Jump to content

tree_fu_go

Honorary Members
  • Posts

    165
  • Joined

  • Last visited

Everything posted by tree_fu_go

  1. Just making sure before i do it, I have a couple of questions: 1.Do I need to disable avast first? 2.Do I need to run it as administrator? Thanks and sorry for being annoying.
  2. Okay when I tried running mbar, avast! behavior shield blocked it: Program: C:\Users\michelle\Desktop\mbar-1.01.0.1020\mbar\mbar.exe Action: Deny Target: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\mbamchameleon Could be because I set the heuristic sensitivity high for the shields.. and mbar said: Could not load DDA driver. DDA Driver was not installed which may be caused by rootkit activity. Do you want to reboot the computer to install DDA driver (Scan will continue after reboot)? Sorry, I may have missed something, was I supposed to turn off avast?Do I do yes to restart or no?
  3. I tried disabling Windows Defender like you said 2 windows popped up trying this: This program is turned off, if you are using another program that checks fro hamrful or unwanted software, use the Action Center to check that programs status. If you would like to use this program, click here to turn it on. And: Operation aborted (Error Code: 0x80004004) Is that normal? Okay I will download mbar now.
  4. Thanks for a reply!Okay I ran the scan: RogueKiller V8.5.1 _x64_ [Feb 21 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : michelle [Admin rights] Mode : Scan -- Date : 02/22/2013 22:43:04 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++ --- User --- [MBR] 45f2c5a2661d89b5f41418038f50ee56 [bSP] b7970fcac872dc62b02fb5ea5107fd9f : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 702812 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1442433024 | Size: 11091 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : > RKreport[1]_S_02222013_02d2243.txt btw what do you mean peer 2 peer software? Is there one on this system? If so what and where? Because I really dont think the owner of this computer would have that.Also, that bad process could be just notepad, I had it opened and forgot to close it before the scan. It closed it for me though.. Just letting you know
  5. This is my friends laptop, long story short, she isnt very good with computer security. I want to check theres nothing on her computer, though I am no computer expert myself but I do have a little more knowledge than she does. I know theres got to be some kind of virus, malware, spyware or something on it judging by her internet habits. (eg not updating java flash etc) And she does banking and stuff on it so I want it to be clean for her. Although there hasn't been any actual signs of infection (Aa far as I know), is it possible to have, like a 'checkup'? Y'know, do what you nomally do if someone might be infected? Because I'm certain there has to be something on here. The laptop has Windows 7 64-bit, Avast free and Malwarebytes free and they both do not detect anything in scans. I have noticed though, in task manager there are 2 explorer.exe. But strangley one dissapeared after I typed this... But one was using more K then the other and both were running under my user name. Thats all I can remember... sorry. Not sure if this is normal or not. Also there are 2 mcorsvw.exe and 2 nvvsvc.exe running on task manager. Also ctfmon.exe and conhost.exe come and go in thetask manager, I dont rememebr these ever being there. ALSO it was very slow at startup. After entering password took around 1 min until it got to the desktop. Then maybe 1-3 min to load everything else like desktop items etc. but that could be because i did an avast boot time scan.. not sure. Also in Resource Monitor, on Network, there are some TCP Connections that are just - Image: - PID: - Local Address: xxx.xxx.xxx (they were numbers i cant just remember) etc I have no idea what this means or if I should post the full things of it if it can be used to hack me or something i dont know. dds logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by michelle at 6:24:55 on 2013-02-22 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6072.4354 [GMT 8:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\svchost.exe -k imgsvc C:\windows\system32\ThpSrv.exe C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\System32\ThpSrv.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.au/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 10.0.0.138 TCP: Interfaces\{29CF25C7-69A9-4E90-BEDA-04B0826B25EC} : DHCPNameServer = 10.0.0.138 TCP: Interfaces\{29CF25C7-69A9-4E90-BEDA-04B0826B25EC}\44168747562746574656723702E4564777F627B6 : DHCPNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [ThpSrv] C:\Windows\System32\thpsrv /logon x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [HDMICtrlMan] C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\pb73dy6u.default\ FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\michelle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll . ============= SERVICES / DRIVERS =============== . R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-30 34880] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-30 