,dc,1c,a2,5d,47,5e,30,73,42,0e,3e,71,8d,cb,8c,a9,79,1e,4d,1c,d2,b0,56,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-23 01:21:08 ComboFix-quarantined-files.txt 2013-02-22 17:21 . Pre-Run: 637,484,216,320 bytes free Post-Run: 638,799,400,960 bytes free . - - End Of File - - 5FBF99D2213695ACC02C4CBE0DD3876F Also a file got deleted that my friend needs, can I recover it??
  24. Okay i hope i did everything right. It detected 1 suspicious item, i did skip. 1st log: 00:17:11.0925 5012 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 00:17:13.0204 5012 ============================================================ 00:17:13.0204 5012 Current date / time: 2013/02/23 00:17:13.0204 00:17:13.0204 5012 SystemInfo: 00:17:13.0204 5012 00:17:13.0204 5012 OS Version: 6.1.7601 ServicePack: 1.0 00:17:13.0204 5012 Product type: Workstation 00:17:13.0204 5012 ComputerName: MICHELLE-PC 00:17:13.0204 5012 UserName: michelle 00:17:13.0204 5012 Windows directory: C:\Windows 00:17:13.0204 5012 System windows directory: C:\Windows 00:17:13.0204 5012 Running under WOW64 00:17:13.0204 5012 Processor architecture: Intel x64 00:17:13.0204 5012 Number of processors: 8 00:17:13.0204 5012 Page size: 0x1000 00:17:13.0204 5012 Boot type: Normal boot 00:17:13.0204 5012 ============================================================ 00:17:13.0750 5012 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:17:13.0750 5012 ============================================================ 00:17:13.0750 5012 \Device\Harddisk0\DR0: 00:17:13.0750 5012 MBR partitions: 00:17:13.0750 5012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x55CAE000 00:17:13.0750 5012 ============================================================ 00:17:13.0813 5012 C: <-> \Device\Harddisk0\DR0\Partition1 00:17:13.0813 5012 ============================================================ 00:17:13.0813 5012 Initialize success 00:17:13.0813 5012 ============================================================ 00:19:10.0938 5760 Deinitialize success 2nd log: Too long, attached it. I hope thats right. I also noticed above the 2 tdss killer logs a file called: bootsqm.dat, not sure if this is related to tdss killer or not just thought id say anyway. btw when I tried logging in to the forum it said this: forums.malwarebytes.org Driver Error There appears to be an error with the database. If you are seeing this page, it means there was a problem communicating with our database. Sometimes this error is temporary and will go away when you refresh the page. Sometimes the error will need to be fixed by an administrator before the site will become accessible again. You can try to refresh the page by clicking here But it worked after another try. EDIT: forgot to attach it whoops TDSSKiller.2.8.16.0_23.02.2013_00.22.11_log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.