tree_fu_go
-
Posts
165 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by tree_fu_go
-
-
Okay when I tried running mbar, avast! behavior shield blocked it:
Program: C:\Users\michelle\Desktop\mbar-1.01.0.1020\mbar\mbar.exe
Action: Deny
Target: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\mbamchameleon
Could be because I set the heuristic sensitivity high for the shields..
and mbar said:
Could not load DDA driver.
DDA Driver was not installed which may be caused by rootkit activity.
Do you want to reboot the computer to install DDA driver (Scan will continue after reboot)?
Sorry, I may have missed something, was I supposed to turn off avast?Do I do yes to restart or no?
-
I tried disabling Windows Defender like you said 2 windows popped up trying this:
This program is turned off, if you are using another program that checks fro hamrful or unwanted software, use the Action Center to check that programs status.
If you would like to use this program, click here to turn it on.
And:
Operation aborted (Error Code: 0x80004004)
Is that normal?
Okay I will download mbar now.
-
Thanks for a reply!Okay I ran the scan:
RogueKiller V8.5.1 _x64_ [Feb 21 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : michelle [Admin rights]
Mode : Scan -- Date : 02/22/2013 22:43:04
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++
--- User ---
[MBR] 45f2c5a2661d89b5f41418038f50ee56
[bSP] b7970fcac872dc62b02fb5ea5107fd9f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 702812 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1442433024 | Size: 11091 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : >
RKreport[1]_S_02222013_02d2243.txt
btw what do you mean peer 2 peer software? Is there one on this system? If so what and where? Because I really dont think the owner of this computer would have that.Also, that bad process could be just notepad, I had it opened and forgot to close it before the scan. It closed it for me though.. Just letting you know
-
This is my friends laptop, long story short, she isnt very good with computer security.
I want to check theres nothing on her computer, though I am no computer expert myself but I do have a little more knowledge than she does.
I know theres got to be some kind of virus, malware, spyware or something on it judging by her internet habits. (eg not updating java flash etc)
And she does banking and stuff on it so I want it to be clean for her.
Although there hasn't been any actual signs of infection (Aa far as I know), is it possible to have, like a 'checkup'?
Y'know, do what you nomally do if someone might be infected? Because I'm certain there has to be something on here.
The laptop has Windows 7 64-bit, Avast free and Malwarebytes free and they both do not detect anything in scans.
I have noticed though, in task manager there are 2 explorer.exe. But strangley one dissapeared after I typed this... But one was using more K then the other and both were running under my user name.
Thats all I can remember... sorry. Not sure if this is normal or not.
Also there are 2 mcorsvw.exe and 2 nvvsvc.exe running on task manager.
Also ctfmon.exe and conhost.exe come and go in thetask manager, I dont rememebr these ever being there.
ALSO it was very slow at startup. After entering password took around 1 min until it got to the desktop. Then maybe 1-3 min to load everything else like desktop items etc. but that could be because i did an avast boot time scan.. not sure.
Also in Resource Monitor, on Network, there are some TCP Connections that are just -
Image: - PID: - Local Address: xxx.xxx.xxx (they were numbers i cant just remember) etc I have no idea what this means or if I should post the full things of it if it can be used to hack me or something i dont know.
dds logs:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by michelle at 6:24:55 on 2013-02-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6072.4354 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{29CF25C7-69A9-4E90-BEDA-04B0826B25EC} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{29CF25C7-69A9-4E90-BEDA-04B0826B25EC}\44168747562746574656723702E4564777F627B6 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [ThpSrv] C:\Windows\System32\thpsrv /logon
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [HDMICtrlMan] C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\pb73dy6u.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\michelle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-30 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-30 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2011-3-26 482384]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-11-28 21136]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-11-29 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-11-29 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-11-29 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-29 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-13 44808]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-29 249200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-11 46448]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-3-26 14112]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-3-26 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2011-3-26 80384]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-4-26 53760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-26 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-26 56344]
R3 hidshim;Service for HID-KMDF Shim layer;C:\Windows\System32\drivers\hidshim.sys [2009-9-1 6656]
R3 nuvotonhidcir;Nuvoton HID CIR Receiver;C:\Windows\System32\drivers\nuvotonhidcir.sys [2009-9-1 26624]
R3 nuvotonir;Nuvoton CIR Transceiver;C:\Windows\System32\drivers\nuvotonir.sys [2009-9-1 68096]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-3-26 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-26 291328]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-3-26 1110560]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-6 137560]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-26 13336]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-26 1255736]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-9-14 353384]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-29 267192]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-23 822192]
.