14784] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2011-3-26 482384] R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-11-28 21136] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-11-29 984144] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-11-29 370288] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-11-29 25232] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-29 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-13 44808] R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-29 249200] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-11 46448] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-3-26 14112] R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-3-26 60416] R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2011-3-26 80384] R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-4-26 53760] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-20 14472] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-26 2320920] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-26 56344] R3 hidshim;Service for HID-KMDF Shim layer;C:\Windows\System32\drivers\hidshim.sys [2009-9-1 6656] R3 nuvotonhidcir;Nuvoton HID CIR Receiver;C:\Windows\System32\drivers\nuvotonhidcir.sys [2009-9-1 26624] R3 nuvotonir;Nuvoton CIR Transceiver;C:\Windows\System32\drivers\nuvotonir.sys [2009-9-1 68096] R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-3-26 35008] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-26 291328] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-3-26 1110560] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-6 137560] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-26 13336] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-26 1255736] S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-9-14 353384] S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-29 267192] S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-23 822192] . =============== Created Last 30 ================ . 2013-02-21 18:44:55 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-02-21 18:44:31 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-15 22:04:52 208448 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll . ==================== Find3M ==================== . 2013-02-21 18:44:12 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 08:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-12 13:55:45 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 13:55:45 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-12 13:55:32 16363960 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe . ============= FINISH: 6:26:08.12 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 25/03/2011 4:06:33 PM System Uptime: 22/02/2013 3:47:41 AM (3 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz | rPGA988A Socket | 919/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 686 GiB total, 593.569 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP448: 8/02/2013 3:00:14 AM - Windows Update RP449: 9/02/2013 6:23:33 AM - Windows Update RP450: 10/02/2013 4:28:59 AM - Windows Update RP451: 11/02/2013 7:00:38 AM - Windows Update RP452: 12/02/2013 9:19:10 AM - Windows Update RP453: 13/02/2013 3:03:53 AM - Windows Update RP454: 14/02/2013 10:03:27 AM - Windows Update RP455: 15/02/2013 3:00:12 AM - Windows Update RP456: 16/02/2013 3:00:11 AM - Windows Update RP457: 17/02/2013 3:09:39 AM - Windows Update RP458: 18/02/2013 4:42:14 AM - Windows Update RP459: 19/02/2013 4:45:54 AM - Windows Update RP460: 20/02/2013 3:00:16 AM - Windows Update RP461: 21/02/2013 3:04:09 AM - Windows Update RP462: 21/02/2013 9:42:24 PM - Removed Java™ 6 Update 20 RP463: 21/02/2013 9:49:58 PM - Removed Facebook Video Calling 1.2.0.287 RP464: 21/02/2013 10:30:25 PM - Removed Adobe Reader 9.5.2. RP465: 22/02/2013 2:43:44 AM - Installed Java 7 Update 15 RP466: 22/02/2013 3:00:11 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) Amazon Kindle For PC v1.1 Apple Application Support Apple Mobile Device Support Apple Software Update avast! Free Antivirus Barbie as The Island Princess BigPond Broadband ADSL Bluetooth Stack for Windows by Toshiba Bonjour BookSmart® 3.3.1 3.3.1 Canon MP Navigator 3.0 Canon MP160 Corel WinDVD Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Direct DiscRecorder Disneys Digital Coloring Book Featuring Toy Story 2 DVD MovieFactory for TOSHIBA e-tax 2011 e-tax 2012 EA Download Manager Fashion Toolbox Unregistered Trial Version GIMP 2.8.2 Google Chrome Google Toolbar for Internet Explorer Google Update Helper HDMI Control Manager Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology iTunes Java 7 Update 15 Java Auto Updater JumpStart Explorers JumpStart Spanish Junk Mail filter update LEGO Digital Designer Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 19.