Jump to content

baseboii22

Honorary Members
  • Posts

    36
  • Joined

  • Last visited

Everything posted by baseboii22

  1. I'm guessing it's implied that I should include the CBS.log so I attached it here CBS.log
  2. Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log
  3. SystemLook 30.07.11 by jpshortstuff Log created at 19:25 on 09/10/2013 by James Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== filefind ========== Searching for "sfcfiles.dll" No files found. Searching for "ipsec.sys" No files found. Searching for "psched.sys" No files found. -= EOF =-
  4. ok so i actually re-ran it in normal mode and re-downloaded the combofix.exe. i think it worked so here is the log: ComboFix 13-10-08.01 - James 10/08/2013 19:00:51.4.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4022.2482 [GMT -4:00]Running from: c:\users\James\Downloads\ComboFix.exeCommand switches used :: c:\users\James\Desktop\CFScript (2).txt.FILE ::"c:\users\James\AppData\Local\Temp\Shortcut_IMsetup.exe""c:\users\James\AppData\Local\Temp\WSSetup.exe""c:\users\James\Downloads\BitTorrent.exe""c:\users\James\Downloads\cbsidlm-tr1_10a-Spyrix_Free_Keylogger-SEO-75708733.exe""c:\users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733 (1).exe""c:\users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733 (2).exe""c:\users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733.exe""c:\users\James\Downloads\Elite Keylogger 4.9.exe""c:\users\James\Downloads\elite_keylogger.exe""c:\windows\System32\ARFC\wrtc.exe""c:\windows\System32\autosvr.exe""c:\windows\System32\WNLT\Installation\WSSetup.exe""c:\windows\SysWOW64\ARFC\wrtc.exe""c:\windows\SysWOW64\autosvr.exe""c:\windows\SysWOW64\WNLT\Installation\WSSetup.exe""e:\users\James\Downloads\setup.exe"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\James\AppData\Local\Temp\CoreSync.dll_TEMPc:\users\James\Downloads\BitTorrent.exec:\windows\SysWOW64\autosvr.exe.-- Previous Run --.c:\windows\SysWow64\sfcfiles.dll . . . is missing!!.c:\windows\system32\drivers\ipsec.sys . . . is missing!!.c:\windows\system32\drivers\psched.sys . . . is missing!!.--------..((((((((((((((((((((((((( Files Created from 2013-09-08 to 2013-10-08 )))))))))))))))))))))))))))))))..2013-10-03 00:52 . 2013-10-04 19:30 -------- d-----w- c:\users\James\AppData\Local\Spotify2013-10-03 00:52 . 2013-10-06 16:23 -------- d-----w- c:\users\James\AppData\Roaming\Spotify2013-09-29 23:06 . 2013-09-29 23:06 -------- d-----w- c:\program files (x86)\Common Files\Java2013-09-29 23:06 . 2013-09-29 23:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-29 23:05 . 2013-09-29 23:05 -------- d-----w- c:\program files (x86)\Java2013-09-25 21:32 . 2013-09-25 21:33 -------- d-----w- C:\AdwCleaner2013-09-24 23:31 . 2013-09-24 23:31 -------- d-----w- c:\windows\system32\ljkb2013-09-18 01:07 . 2013-09-18 01:07 -------- d-----w- c:\program files (x86)\ESET2013-09-16 22:53 . 2013-09-16 22:53 -------- d-----w- c:\program files\CPUID2013-09-16 22:32 . 2013-09-16 22:32 -------- d-----w- c:\programdata\Oracle2013-09-16 19:26 . 2013-09-16 19:26 -------- d-----w- c:\users\James\AppData\Local\MetaGeek,_LLC2013-09-16 19:26 . 2013-09-16 19:26 -------- d-----w- c:\users\James\AppData\Local\IsolatedStorage2013-09-16 19:26 . 2013-09-16 19:26 -------- d-sh--w- c:\users\James\AppData\Local\ms-drivers2013-09-16 19:25 . 2013-09-16 19:25 -------- d-----w- c:\program files (x86)\MetaGeek2013-09-16 03:45 . 2013-09-16 03:45 -------- d-----w- c:\program files\Bonjour2013-09-16 03:45 . 