=============== Created Last 30 ================
.
2013-02-21 18:44:55 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-21 18:44:31 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-15 22:04:52 208448 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-02-21 18:44:12 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 08:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-12 13:55:45 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 13:55:45 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-12 13:55:32 16363960 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
============= FINISH: 6:26:08.12 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25/03/2011 4:06:33 PM
System Uptime: 22/02/2013 3:47:41 AM (3 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz | rPGA988A Socket | 919/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 593.569 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP448: 8/02/2013 3:00:14 AM - Windows Update
RP449: 9/02/2013 6:23:33 AM - Windows Update
RP450: 10/02/2013 4:28:59 AM - Windows Update
RP451: 11/02/2013 7:00:38 AM - Windows Update
RP452: 12/02/2013 9:19:10 AM - Windows Update
RP453: 13/02/2013 3:03:53 AM - Windows Update
RP454: 14/02/2013 10:03:27 AM - Windows Update
RP455: 15/02/2013 3:00:12 AM - Windows Update
RP456: 16/02/2013 3:00:11 AM - Windows Update
RP457: 17/02/2013 3:09:39 AM - Windows Update
RP458: 18/02/2013 4:42:14 AM - Windows Update
RP459: 19/02/2013 4:45:54 AM - Windows Update
RP460: 20/02/2013 3:00:16 AM - Windows Update
RP461: 21/02/2013 3:04:09 AM - Windows Update
RP462: 21/02/2013 9:42:24 PM - Removed Java™ 6 Update 20
RP463: 21/02/2013 9:49:58 PM - Removed Facebook Video Calling 1.2.0.287
RP464: 21/02/2013 10:30:25 PM - Removed Adobe Reader 9.5.2.
RP465: 22/02/2013 2:43:44 AM - Installed Java 7 Update 15
RP466: 22/02/2013 3:00:11 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Amazon Kindle For PC v1.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Barbie as The Island Princess
BigPond Broadband ADSL
Bluetooth Stack for Windows by Toshiba
Bonjour
BookSmart® 3.3.1 3.3.1
Canon MP Navigator 3.0
Canon MP160
Corel WinDVD
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Direct DiscRecorder
Disneys Digital Coloring Book Featuring Toy Story 2
DVD MovieFactory for TOSHIBA
e-tax 2011
e-tax 2012
EA Download Manager
Fashion Toolbox Unregistered Trial Version
GIMP 2.8.2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDMI Control Manager
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
iTunes
Java 7 Update 15
Java Auto Updater
JumpStart Explorers
JumpStart Spanish
Junk Mail filter update
LEGO Digital Designer
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nuvoton CIR Device Drivers
NVIDIA 3D Vision Driver 260.64
NVIDIA Control Panel 260.64
NVIDIA Drivers
NVIDIA Graphics Driver 260.64
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0224
NVIDIA Stereoscopic 3D Driver
Origin
PlayReady PC Runtime amd64
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek WLAN Driver
RICOH R5U230 Media Driver ver.2.09.03.01
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SpongeBob SquarePants Employee of the Month
SPORE™
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Remote Control Manager
TOSHIBA Sleep Utility
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101)
Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)
Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zoo Animals
.
==== Event Viewer Messages From Past Week ========
.
22/02/2013 6:01:08 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
22/02/2013 5:51:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
22/02/2013 5:50:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
22/02/2013 5:50:56 AM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/02/2013 12:53:11 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied.
