Jump to content

one1nee

Honorary Members
  • Posts

    25
  • Joined

  • Last visited

Everything posted by one1nee

  1. dear Daniel, done. thank you for staying with me until now. and be patient with me. hopefully i wont experience any problem again (*praying*) thank you so much for all the advises n help =) have a great day =)
  2. sorry, i accidentally posted my comment. i mean should i still do the steps above (rename hosts, extract default hosts, etc). and how about the look.txt and look2.txt? should i keep it in my desktop? thank you
  3. hi daniel, sorry, i just able to logged in now. i have used my computer n internet for around 8 hours and the connection is fine (a bit slow, but i think its more because of my connection). so, should i still do the steps above? (
  4. Hi, daniel. thank you coz you are willing to give it a time to see if something happen again (hopefully not). I really appreciat it. but start from tommorrow morning until Friday (April 12th), i would in and out of the city, and might wont be able to check on my computer (or might be dead tired when i'm able to go back n forth in the same day). would you mind if this thread still open at least until this weekend, when i am already free and able to logged into internet and check my computer and not just to logged in for 1-2 hours? i really dont think that i can ask help from my sister, since she is worse than me in computer thing =( thank you.
  5. hi, i just checked with my internet provider and they said they can be read my IP adress now. and since last night, my sister can browse without the connection being cut (i just got back this morning). so should i still changed the Hosts file name and extract the one you gave me or not? i dont know what caused the IP cant be read and the connection unstable (eventho the modem said it was connected). the provider didnt know either. they just asked if i have made changes with my computer or if my modem has trouble lately (which is not). thank you.
  6. umm, it said this : "No restore point have been created on your computer's system drive. To create a restore point, open System Protection' what should i do next?
  7. yeah, i'm also confused. just now, i experienced the on-off connection 2 times in 10 minutes. like before, the network connection says it connected and no red 'x' in the icon as well. i just got cut off the connection and cant access internet. but this time, it come back after 5 minutes without me restarting the computer... (both time were after i just check the TCP properties, closed it without doing anything and then the connection was back), it just like the connection is unstable, but it isnt. the internet provider tech also confused that i can browse internet but they can access my IP address.. this never happen to me before. it just right after i installed all the softwares above, but most likely after i download MVPS Host Files. here's the result : Volume in drive C has no label. Volume Serial Number is B883-0057 Directory of C:\Windows\SYSTEM32\DRIVERS\ETC 04/04/2013 11:40 PM <DIR> . 04/04/2013 11:40 PM <DIR> .. 04/02/2013 01:56 PM 575,742 HOSTS 06/11/2009 04:39 AM 3,683 lmhosts.sam 06/11/2009 04:39 AM 407 networks 06/11/2009 04:39 AM 1,358 protocol 06/11/2009 04:39 AM 17,463 services 5 File(s) 598,653 bytes 2 Dir(s) 26,955,927,552 bytes free
  8. thank you for replying me. here's the result : [sC] QueryServiceConfig SUCCESS SERVICE_NAME: dnscache TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkService LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DNS Client DEPENDENCIES : Tdx : nsi SERVICE_START_NAME : NT AUTHORITY\NetworkService SERVICE_NAME: dnscache TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 Ps : for additional info, i contacted my Internet provider and even i'm able to browse to internet, they failed to detect my IP adress. and i might sound like a broken record, but thanks for helping.
  9. oh, sorry, before close this threat. may i know how to disable MVPS Hosts file? i dont know if this because of it or not, but after i download it, i experincing cut-off connection for several time. the internect access network is connected, but i cant connect to internet or the connection was cut. i have to turns off my computer but it happen again. i read the instruction hot to uninstall (http://winhelp2002.mvps.org/uninstall.htm). but i cant even found the HOSTS.MVP, so i cant rename it as it instructed. and i'm very confused with their explanation.. i have called my Internet provider and they said all was normal, but then they said they cant check my IP number. thats why i thought is it possible because of MVPS Host file? thx.
  10. hi, daniel i have download all softwares you mentioned. and i also have updated firefox to the latest version along with updated the add-ons. and i just ran Malwarebytes and no threats found. thank you so much for helping me and be very patient with me. i hope i will have clean n secure computer from now on. i cant thank you enough for stick with me. thank you again. regards, Maria =)
  11. i have uninstalled combofix and also done delfix. and i should installed Winpatrol, WOT, SpywareBlaster, MVPS Hosts File or just one of them?
  12. yes, i will after i finished with this process and decided to re-install it i'll check it. lucky i havent met VK vids i need to download and i can use keepvid to download videoweed. is there anything else that i need to do? is Trojan.Ransom and PUM.UserWLoad have completely removed from my system? i havent run Malwarebytes since last time you told me. i'm afraid i'll ruin the proccess if i do it... thank you.
  13. hi. the folder is back =) but there isnt C:\ComboFix.txt log. but the there is Combofix Folder now in drive C, and it contained folder named N -> C:\ComboFix\N_ it contain 1kb file (file name 29372). Qoobox now also have new additional folders: LastRun (have 1 kb file with name Gateway), Test and Test C (both are empty folders). it seems also added files in my Window folder (WindowsUpdate, setupact and PFRO which are Log files; and also bootstat). and oh ya, i just realised something. i have Orbitdownloader installed, which i use for download video from VK or Videoweed. just now i realise eventho the program is still there, i cant use it to download any videos. and the last time i was able to used it was March 24th. i dont know, but it seems i need to uninstalled n reinstalled it again? do you think this have connection with the process we did? thank you.