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nuvoton CIR Device Drivers NVIDIA 3D Vision Driver 260.64 NVIDIA Control Panel 260.64 NVIDIA Drivers NVIDIA Graphics Driver 260.64 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.10.0224 NVIDIA Stereoscopic 3D Driver Origin PlayReady PC Runtime amd64 QuickTime Realtek Ethernet Controller Driver For Windows Vista and Later Realtek High Definition Audio Driver Realtek WLAN Driver RICOH R5U230 Media Driver ver.2.09.03.01 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition SpongeBob SquarePants Employee of the Month SPORE™ Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA Bulletin Board TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA HDD Protection TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA PC Health Monitor TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Remote Control Manager TOSHIBA Sleep Utility TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Value Added Package TOSHIBA VIDEO PLAYER TOSHIBA Web Camera Application Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101) Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006) Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer Zoo Animals . ==== Event Viewer Messages From Past Week ======== . 22/02/2013 6:01:08 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 22/02/2013 5:51:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 22/02/2013 5:50:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect. 22/02/2013 5:50:56 AM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 22/02/2013 12:53:11 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied. 19/02/2013 10:42:21 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied. 19/02/2013 10:42:21 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied. 17/02/2013 3:11:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 7 for x64-based Systems (KB2676562). . ==== End Of File =========================== Thanks and sorry if its a stupid question... Since theres no sign of infection yet, this can be a low priority topic, come here to help me AFTER your done with your jobs, you know. btw I think thats a record for saying 'Also' the most in one post
  6. Im reaaally sorry if im posting this in the wrong place but I had a little question before I post a topic in the Malware Removal - HijackThis Logs forum. Is it possible to have a 'checkup'? theres no actual signs of infection (as far as I know) but judging by the person that uses this computer (not updating flash, java etc using internet explorer, always reading .pdf files with an outdated version of adobe reader etc) im guessing theres got to be something bad on it and they use it for banking and stuff and I want them to be safe. Sorry if this is a stupid question or a waste of your time... I know your busy and this probably isnt important.. Thanks anyway.
  7. sorry, forgot!! thanks fro helping me check my computer and bearing with me!!

  8. Thanks alot for helping!! But I just have a little question, its not important and I know its a bit off topic but its kinda little for starting a topic about it (Well, at least in my opinion) and I've made a few topics already.. (I know I'm annoying, admit it) It appears windows defender is enabled on my computer (I didn't know that), it says realtime protection is on. I also use avast free antivirus and that has realtime protection. I haven't seen any conflicts or anything yet but I was wondering, is it bad having both on at the same time?? Thanks again!!
  9. Okay, deleted all the programs scans thingys and ran OTL and did cleanup. The internet is still there but I dont think thats a problem. So thats it?
  10. Okay I deleted the other stuff, just wanna know if MBAR has some uninstaller or do I just have to delete the folder or something? I clicked on properties for The Internet and it looks like internet explorer, it has settings like, home page, delete history, cookies etc. Just weird that I don't remember it being there before.. Oh well. EDIT:I'm so sorry for double posting!! It said 'saving post...' when I tried to post it and it wasn't doing anything so I tried posting it again not realizing it DID post it!! Sorry!!
  11. Okay I deleted the other stuff, just wanna know if MBAR has some uninstaller or do I just have to delete the folder or something? I clicked on properties for The Internet and it looks like internet explorer, it has settings like, home page, delete history, cookies etc. Just weird that I don't remember it being there before.. Oh well.
  12. Here it is: The one that says 'The Internet'. Is that Internet Explorer?? Because I seriously don't remember it there yesterday, or when I first turned on the computer today, I only noticed it after I done the Security Check scan.... (Yes, I haven't uninstalled all the scanners and stuff yet, only combofix.)Should I try uninstalling Security Check to see if it disappears? btw on your other post, what does this mean?:
  13. Did that, the The Internet icon is still there, I can post a screen shot if you need.
  14. Thankyou very much! So there wasn't any virus/malware/anything bad in the first place? But what I said before about the new thing in my desktop "The Internet" btw thanks again!
  15. Hey um I just noticed, after running Security Check, that there's something on my desktop right next to Security Check called: The Internet. The icon looks like the Internet Explorer picture but very very slightly different. I really don't remember that being there. Is that normal??EDIT:BTW sorry for not editing my last post, I only JUST saw that I'm now an honorary member and can edit posts!!