19/02/2013 10:42:21 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
19/02/2013 10:42:21 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
17/02/2013 3:11:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 7 for x64-based Systems (KB2676562).
.
==== End Of File ===========================
Thanks and sorry if its a stupid question... Since theres no sign of infection yet, this can be a low priority topic, come here to help me AFTER your done with your jobs, you know.
btw I think thats a record for saying 'Also' the most in one post
-
Im reaaally sorry if im posting this in the wrong place but I had a little question before I post a topic in the Malware Removal - HijackThis Logs forum.
Is it possible to have a 'checkup'? theres no actual signs of infection (as far as I know) but judging by the person that uses this computer (not updating flash, java etc using internet explorer, always reading .pdf files with an outdated version of adobe reader etc) im guessing theres got to be something bad on it and they use it for banking and stuff and I want them to be safe.
Sorry if this is a stupid question or a waste of your time... I know your busy and this probably isnt important..
Thanks anyway.
-
Thanks alot for helping!!
But I just have a little question, its not important and I know its a bit off topic but its kinda little for starting a topic about it (Well, at least in my opinion) and I've made a few topics already.. (I know I'm annoying, admit it)
It appears windows defender is enabled on my computer (I didn't know that), it says realtime protection is on. I also use avast free antivirus and that has realtime protection. I haven't seen any conflicts or anything yet but I was wondering, is it bad having both on at the same time??
Thanks again!!
-
Thank you very much!!
-
Okay, deleted all the programs scans thingys and ran OTL and did cleanup.
The internet is still there but I dont think thats a problem.
So thats it?
-
Okay I deleted the other stuff, just wanna know if MBAR has some uninstaller or do I just have to delete the folder or something? I clicked on properties for The Internet and it looks like internet explorer, it has settings like, home page, delete history, cookies etc. Just weird that I don't remember it being there before.. Oh well.
EDIT:I'm so sorry for double posting!! It said 'saving post...' when I tried to post it and it wasn't doing anything so I tried posting it again not realizing it DID post it!! Sorry!!
-
Okay I deleted the other stuff, just wanna know if MBAR has some uninstaller or do I just have to delete the folder or something? I clicked on properties for The Internet and it looks like internet explorer, it has settings like, home page, delete history, cookies etc. Just weird that I don't remember it being there before.. Oh well.
-
Here it is:
The one that says 'The Internet'. Is that Internet Explorer?? Because I seriously don't remember it there yesterday, or when I first turned on the computer today, I only noticed it after I done the Security Check scan.... (Yes, I haven't uninstalled all the scanners and stuff yet, only combofix.)Should I try uninstalling Security Check to see if it disappears?
btw on your other post, what does this mean?:
ComboFix found some malware, it doesn't always so everything it does though. -
Did that, the The Internet icon is still there, I can post a screen shot if you need.
-
Thankyou very much! So there wasn't any virus/malware/anything bad in the first place?
But what I said before about the new thing in my desktop "The Internet"
btw thanks again!Hey um I just noticed, after running Security Check, that there's something on my desktop right next to Security Check called: The Internet. The icon looks like the Internet Explorer picture but very very slightly different. I really don't remember that being there. Is that normal?? -
Hey um I just noticed, after running Security Check, that there's something on my desktop right next to Security Check called: The Internet. The icon looks like the Internet Explorer picture but very very slightly different. I really don't remember that being there. Is that normal??EDIT:BTW sorry for not editing my last post, I only JUST saw that I'm now an honorary member and can edit posts!!
-
Here we go:
Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 6 Update 29
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Mozilla Thunderbird (3.1.7) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
-
Okay here it is:
# AdwCleaner v2.110 - Logfile created 02/04/2013 at 09:48:21
# Updated 03/02/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKLM\Software\TENCENT
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (en-US)
-\\ Google Chrome v [unable to get version]
*************************
AdwCleaner[R1].txt - [640 octets] - [04/02/2013 09:48:21]
########## EOF - C:\AdwCleaner[R1].txt - [699 octets] ##########
-
Okay, Combofix worked this time! After the scan was done firefox told me its not my default browser, I don't remember it doing that before. Nothing serious, just is that normal to happen after a combofix scan?