  14. oh, i found the folder. its in C:\Qoobox\Quarantine\C/x those files are in it. but when i tried to open one of the file using Adobe Reader (it asked for program to open and i choose Adobe Reader as i used to open the file with it), it cannot open. It said the Adobe cant open it coz the files either damaged or not supported, then in properties i saw that those files has file type VIR File (.vir) which is (when i googled) said it meant Virus Infected File.. gosh, did i just do something stupid again? *kick myself*
  15. unfortunately it isnt. from the logs it said : ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\x c:\x\6. PAPI (Perception and Preference Inventory ).ppt c:\x\alat tes.pptx c:\x\Coon_11.ppt c:\x\papi lbr jwban large.jpg c:\x\papi lbr jwban.jpg c:\x\PENAWARAN IBU RINI.xls c:\x\Penawaran Ibu Titiek Soeharto.xlsx c:\x\Personality_Ch8.doc c:\x\rochassesscrosscult.ppt c:\x\scorecard papi large.jpg c:\x\scorecard papi.jpg c:\x\transfer stie trisakti.doc and i checked and it isnt restore..
  16. yes, it seems it still deleted C:\x =D ok, here's the result: DDS : DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31 Run by maria at 19:17:40 on 2013-04-02 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.62.1033.18.1979.1195 [GMT 7:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\HitmanPro\hmpsched.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Software Informer\softinfo.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.bigseekpro.com/videodownloadtoolbar/{178F6920-22BE-4CF0-A6D0-2F4A0A74D66A} BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Video Download Toolbar Helper: {83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0} - c:\program files\video download toolbar\v3.3.0.3\Video_Download_Toolbar.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Video Download Toolbar: {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - c:\program files\video download toolbar\v3.3.0.3\Video_Download_Toolbar.dll TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Video Download Toolbar: {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - c:\program files\video download toolbar\v3.3.0.3\Video_Download_Toolbar.dll TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [software Informer] "c:\program files\software informer\softinfo.exe" -autorun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui StartupFolder: c:\users\maria\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\users\maria\appdata\roaming\micros~1\windows\startm~1\programs\startup\VIIKII~1.LNK - uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 202.73.99.4 61.247.0.2 202.73.99.2 61.247.0.4 TCP: Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE} : NameServer = 202.134.0.155,208.67.222.222 TCP: Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE}\D616279616 : DHCPNameServer = 76.73.126.98 168.95.1.1 TCP: Interfaces\{E3241119-7526-4CB5-8383-AA81F923AA7A} : DHCPNameServer = 202.73.99.4 61.247.0.2 202.73.99.2 61.247.0.4 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\maria\appdata\roaming\mozilla\firefox\profiles\ihkzovo3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.id/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-29 49248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-29 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-29 368176] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-29 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-29 66336] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-29 45248] R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2013-2-23 106280] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-29 164736] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] . =============== Created Last 30 ================ . 2013-04-02 12:06:14 -------- d-sh--w- C:\$RECYCLE.BIN 2013-04-01 16:19:56 -------- d-----w- C:\Program Installation 2013-03-30 23:47:26 -------- d-----w- c:\program files\ESET 2013-03-29 16:38:50 98816 ----a-w- c:\windows\sed.exe 2013-03-29 16:38:50 256000 ----a-w- c:\windows\PEV.exe 2013-03-29 16:38:50 208896 ----a-w- c:\windows\MBR.exe 2013-03-29 04:57:56 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-03-29 04:57:55 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-29 04:57:54 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-29 04:57:53 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-29 04:57:49 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-29 04:56:54 41664 ----a-w- c:\windows\avastSS.scr 2013-03-29 04:56:40 -------- d-----w- c:\program files\AVAST Software 2013-03-29 04:55:15 -------- d-----w- c:\programdata\AVAST Software 2013-03-28 16:38:20 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-28 16:38:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-03-25 18:06:04 -------- d-----w- c:\program files\NirSoft 2013-03-17 17:51:08 -------- d-----w- c:\program files\VideoLAN . ==================== Find3M ==================== . 2008-04-15 03:00:00 1384479 ----a-w- c:\program files\msvbvm60.dll . ============= FINISH: 19:18:28.39 =============== Attach : . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 3/12/2010 3:48:57 PM System Uptime: 4/2/2013 7:13:31 PM (0 hours ago) . Motherboard: Compal | | 3607 Processor: Intel® Core2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 49 GiB total, 25.513 GiB free. D: is FIXED (NTFS) - 184 GiB total, 74.87 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Base System Device Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&2EEE5C02&0&04E4 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&2EEE5C02&0&04E4 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Broadcom 802.11g Network Adapter Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_137D103C&REV_01\4&3AAD4F30&0&00E2 Manufacturer: Broadcom Name: Broadcom 802.11g Network Adapter PNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_137D103C&REV_01\4&3AAD4F30&0&00E2 Service: BCM43XX . Class GUID: Description: Base System Device Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&2EEE5C02&0&00E4 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&2EEE5C02&0&00E4 Service: . Class GUID: Description: Base System Device Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&2EEE5C02&0&03E4 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&2EEE5C02&0&03E4 Service: . ==== System Restore Points =================== . RP203: 3/31/2013 8:00:23 AM - Scheduled Checkpoint RP204: 4/2/2013 7:01:58 PM - ComboFix created restore point . ==== Installed Programs ====================== . 7-Zip 9.20 Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.4 Advertising Center avast! Free Antivirus ESET Online Scanner v3 Google Toolbar for Internet Explorer Google Update Helper Hero DVD Player HitmanPro 3.7 Java Auto Updater Java 6 Update 31 K-Lite Mega Codec Pack 4.1.7 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox (3.6.8) MP3 Cutter 1.8 Nero 9 Lite Nero ControlCenter Nero Installer Nero Online Upgrade Nero StartSmart neroxml NirSoft BlueScreenView Orbit Downloader Skype™ 6.3 Software Informer 1.0 BETA Video Download Toolbar VLC media player 2.0.5 WinRAR archiver Yahoo! Messenger Yahoo! Search Protection Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 4/2/2013 7:04:28 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 3/31/2013 7:59:15 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 3/29/2013 11:05:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 3/29/2013 11:05:11 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/29/2013 11:05:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/29/2013 11:04:46 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 3/29/2013 11:04:46 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 3/28/2013 10:49:10 PM, Error: Service Control Manager [7024] - The Avira Real-Time Protection service terminated with service-specific error The security stream for the given volume is in an inconsistent state. Please run CHKDSK on the volume.. 3/27/2013 9:21:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 3/27/2013 9:19:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/27/2013 9:19:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/27/2013 9:19:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 3/27/2013 9:19:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 3/27/2013 9:19:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/27/2013 9:19:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/27/2013 9:19:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr ssmdrv tdx vwififlt Wanarpv6 WfpLwf 3/27/2013 9:19:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/27/2013 9:19:22 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/27/2013 9:19:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 3/27/2013 9:19:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/27/2013 9:19:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/27/2013 9:19:22 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 3/27/2013 9:19:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/27/2013 9:19:22 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/27/2013 9:19:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/27/2013 9:19:22 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/27/2013 9:03:50 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 3/26/2013 12:06:21 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc0453718, 0xc0000185, 0x604868c0, 0x8a6e3000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032613-17596-01. . ==== End Of File =========================== PS : i have the old DDS and Attachment logs from several days ago that i have posted it in the beginning of this thread. should i keep it? i mean since i have new DDS n Attachment logs right now. thx u.
  17. umm.. not really sure by any open issues you mentioned. so far it seems my computer just fine =) here's the log you ask, i hope i did it right : ComboFix 13-03-28.01 - maria 04/01/2013 23:09:30.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.62.1033.18.1979.1217 [GMT 7:00] Running from: c:\users\maria\Desktop\ComboFix.exe Command switches used :: c:\users\maria\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\x c:\x\6. PAPI (Perception and Preference Inventory ).ppt c:\x\alat tes.pptx c:\x\Coon_11.ppt c:\x\papi lbr jwban large.jpg c:\x\papi lbr jwban.jpg c:\x\PENAWARAN IBU RINI.xls c:\x\Penawaran Ibu Titiek Soeharto.xlsx c:\x\Personality_Ch8.doc c:\x\rochassesscrosscult.ppt c:\x\scorecard papi large.jpg c:\x\scorecard papi.jpg c:\x\transfer stie trisakti.doc . . ((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 ))))))))))))))))))))))))))))))) . . 2013-04-01 16:15 . 2013-04-01 16:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-04-01 16:15 . 2013-04-01 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-30 23:47 . 2013-03-30 23:47 -------- d-----w- c:\program files\ESET 2013-03-29 07:53 . 2013-03-29 07:53 -------- d-----w- c:\program files\Common Files\Skype 2013-03-29 04:57 . 2013-03-06 23:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-03-29 04:57 . 