  16. Here we go: Results of screen317's Security Check version 0.99.57 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 29 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! Mozilla Thunderbird (3.1.7) Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````
  17. Okay here it is: # AdwCleaner v2.110 - Logfile created 02/04/2013 at 09:48:21 # Updated 03/02/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : User - USER-PC # Boot Mode : Normal # Running from : C:\Users\User\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKLM\Software\TENCENT ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v12.0 (en-US) -\\ Google Chrome v [unable to get version] ************************* AdwCleaner[R1].txt - [640 octets] - [04/02/2013 09:48:21] ########## EOF - C:\AdwCleaner[R1].txt - [699 octets] ##########
  18. Okay, Combofix worked this time! After the scan was done firefox told me its not my default browser, I don't remember it doing that before. Nothing serious, just is that normal to happen after a combofix scan? Anyway, heres the log: ComboFix 13-02-03.03 - User 04/02/2013 8:59.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3582.2707 [GMT 8:00] Running from: c:\users\User\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2013-01-04 to 2013-02-04 ))))))))))))))))))))))))))))))) . . 2013-02-04 01:04 . 2013-02-04 01:04 -------- d-----w- c:\users\User\AppData\Local\temp 2013-02-04 01:04 . 2013-02-04 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-31 12:31 . 2013-01-31 12:31 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes 2013-01-31 12:31 . 2013-01-31 12:31 -------- d-----w- c:\programdata\Malwarebytes 2013-01-31 12:31 . 2013-01-31 12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-31 12:31 . 2012-12-14 08:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-23 06:35 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-01-23 06:35 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-01-23 06:35 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-01-23 06:35 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2013-01-23 06:35 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-01-23 06:35 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-01-23 06:35 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-01-23 06:35 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-01-23 06:35 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-01-23 06:35 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-01-23 06:35 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-01-23 06:33 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-01-23 06:33 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2013-01-23 05:43 . 2013-01-23 05:43 -------- d-----w- c:\programdata\ATI 2013-01-23 05:43 . 2013-01-23 05:43 -------- d-----w- c:\program files\AMD APP 2013-01-23 05:36 . 2013-01-23 05:36 -------- d-----w- C:\AMD 2013-01-23 05:02 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll 2013-01-23 05:02 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2013-01-23 05:02 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys 2013-01-23 05:02 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll 2013-01-23 05:02 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2013-01-23 05:02 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2013-01-23 05:02 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-23 04:44 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2013-01-23 04:44 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2013-01-23 04:44 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2013-01-23 04:44 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2013-01-23 04:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2013-01-23 04:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2013-01-23 04:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2013-01-23 04:44 . 2012-06-02 07:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2013-01-23 04:44 . 2012-06-02 07:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2013-01-23 04:43 . 2013-01-14 18:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92AB7671-5A35-424B-89A4-03E52D3293A4}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-23 05:39 . 2012-06-06 07:01 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-23 05:39 . 2011-12-02 09:31 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-19 20:50 . 2012-12-19 20:50 5630200 ----a-w- c:\windows\system32\atiumdag.dll 2012-12-19 20:47 . 2012-12-19 20:47 9647104 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-12-19 20:22 . 2012-12-19 20:22 58880 ----a-w- c:\windows\system32\coinst_9.012.dll 2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\system32\aticalrt.dll 2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\system32\aticalcl.dll 2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\system32\aticaldd.dll 2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\system32\atioglxx.dll 2012-12-19 20:09 . 2012-12-19 20:09 960512 ----a-w- c:\windows\system32\aticfx32.dll 2012-12-19 20:06 . 2012-12-19 20:06 6681088 ----a-w- c:\windows\system32\atidxx32.dll 2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-12-19 19:56 . 2012-12-19 19:56 482304 ----a-w- c:\windows\system32\atieclxx.exe 2012-12-19 19:55 . 2012-12-19 19:55 219136 ----a-w- c:\windows\system32\atiesrxx.exe 2012-12-19 19:54 . 2012-12-19 19:54 163840 ----a-w- c:\windows\system32\atitmmxx.dll 2012-12-19 19:54 . 2012-12-19 19:54 20992 ----a-w- c:\windows\system32\atimuixx.dll 2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2012-12-19 19:44 . 