Anyway, heres the log:
ComboFix 13-02-03.03 - User 04/02/2013 8:59.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3582.2707 [GMT 8:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-04 to 2013-02-04 )))))))))))))))))))))))))))))))
.
.
2013-02-04 01:04 . 2013-02-04 01:04 -------- d-----w- c:\users\User\AppData\Local\temp
2013-02-04 01:04 . 2013-02-04 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-31 12:31 . 2013-01-31 12:31 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2013-01-31 12:31 . 2013-01-31 12:31 -------- d-----w- c:\programdata\Malwarebytes
2013-01-31 12:31 . 2013-01-31 12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-31 12:31 . 2012-12-14 08:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-23 06:35 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-23 06:35 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-23 06:35 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-23 06:35 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-01-23 06:35 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-23 06:35 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-23 06:35 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-23 06:35 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-23 06:35 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-23 06:35 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-23 06:35 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-23 06:33 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-23 06:33 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-01-23 05:43 . 2013-01-23 05:43 -------- d-----w- c:\programdata\ATI
2013-01-23 05:43 . 2013-01-23 05:43 -------- d-----w- c:\program files\AMD APP
2013-01-23 05:36 . 2013-01-23 05:36 -------- d-----w- C:\AMD
2013-01-23 05:02 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2013-01-23 05:02 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2013-01-23 05:02 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-23 05:02 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-01-23 05:02 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-01-23 05:02 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-01-23 05:02 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-23 04:44 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-23 04:44 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-01-23 04:44 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-23 04:44 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-23 04:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-01-23 04:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-01-23 04:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-23 04:44 . 2012-06-02 07:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-23 04:44 . 2012-06-02 07:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-23 04:43 . 2013-01-14 18:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92AB7671-5A35-424B-89A4-03E52D3293A4}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-23 05:39 . 2012-06-06 07:01 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-23 05:39 . 2011-12-02 09:31 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-19 20:50 . 2012-12-19 20:50 5630200 ----a-w- c:\windows\system32\atiumdag.dll
2012-12-19 20:47 . 2012-12-19 20:47 9647104 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:22 . 2012-12-19 20:22 58880 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\system32\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\system32\atioglxx.dll
2012-12-19 20:09 . 2012-12-19 20:09 960512 ----a-w- c:\windows\system32\aticfx32.dll
2012-12-19 20:06 . 2012-12-19 20:06 6681088 ----a-w- c:\windows\system32\atidxx32.dll
2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56 482304 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-19 19:55 . 2012-12-19 19:55 219136 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-12-19 19:54 . 2012-12-19 19:54 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-12-19 19:44 . 2012-12-19 19:44 4162048 ----a-w- c:\windows\system32\atiumdva.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32 442368 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2012-12-19 19:31 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-12-19 19:30 . 2011-04-19 17:21 83968 ----a-w- c:\windows\system32\atiu9pag.dll
2012-12-19 19:30 . 2011-04-19 17:21 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-19 07:45 . 2012-12-19 07:45 180224 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 07:44 . 2012-12-19 07:44 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2012-12-19 07:44 . 2012-12-19 07:44 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-12-19 07:38 . 2012-12-19 07:38 28732928 ----a-w- c:\windows\system32\amdocl.dll
2012-12-19 07:34 . 2012-12-19 07:34 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-04 14:25 . 2012-05-04 14:25 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-25 7547424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2012-01-11 23:29 28201096 ----a-w- c:\program files\Origin\Origin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 05:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3207166971-674977380-4252403477-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 02:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 05:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vf26uwhl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - ExtSQL: !HIDDEN! 2011-12-02 16:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-04 09:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\RarSFX1\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3207166971-674977380-4252403477-1000\Software\SecuROM\License information*]
"datasecu"=hex:9d,ca,7a,b1,f2,af,16,ae,59,51,40,d0,3a,fd,82,b5,2c,89,f6,f6,9a,
91,ce,e8,83,4e,df,11,bc,d8,28,f7,ef,56,7b,bb,e2,45,2b,82,f6,85,16,b9,98,8d,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-02-04 09:06:14
ComboFix-quarantined-files.txt 2013-02-04 01:06
.