2013-03-06 23:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-03-29 04:57 . 2013-03-06 23:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-03-29 04:57 . 2013-03-06 23:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-29 04:57 . 2013-03-06 23:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-03-29 04:57 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-29 04:57 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-29 04:57 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-29 04:57 . 2013-03-06 23:32 228600 ----a-w- c:\windows\system32\aswBoot.exe 2013-03-29 04:56 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr 2013-03-29 04:56 . 2013-03-29 04:56 -------- d-----w- c:\program files\AVAST Software 2013-03-29 04:55 . 2013-03-29 04:56 -------- d-----w- c:\programdata\AVAST Software 2013-03-28 16:38 . 2013-03-29 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-03-28 16:38 . 2012-12-14 09:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-25 18:06 . 2013-03-25 18:06 -------- d-----w- c:\program files\NirSoft 2013-03-21 12:12 . 2013-03-21 12:12 -------- d-----w- c:\program files\7-Zip 2013-03-17 17:51 . 2013-03-31 20:24 -------- d-----w- c:\users\maria\AppData\Roaming\vlc 2013-03-17 17:51 . 2013-03-17 17:51 -------- d-----w- c:\program files\VideoLAN . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-15 03:00 . 2011-04-18 13:00 1384479 ----a-w- c:\program files\msvbvm60.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0}] 2010-03-12 14:16 815104 ----a-w- c:\program files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}"= "c:\program files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll" [2010-03-12 815104] . [HKEY_CLASSES_ROOT\clsid\{e52be12d-a44a-4f51-9dc1-34f37a488cc7}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}"= "c:\program files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll" [2010-03-12 815104] . [HKEY_CLASSES_ROOT\clsid\{e52be12d-a44a-4f51-9dc1-34f37a488cc7}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-12 39408] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-16 5244216] "Software Informer"="c:\program files\Software Informer\softinfo.exe" [2010-06-28 2322501] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18672232] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-12-14 824232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] . c:\users\maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] ViiKiiDesktopPlugin.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 aswVmm;aswVmm; [x] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S0 aswRvrt;aswRvrt; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 15:04] . 2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 15:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.bigseekpro.com/videodownloadtoolbar/{178F6920-22BE-4CF0-A6D0-2F4A0A74D66A} IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 202.73.99.4 61.247.0.2 202.73.99.2 61.247.0.4 TCP: Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE}: NameServer = 202.134.0.155,208.67.222.222 FF - ProfilePath - c:\users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\ihkzovo3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.id/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3632183951-932135029-350098339-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A9CE7AE9-4CA2-7E2A-BDF0-13773A9A8A2D}*] "hadpadnlkekkiahp"=hex:69,61,6e,67,65,63,69,70,6c,6b,67,6b,6d,6c,67,6d,69,62, 00,dc "gakmcdejejgmdh"=hex:61,63,68,61,6c,64,67,64,6e,70,63,67,67,67,6d,70,61,6a,66, 6d,62,6b,6c,6f,61,63,6c,69,70,6e,67,67,6d,63,6c,69,6d,6d,6f,6b,6b,64,6e,69,\ "iajnkcomhgmhnfoldc"=hex:6a,61,6d,67,6c,63,61,61,66,6b,64,6e,6f,6d,6f,63,6e,63, 70,69,00,00 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-01 23:17:24 ComboFix-quarantined-files.txt 2013-04-01 16:17 ComboFix2.txt 2013-03-29 16:49 C:\DeQuarantine.txt . Pre-Run: 27,588,743,168 bytes free Post-Run: 27,355,824,128 bytes free . - - End Of File - - AC0F686C247F1D90359ACF56A0AE0825 oh, by the way, 2 days ago when you asked me run ESET, in the result, as i remember it said 6 threats was found, i clicked the "List of found threats" it listed those result in ESET log you asked. my question is, were those ESET result/log was the threats lists? are those virus/malware? coz i see there was this in the esult : C:\Users\maria\AppData\Local\TempImages\AutoUpdate.exe a variant of Win32/Agent.SZW trojan. Pardon me to asked this, just kinda worried seeing the word 'Trojan' =( gosh, really, i'm so thankful to you that you still stick and patient with me =) thank you
  18. here's the log from C:\Qoobox\ComboFix-quarantined-files.txt : 2013-03-29 16:48:15 . 2013-03-29 16:48:15 145 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-WinampAgent.reg.dat 2013-03-29 16:48:14 . 2013-03-29 16:48:14 137 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-QzcxOTlGRkZFNjg4RjVGQ0.reg.dat 2013-03-29 16:48:14 . 2013-03-29 16:48:14 128 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Insomnia Live.reg.dat 2013-03-29 16:48:14 . 2013-03-29 16:48:14 89 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-fsm.reg.dat 2013-03-29 16:48:14 . 2013-03-29 16:48:14 96 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-EasyDVDMon.reg.dat 2013-03-29 16:48:13 . 2013-03-29 16:48:13 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612}.reg.dat 2013-03-29 16:48:10 . 2013-03-29 16:48:10 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612}.reg.dat 2013-03-29 16:44:31 . 