2013-09-16 03:45 -------- d-----w- c:\program files (x86)\Bonjour2013-09-16 03:45 . 2013-09-16 03:45 -------- d-----w- c:\program files (x86)\AirPort2013-09-16 01:35 . 2013-09-16 01:35 -------- d-----w- c:\windows\system32\wbem\Framework2013-09-16 01:19 . 2013-09-16 19:22 -------- d-----w- c:\users\James\AppData\Local\Diagnostics2013-09-16 00:54 . 2013-09-16 00:56 -------- d-----w- c:\users\James\Heaven2013-09-16 00:51 . 2013-09-16 00:51 -------- d-----w- c:\program files (x86)\AMD AVT2013-09-16 00:51 . 2013-09-16 00:51 -------- d-----w- c:\program files (x86)\AMD APP2013-09-16 00:51 . 2013-09-16 00:51 -------- d-----w- c:\program files\Common Files\ATI Technologies2013-09-16 00:51 . 2013-09-16 00:51 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies2013-09-16 00:51 . 2013-09-16 01:28 -------- d-----w- c:\program files (x86)\ATI Technologies2013-09-16 00:48 . 2013-09-16 00:48 -------- d-----w- c:\program files\ATI Technologies2013-09-16 00:46 . 2013-09-16 00:46 -------- d-----w- c:\program files (x86)\GPU-Z2013-09-16 00:44 . 2013-09-16 02:47 -------- d--h--w- c:\windows\msdownld.tmp2013-09-16 00:43 . 2013-09-16 02:47 -------- d-----w- c:\program files (x86)\MSI Afterburner2013-09-16 00:27 . 2013-09-16 00:27 -------- d-----w- c:\program files (x86)\Unigine2013-09-15 23:04 . 2013-09-15 23:04 -------- d-----w- c:\program files (x86)\AMD2013-09-15 23:01 . 2013-09-15 23:01 -------- d-----w- c:\users\James\AppData\Local\Downloaded Installations2013-09-15 19:13 . 2013-09-15 19:13 -------- d-----w- c:\users\James\AppData\Roaming\InstallShield2013-09-14 23:43 . 2013-09-14 23:43 -------- d-----w- c:\users\James\AppData\Local\ESN2013-09-14 23:42 . 2013-09-14 23:43 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins2013-09-14 23:42 . 2013-09-14 23:42 -------- d-----w- c:\programdata\EA Core2013-09-14 23:42 . 2013-09-14 23:43 -------- d-----w- c:\programdata\EA Logs2013-09-14 22:48 . 2013-09-14 22:48 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller2013-09-14 19:11 . 2013-09-14 19:12 -------- d-----w- c:\program files (x86)\Origin Games2013-09-14 19:07 . 2013-09-14 19:11 -------- d-----w- c:\users\James\AppData\Roaming\Origin2013-09-14 19:07 . 2013-09-14 22:50 -------- d-----w- c:\users\James\AppData\Local\Origin2013-09-14 19:06 . 2013-09-14 19:12 -------- d-----w- c:\programdata\Origin2013-09-14 19:06 . 2013-09-14 23:42 -------- d-----w- c:\programdata\Electronic Arts2013-09-14 19:05 . 2013-09-14 20:38 -------- d-----w- c:\program files (x86)\Origin2013-09-13 23:51 . 2013-09-13 23:51 -------- d-----w- c:\users\James\AppData\Roaming\ATI2013-09-13 23:51 . 2013-09-13 23:51 -------- d-----w- c:\users\James\AppData\Local\ATI2013-09-13 23:51 . 2013-09-16 00:51 -------- d-----w- c:\programdata\AMD2013-09-13 23:48 . 2013-09-13 23:48 -------- d-----w- C:\AMD...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-08 22:49 . 2013-01-04 04:00 2560 ----a-w- c:\windows\system32\thunk.dll2013-10-08 22:49 . 2013-01-04 04:00 1024 ----a-w- c:\windows\SysWow64\thunk.dll2013-09-29 23:05 . 2012-10-04 03:12 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-09-29 23:05 . 2012-10-04 03:12 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-09-20 13:23 . 2012-07-01 17:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-20 13:23 . 2012-07-01 17:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-09-14 23:48 . 2013-03-24 22:00 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2013-09-14 23:48 . 2013-03-24 22:00 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2013-09-14 23:48 . 