2012-12-19 19:44 4162048 ----a-w- c:\windows\system32\atiumdva.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\atimpc32.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\amdpcom32.dll 2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\system32\atiadlxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\system32\atigktxx.dll 2012-12-19 19:32 . 2012-12-19 19:32 442368 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-12-19 19:31 . 2012-12-19 19:31 109568 ----a-w- c:\windows\system32\atiuxpag.dll 2012-12-19 19:30 . 2011-04-19 17:21 83968 ----a-w- c:\windows\system32\atiu9pag.dll 2012-12-19 19:30 . 2011-04-19 17:21 37376 ----a-w- c:\windows\system32\atitmpxx.dll 2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-12-19 07:45 . 2012-12-19 07:45 180224 ----a-w- c:\windows\system32\clinfo.exe 2012-12-19 07:44 . 2012-12-19 07:44 65536 ----a-w- c:\windows\system32\OpenVideo.dll 2012-12-19 07:44 . 2012-12-19 07:44 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-12-19 07:38 . 2012-12-19 07:38 28732928 ----a-w- c:\windows\system32\amdocl.dll 2012-12-19 07:34 . 2012-12-19 07:34 50176 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-04 14:25 . 2012-05-04 14:25 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-25 7547424] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM] 2012-01-11 23:29 28201096 ----a-w- c:\program files\Origin\Origin.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 05:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3207166971-674977380-4252403477-1000] "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 02:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 05:39] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vf26uwhl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ FF - ExtSQL: !HIDDEN! 2011-12-02 16:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-04 09:04 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\users\User\AppData\Local\Temp\RarSFX1\kerneld.wnt" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3207166971-674977380-4252403477-1000\Software\SecuROM\License information*] "datasecu"=hex:9d,ca,7a,b1,f2,af,16,ae,59,51,40,d0,3a,fd,82,b5,2c,89,f6,f6,9a, 91,ce,e8,83,4e,df,11,bc,d8,28,f7,ef,56,7b,bb,e2,45,2b,82,f6,85,16,b9,98,8d,\ "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-02-04 09:06:14 ComboFix-quarantined-files.txt 2013-02-04 01:06 . Pre-Run: 325,302,837,248 bytes free Post-Run: 327,796,424,704 bytes free . - - End Of File - - F4564296E4ABB1C08663CDC6F6D2EC22
  19. Okay I'll try that tomorrow, already turned off the computer for the day. See ya..
  20. Um just then, I saw a couple of processes running in task manager that i don't remember seeing yesterday. They don't look like viruses themselves but i just thought i'd let you know: mpcmdrun.exe - Windows defender command line utility. I dont use Windows defender so I am not sure what this does... schtask.exe - Manages scheduled tasks. Also, one of the svchost.exe in task manager is using around 10 - 25 CPU and I'm not doing anything. When I click on Go to service(s), it shows me WinDefend. Again, I haven't touched windows defender, I'm not even sure if I have it enabled or not.. The Memory is 25,916 K and its running under SYSTEM. On the resource monitor, under Disk, it was showing up svchost with lots of files. i don't know how to explain it, it looked like this: Image: PID: File: Read (B/min) blah blah all that stuff svchost.exe (I forgot) C:\pagefile.sys (Page File) Don't remember anything else Except there was lots of svchost with lots of different files, C:\pagefile.sys (Page File) was the only file I remember.So I'm guessing either windows defender is doing a scan or something else...I don't know i just thought I should let you know in case you know what it means, it probably nothing but yeah..Also, thanks for helping me so far.Oh and by the way, so far, has any of the scans you've told me to do showed up any signs of a virus, malware, adware or anything yet? Just curious, because I wasn't exactly sure if I did have a virus when I started the topic...
  21. Try loading one of the download links AdvancedSetup posted with javascript off. I think most of the ads use javascript so it doesn't load most of them since its turned off. Thats what I did to download my MBAM on bleeping computer. If your using firefox, click on Options > Content > Enable javascript > No. Im not sure for any other web browser.
  22. Um I'm no PC expert, but I'm pretty sure you just need to download the normal MBAM then activate it with a code or something. I've never bought it before so I might be wrong. Did you download from the official website? http://www.malwarebytes.org/ Just try downloading the free version for now and do a scan with it. i guess. And try doing a full scan with avast. Remember I'm no expert so forgive me if I'm wrong.
  23. Do i just right click combofix and click Delete or do I have to uninstall it? On the tutorial on bleeping computer it says: I tried searching combofix \uninstall, (noting that there is a space between combofix and /uninstall) and No items match my search.
  24. Okay I tried to run ComboFix and it said this: NSIS Error Installer integrity check has failed. Common causes include incomplete download and damaged media. Contact the installer's author to optain a new copy. More information at: http://nsis.sf.net/NSIS_Error I saved it to the desktop, I disabled my anti-virus realtime protection. I closed all other windows. Did I do something wrong??
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.