2013-03-29 16:44:31 8,638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2013-03-29 16:38:47 . 2013-03-29 16:40:15 62 ----a-w- C:\Qoobox\Quarantine\catchme.log 2013-03-29 16:07:08 . 2013-03-29 16:09:05 5,044,813 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\ComboFix.exe.vir 2013-03-29 07:48:20 . 2013-03-29 07:48:23 2,092,792 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\avira_free_antivirus.exe.vir 2013-03-29 05:00:09 . 2013-03-29 05:00:21 688,992 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\dds.com.vir 2013-03-29 04:43:07 . 2013-03-29 04:52:16 111,691,960 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\avast_free_antivirus_setup.exe.vir 2013-03-29 04:37:12 . 2013-03-29 04:41:09 10,156,344 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\mbam-setup-1.70.0.1100.exe.vir 2013-03-29 01:18:50 . 2013-03-29 01:20:05 4,316,280 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\ccsetup400.exe.vir 2013-03-27 14:50:51 . 2013-03-27 14:50:52 140,800 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\bluescreenview_setup.exe.vir 2013-03-21 12:11:45 . 2013-03-21 12:11:58 1,110,476 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\7z920.exe.vir 2013-03-17 16:41:01 . 2013-03-17 16:43:34 22,916,830 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\vlc-2.0.5-win32.exe.vir 2013-03-17 09:10:37 . 2013-03-17 09:15:40 13,167,824 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\GOMPLAYERENSETUP.EXE.vir 2013-03-01 18:53:53 . 2013-03-01 18:55:33 29,760,104 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\SkypeSetupFull.exe.vir 2013-01-08 13:07:42 . 2009-06-10 21:22:50 32,064 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\AppData\Roaming\A366641351.exe.vir 2013-01-08 13:07:42 . 2009-06-10 21:22:50 32,064 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A366641351.exe.vir 2012-12-26 13:44:27 . 2013-02-23 15:44:04 8,984,048 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\HitmanPro.exe.vir 2012-12-14 19:03:20 . 2012-12-14 19:23:04 105,603,488 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\avira_free_antivirus_en.exe.vir 2012-10-01 18:39:37 . 2013-03-29 04:27:32 816,128 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\RogueKiller.exe.vir 2011-03-13 09:38:18 . 2011-03-13 09:58:40 2,363,465 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\iTunesSetup.exe.vir 2011-03-12 16:56:33 . 2011-03-12 17:11:57 44,544 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\sendspace_downloader_uy2eji.exe.vir 2011-02-01 16:58:31 . 2011-02-01 17:17:09 2,611,865 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\mp3cutter.exe.vir 2010-11-22 12:48:24 . 2010-11-22 12:48:26 43,520 ----a-w- C:\Qoobox\Quarantine\C\x\transfer stie trisakti.doc.vir 2010-09-01 16:27:37 . 2010-09-03 15:40:37 270,061 ----a-w- C:\Qoobox\Quarantine\C\x\scorecard papi large.jpg.vir 2010-09-01 16:25:30 . 2010-09-03 15:51:41 144,597 ----a-w- C:\Qoobox\Quarantine\C\x\papi lbr jwban large.jpg.vir 2010-08-21 21:15:02 . 2010-08-18 06:45:18 3,736,064 ----a-w- C:\Qoobox\Quarantine\C\x\PENAWARAN IBU RINI.xls.vir 2010-08-21 21:15:01 . 2009-07-10 09:41:02 7,092,440 ----a-w- C:\Qoobox\Quarantine\C\x\Penawaran Ibu Titiek Soeharto.xlsx.vir 2010-07-27 19:20:06 . 2010-07-27 19:20:11 80,310 ----a-w- C:\Qoobox\Quarantine\C\x\scorecard papi.jpg.vir 2010-07-27 19:19:51 . 2010-09-01 16:25:34 134,778 ----a-w- C:\Qoobox\Quarantine\C\x\papi lbr jwban.jpg.vir 2010-07-27 19:09:14 . 2010-07-27 19:09:14 193,024 ----a-w- C:\Qoobox\Quarantine\C\x\6. PAPI (Perception and Preference Inventory ).ppt.vir 2010-07-27 18:32:31 . 2010-07-27 18:32:31 56,321 ----a-w- C:\Qoobox\Quarantine\C\x\Personality_Ch8.doc.vir 2010-07-27 18:31:45 . 2010-07-27 18:31:45 530,432 ----a-w- C:\Qoobox\Quarantine\C\x\Coon_11.ppt.vir 2010-07-27 18:31:15 . 2010-07-27 18:31:15 241,152 ----a-w- C:\Qoobox\Quarantine\C\x\rochassesscrosscult.ppt.vir 2010-07-27 18:29:31 . 2010-07-27 18:29:33 2,010,625 ----a-w- C:\Qoobox\Quarantine\C\x\alat tes.pptx.vir 2010-06-22 16:52:21 . 2010-06-22 17:04:04 37,888 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\Documents\~WRL1779.tmp.vir 2010-06-22 16:52:21 . 2010-06-22 16:59:38 33,280 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\Documents\~WRL2240.tmp.vir 2010-06-22 16:52:21 . 2010-06-22 16:56:58 33,280 ----a-w- C:\Qoobox\Quarantine\C\Users\maria\Documents\~WRL2498.tmp.vir and oh, you havent answer me, if it wasn a good idea to save .exe in User Folders. so what is a better way to save those? still in Drive C or Drive D? and thx for ansering me. i just got confused with those 2 empty folder =)
  19. hi. thank you for your understanding =) C:\x is a folder contain various file documents i was planning to read someday. not really important. it just it was named X in my computer work and i didnt changed the name when i copied it to my computer. and here's the result of ESET : C:\Qoobox\Quarantine\C\Users\maria\avira_free_antivirus_en.exe.vir a variant of Win32/Bundled.Toolbar.Ask application C:\Users\maria\fdminst.exe Win32/OpenCandy application C:\Users\maria\OrbitSetup4.1.01.exe Win32/OpenCandy application C:\Users\maria\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application C:\Users\maria\AppData\Local\TempImages\AutoUpdate.exe a variant of Win32/Agent.SZW trojan i moslty used Mozilla. thats why i have follow your instruction for IE (run for asministrator) and also installed esetsmartinstaller_enu.exe. (i sav it to Drive D:) the result is just the same with the one with IE. oh, after it finished, it asked if i want to unsintalled