Pre-Run: 325,302,837,248 bytes free
Post-Run: 327,796,424,704 bytes free
.
- - End Of File - - F4564296E4ABB1C08663CDC6F6D2EC22
-
Okay I'll try that tomorrow, already turned off the computer for the day. See ya..
-
Um just then, I saw a couple of processes running in task manager that i don't remember seeing yesterday.
They don't look like viruses themselves but i just thought i'd let you know:
mpcmdrun.exe - Windows defender command line utility. I dont use Windows defender so I am not sure what this does...
schtask.exe - Manages scheduled tasks.
Also, one of the svchost.exe in task manager is using around 10 - 25 CPU and I'm not doing anything.
When I click on Go to service(s), it shows me WinDefend. Again, I haven't touched windows defender, I'm not even sure if I have it enabled or not.. The Memory is 25,916 K and its running under SYSTEM.
On the resource monitor, under Disk, it was showing up svchost with lots of files.
i don't know how to explain it, it looked like this:
Image: PID: File: Read (B/min) blah blah all that stuff
svchost.exe (I forgot) C:\pagefile.sys (Page File) Don't remember anything else
Except there was lots of svchost with lots of different files, C:\pagefile.sys (Page File) was the only file I remember.So I'm guessing either windows defender is doing a scan or something else...I don't know i just thought I should let you know in case you know what it means, it probably nothing but yeah..Also, thanks for helping me so far.Oh and by the way, so far, has any of the scans you've told me to do showed up any signs of a virus, malware, adware or anything yet? Just curious, because I wasn't exactly sure if I did have a virus when I started the topic...
-
Try loading one of the download links AdvancedSetup posted with javascript off. I think most of the ads use javascript so it doesn't load most of them since its turned off. Thats what I did to download my MBAM on bleeping computer.
If your using firefox, click on Options > Content > Enable javascript > No.
Im not sure for any other web browser.
-
Um I'm no PC expert, but I'm pretty sure you just need to download the normal MBAM then activate it with a code or something. I've never bought it before so I might be wrong. Did you download from the official website? http://www.malwarebytes.org/
Just try downloading the free version for now and do a scan with it. i guess.
And try doing a full scan with avast.
Remember I'm no expert so forgive me if I'm wrong.
-
Do i just right click combofix and click Delete or do I have to uninstall it?
On the tutorial on bleeping computer it says:
To uninstall ComboFix from Windows Vista or Windows 7 please perform the following steps:
Click on the Start button () and then in the Search field enter
combofix /uninstall, as shown in the image below with the blue arrow.
Please note that there is a space between combofix and /uninstall.
I tried searching combofix \uninstall, (noting that there is a space between combofix and /uninstall) and No items match my search.
-
Okay I tried to run ComboFix and it said this:
NSIS Error
Installer integrity check has failed. Common causes include incomplete download and damaged media. Contact the installer's author to optain a new copy.
More information at:
I saved it to the desktop, I disabled my anti-virus realtime protection. I closed all other windows. Did I do something wrong??
-
Sorry... Just a few questions...
Do I need to disable the entire anti-virus/anti-malware program or just any real time protection?
Do I also need to disable my firewall?
Once the ComboFix scan is done, can I re-enable my anti-virus and anti-malware programs or do I need to delete it first?
Possible To Have A "Checkup"?
in Resolved Malware Removal Logs
Posted
Just making sure before i do it, I have a couple of questions:
1.Do I need to disable avast first?
2.Do I need to run it as administrator?
Thanks and sorry for being annoying.