the ESET. i didnt know what to do so i just closed it. should i uninstalled it? and thank you for the info about antvirus. i have uninstallled Avira. if its ok with you, please help me with some question : - You said it wasnt good idea to save installed programs in Users Folder. I usually tried to save the installed program in Program Files. but it said i cant and asked if i want to saved it to User Folder instead. so i just clicked yes. but when i installed the program, it installed to Program Files Folder. my question is, where should i save the .exe program if in User Folder is not wise thing to do? - after ran ComboFix last time, i found out not only it added new folders in Drive C: but it also added new folder to Drive D: ($RECYCLE.BIN and Config.Msi) and both folder are empty folder. Would it be fine if i delete those 2? - and Combofix deleted alot of my .exe files (mbam-setup-1.70.0.1100.exe, vlc-2.0.5-win32.exe, avast_free_antivirus_setup.exe, bluescreenview_setup.exe, ccsetup400.exe, ComboFix.exe, dds.com, HitmanPro.exe, mp3cutter.exe, RogueKiller.exe, SkypeSetupFull.exe, etc). should i download n save those again? thank you for sticking with me =)
  20. hi.. oh, about the avira, i really forgot to tell you, that i was telling my bestfriend about the problem i have and about how the avira wont/failed to updated. i told her i uninstalled avira bcoz of that. turns out while i was in the shower, she re-installed avira (my computer was on when she was here). i was meant to ask you if should i uninstalled it again or just let it be, since i'm afraid if i uninstalled it, it would made another change and yes, i do remember you told me to not made any changes. thats why i let it be and not made any changes. i really forgot to told you about it and to ask you. sorry. and about the Combofix, i thought that the Combofix you meant was supposed to be the result one that i should put it in the desktop (like the dds.txt). thats why after i download it, i just click run and saved it to program files. but soon after it finished running, i realised the combofix wasnt in the desktop, and that the .exe you meant was the program, not the result. so i download it again n see how to put it in desktop (which is just found out how to do that). sorry. i never really put any programs in the desktop. i only put program shortcuts and recycle bin there. i'm really sorry. like i said, i'm not computer savvy. here's the result of Malwarebytes : Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.29.01 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 maria :: MARIA-PC [administrator] 3/30/2013 3:00:25 AM mbam-log-2013-03-30 (03-00-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 200558 Time elapsed: 4 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) um, about the antivirus. do you know which one should i uninstalled? Avira or Avast? thx u. and please pardon me for any mistake i did.
  21. hi.. just found out how.. it seems i need to disable the shield from the system tray =) here's the result : ComboFix 13-03-28.01 - maria 03/29/2013 23:40:15.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.62.1033.18.1979.838 [GMT 7:00] Running from: c:\users\maria\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\maria\7z920.exe c:\users\maria\AppData\Roaming\A366641351.exe c:\users\maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A366641351.exe c:\users\maria\avast_free_antivirus_setup.exe c:\users\maria\avira_free_antivirus.exe c:\users\maria\avira_free_antivirus_en.exe c:\users\maria\bluescreenview_setup.exe c:\users\maria\ccsetup400.exe c:\users\maria\ComboFix.exe c:\users\maria\dds.com c:\users\maria\Documents\~WRL1779.tmp c:\users\maria\Documents\~WRL2240.tmp c:\users\maria\Documents\~WRL2498.tmp c:\users\maria\GOMPLAYERENSETUP.EXE c:\users\maria\HitmanPro.exe c:\users\maria\iTunesSetup.exe c:\users\maria\mbam-setup-1.70.0.1100.exe c:\users\maria\mp3cutter.exe c:\users\maria\RogueKiller.exe c:\users\maria\sendspace_downloader_uy2eji.exe c:\users\maria\SkypeSetupFull.exe c:\users\maria\vlc-2.0.5-win32.exe C:\x c:\x\6. PAPI (Perception and Preference Inventory ).ppt c:\x\alat tes.pptx c:\x\Coon_11.ppt c:\x\papi lbr jwban large.jpg c:\x\papi lbr jwban.jpg c:\x\PENAWARAN IBU RINI.xls c:\x\Penawaran Ibu Titiek Soeharto.xlsx c:\x\Personality_Ch8.doc c:\x\rochassesscrosscult.ppt c:\x\scorecard papi large.jpg c:\x\scorecard papi.jpg c:\x\transfer stie trisakti.doc . . ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-29 ))))))))))))))))))))))))))))))) . . 2013-03-29 16:47 . 2013-03-29 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-29 08:13 . 2013-03-29 08:13 -------- d-----w- c:\users\maria\AppData\Roaming\Avira 2013-03-29 08:12 . 2013-03-29 08:11 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-29 08:12 . 2013-03-29 08:11 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-29 08:12 . 2013-03-29 08:11 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-29 08:12 . 2013-03-29 08:12 -------- d-----w- c:\programdata\Avira 2013-03-29 08:12 . 2013-03-29 08:12 -------- d-----w- c:\program files\Avira 2013-03-29 07:53 . 2013-03-29 07:53 -------- d-----w- c:\program files\Common Files\Skype 2013-03-29 04:57 . 2013-03-06 23:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-03-29 04:57 . 2013-03-06 23:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-03-29 04:57 . 2013-03-06 23:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-03-29 04:57 . 2013-03-06 23:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-29 04:57 . 2013-03-06 23:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-03-29 04:57 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-29 04:57 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-29 04:57 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-29 04:57 . 2013-03-06 23:32 228600 ----a-w- c:\windows\system32\aswBoot.exe 2013-03-29 04:56 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr 2013-03-29 04:56 . 2013-03-29 04:56 -------- d-----w- c:\program files\AVAST Software 2013-03-29 04:55 . 2013-03-29 04:56 -------- d-----w- c:\programdata\AVAST Software 2013-03-28 16:38 . 2013-03-29 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-03-28 16:38 . 2012-12-14 09:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-25 18:06 . 2013-03-25 18:06 -------- d-----w- c:\program files\NirSoft 2013-03-21 12:12 . 2013-03-21 12:12 -------- d-----w- c:\program files\7-Zip 2013-03-17 17:51 . 2013-03-29 16:00 -------- d-----w- c:\users\maria\AppData\Roaming\vlc 2013-03-17 17:51 . 2013-03-17 17:51 -------- d-----w- c:\program files\VideoLAN 2013-03-01 18:56 . 2013-03-29 07:53 -------- d-----r- c:\program files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-15 03:00 . 2011-04-18 13:00 1384479 ----a-w- c:\program files\msvbvm60.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0}] 2010-03-12 14:16 815104 ----a-w- c:\program files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}"= "c:\program files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll" [2010-03-12 815104] . [HKEY_CLASSES_ROOT\clsid\{e52be12d-a44a-4f51-9dc1-34f37a488cc7}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}"= "c:\program files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll" [2010-03-12 815104] . [HKEY_CLASSES_ROOT\clsid\{e52be12d-a44a-4f51-9dc1-34f37a488cc7}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-12 39408] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-16 5244216] "Software Informer"="c:\program files\Software Informer\softinfo.exe" [2010-06-28 2322501] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18672232] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-12-14 824232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-29 345312] . c:\users\maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] ViiKiiDesktopPlugin.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 aswVmm;aswVmm; [x] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S0 aswRvrt;aswRvrt; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 15:04] . 2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 15:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.bigseekpro.com/videodownloadtoolbar/{178F6920-22BE-4CF0-A6D0-2F4A0A74D66A} IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 202.73.99.4 61.247.0.2 202.73.99.2 61.247.0.4 TCP: Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE}: NameServer = 202.134.0.155,208.67.222.222 FF - ProfilePath - c:\users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\ihkzovo3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.id/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file) HKCU-Run-EasyDVDMon - (no file) HKCU-Run-fsm - (no file) HKCU-Run-Insomnia Live - c:\users\maria\qzcxotl.exe HKCU-Run-QzcxOTlGRkZFNjg4RjVGQ0 - c:\programdata\kmmmoanh.exe HKLM-Run-WinampAgent - c:\program files\Winamp 5.58\winampa.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3632183951-932135029-350098339-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A9CE7AE9-4CA2-7E2A-BDF0-13773A9A8A2D}*] "hadpadnlkekkiahp"=hex:69,61,6e,67,65,63,69,70,6c,6b,67,6b,6d,6c,67,6d,69,62, 00,dc "gakmcdejejgmdh"=hex:61,63,68,61,6c,64,67,64,6e,70,63,67,67,67,6d,70,61,6a,66, 6d,62,6b,6c,6f,61,63,6c,69,70,6e,67,67,6d,63,6c,69,6d,6d,6f,6b,6b,64,6e,69,\ "iajnkcomhgmhnfoldc"=hex:6a,61,6d,67,6c,63,61,61,66,6b,64,6e,6f,6d,6f,63,6e,63, 70,69,00,00 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-29 23:49:31 ComboFix-quarantined-files.txt 2013-03-29 16:49 . Pre-Run: 26,584,682,496 bytes free Post-Run: 26,546,790,400 bytes free . - - End Of File - - C7A908C0FB7B7B09DE41439AE50F7657 umm.. i just seen some new folders in my C Folders (Config.Msi, Qoobox) are those folders are normally added after we ran Combofix? and i noticed it deleted programs/files like bluescreenview, hitmanpro, roguekiller, etc. are those means i have to downloaded all of those again? thx. ps : can i enable my antivirus again now?
  22. um.. i cant seems to find Stop On-Access protection in the avast. i thought i already disabled it. but when i clicked ok in Combo Fix its gave me warning that it hasnt turn off. so i'm afraid to click ok in the Combo Fix. i just download Avast this morning...
  23. hi.. yes, i'm sorry i have go to the link you provided. but i cant copy-paste it since it brought me to choose from my C folder. while i tried to copy paste it just typed A366641351.exe only. i tried to look for the c:\users\maria\appdata\roaming\microsoft\windows\start menu\programs\startup\A366641351.exe. but it seems it not exist. but, i tried to scan A366641351.exe and here is the result : SHA256: 3168d495ac5954cc549589d583e6b335835de8ada3c6003292d0cda56a265590 SHA1: 487412d06e299fe0af47ccb932e78662d4ebb9bf MD5: bdc16e98ea13b1ebebcf49385394f05b File size: 31.3 KB ( 32064 bytes ) File name: CVTRES.EXE File type: Win32 EXE Detection ratio: 0 / 46 Analysis date: 2013-03-29 06:04:04 UTC ( 1 minute ago ) i hope i dont do any mistake. sorry id i did. and thank you dor so kind replying me eventho you are so tired already.
  24. Repost, since i mistakenly post this in General Forum (sorry, admins, i'm panicked and havent read the whole rules in here). hi, i'm a newbie and am not a computer savvy. last night while using my laptop, i found out that since March 24th, my Avira antivirus automatically update has failed to update and till now wont do the automatic update. since i just got a BSoD on the same day, i thought maybe because i was did the system Recovery. so then i did the update manually and for safety, i ran it. It came back with 2 virus, which i really forgot the name since i just clicked remove. Then i ran Malwarebytes and found 2 trojan/virus: Trojan.Ransom and PUM.UserWLoad. I removed right away. after restarted my computer, i ran HitmanPro and Malwarebytes again. HitmanPro came back clean, but in Malwarebytes, those 2 were back again. i removed and restart my computer and scanned it again, and both Trojan.Ransom and PUM.UserWLoad keep coming back. i have done it for 3 times. i have uninstall Avira (since it still failed to automatically update) and instal Avast and i also have installed RogueKiller. here are the result : Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.29.01 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 maria :: MARIA-PC [administrator] 3/29/2013 12:20:07 PM mbam-log-2013-03-29 (12-20-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 191348 Time elapsed: 4 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\maria\LOCALS~1\Temp\msoufzi.bat -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\maria\LOCALS~1\Temp\msoufzi.bat -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I ran RogueKiller, here's the result : RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : maria [Admin rights] Mode : Scan -- Date : 03/29/2013 12:28:55 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Insomnia Live (C:\Users\maria\qzcxotl.exe) [x] -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : QzcxOTlGRkZFNjg4RjVGQ0 (C:\ProgramData\kmmmoanh.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Run : Insomnia Live (C:\Users\maria\qzcxotl.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Run : QzcxOTlGRkZFNjg4RjVGQ0 (C:\ProgramData\kmmmoanh.exe) [x] -> FOUND [sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\maria\Local Settings\Temp\msoufzi.bat) [x] -> FOUND [sHELL][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Windows : Load (C:\Users\maria\Local Settings\Temp\msoufzi.bat) [x] -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE} : NameServer (202.134.0.155,208.67.222.222) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE} : NameServer (202.134.0.155,208.67.222.222) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250315AS ATA Device +++++ --- User --- [MBR] 428f8d519c5427dc22265cec51d1a069 [bSP] c8496c40e90cbc7dfd19b1c9015414c6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 49900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102402048 | Size: 188472 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03292013_02d1228.txt >> RKreport[1]_S_03292013_02d1228.txt Please help me. and pardon me for my poor English. Attached Files dds.txt attach.txt RKreport1_S_03292013_02d1228.txt
  25. hi, i'm a newbie and am not a computer savvy. last night while using my laptop, i found out that since March 24th, my Avira antivirus automatically update has failed to update and till now wont do the automatic update. since i just got a BSoD on the same day, i thought maybe because i was did the system Recovery. so then i did the update manually and for safety, i ran it. It came back with 2 virus, which i really forgot the name since i just clicked remove. Then i ran Malwarebytes and found 2 trojan/virus: Trojan.Ransom and PUM.UserWLoad. I removed right away. after restarted my computer, i ran HitmanPro and Malwarebytes again. HitmanPro came back clean, but in Malwarebytes, those 2 were back again. i removed and restart my computer and scanned it again, and both Trojan.Ransom and PUM.UserWLoad keep coming back. i have done it for 3 times. i've done the steps mentioned here : http://www.techspot.com/vb/topic58138.html. and i have uninstall Avira (since it still failed to automatically update) and instal Avast. here are the result : Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.29.01 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 maria :: MARIA-PC [administrator] 3/29/2013 12:20:07 PM mbam-log-2013-03-29 (12-20-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 191348 Time elapsed: 4 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\maria\LOCALS~1\Temp\msoufzi.bat -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\maria\LOCALS~1\Temp\msoufzi.bat -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I ran RogueKiller, here's the result : RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : maria [Admin rights] Mode : Scan -- Date : 03/29/2013 12:28:55 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Insomnia Live (C:\Users\maria\qzcxotl.exe) [x] -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : QzcxOTlGRkZFNjg4RjVGQ0 (C:\ProgramData\kmmmoanh.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Run : Insomnia Live (C:\Users\maria\qzcxotl.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Run : QzcxOTlGRkZFNjg4RjVGQ0 (C:\ProgramData\kmmmoanh.exe) [x] -> FOUND [sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\maria\Local Settings\Temp\msoufzi.bat) [x] -> FOUND [sHELL][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Windows : Load (C:\Users\maria\Local Settings\Temp\msoufzi.bat) [x] -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE} : NameServer (202.134.0.155,208.67.222.222) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE} : NameServer (202.134.0.155,208.67.222.222) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250315AS ATA Device +++++ --- User --- [MBR] 428f8d519c5427dc22265cec51d1a069 [bSP] c8496c40e90cbc7dfd19b1c9015414c6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 49900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102402048 | Size: 188472 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03292013_02d1228.txt >> RKreport[1]_S_03292013_02d1228.txt Please help me. and pardon me for my poor English. dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.