2013-03-09 17:47 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2013-09-14 23:43 . 2013-03-24 22:00 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02013-09-12 07:10 . 2013-02-09 21:58 79143768 ----a-w- c:\windows\system32\MRT.exe2013-09-05 16:21 . 2013-09-05 14:24 181064 ----a-w- c:\windows\PSEXESVC.EXE2013-08-21 07:34 . 2013-08-21 07:34 141496 ----a-w- c:\windows\system32\drivers\rzudd.sys2013-08-20 08:41 . 2013-08-20 08:41 33464 ----a-w- c:\windows\system32\drivers\rzdaendpt.sys2013-08-20 08:41 . 2013-08-20 08:41 30904 ----a-w- c:\windows\system32\drivers\rzvkeyboard.sys2013-08-02 01:48 . 2013-09-11 23:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-25 09:25 . 2013-08-14 09:50 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-14 09:50 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58 . 2013-08-14 09:50 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-19 01:41 . 2013-08-14 09:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]"Spotify Web Helper"="c:\users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-04 1140736]"AdobeBridge"="" [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"<NO NAME>"= 47c917b09f2bc64b2916c0824c715923.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\disallowrun]"Block SafeEyes"= safeeyes.exe.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys;c:\windows\SYSNATIVE\Drivers\CYUSB.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys;c:\windows\SYSNATIVE\DRIVERS\tinspusb.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\James\Desktop\gpu temp\WinRing0x64.sys;c:\users\James\Desktop\gpu temp\WinRing0x64.sys [x]S0 AppleHFS;AppleHFS; [x]S0 AppleMNT;AppleMNT; [x]S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys;c:\windows\SYSNATIVE\drivers\rsdrvx64.sys [x]S1 RNDISM2k;RNDISM2k;c:\windows\system32\drivers\RNDISM2k.sys;c:\windows\SYSNATIVE\drivers\RNDISM2k.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe;c:\windows\SYSNATIVE\AppleOSSMgr.exe [x]S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe;c:\windows\SYSNATIVE\AppleTimeSrv.exe [x]S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys;c:\windows\SYSNATIVE\drivers\KeyAgent.sys [x]S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys;c:\windows\SYSNATIVE\drivers\MacHALDriver.sys [x]S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys;c:\windows\SYSNATIVE\DRIVERS\AppleBtBc.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys;c:\windows\SYSNATIVE\DRIVERS\CS420x64.sys [x]S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x]S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys;c:\windows\SYSNATIVE\DRIVERS\IRFilter.sys [x]S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys;c:\windows\SYSNATIVE\DRIVERS\KeyMagic.sys [x]S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]..Contents of the 'Scheduled Tasks' folder.2013-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 13:23]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-08-15 741760]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 472984].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105Trusted Zone: fishbattle.net\wwwTCP: DhcpNameServer = 10.0.1.1..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".Completion time: 2013-10-08 19:08:17ComboFix-quarantined-files.txt 2013-10-08 23:08ComboFix2.txt 2013-09-20 03:15.Pre-Run: 117,127,413,760 bytes freePost-Run: 117,110,312,960 bytes free.- - End Of File - - 93CE05A65B42DEE21C20EA4939708202A36C5E4F47E84449FF07ED3517B43A31
  5. the combofix doesnt work in safe mode. it asks me if i want to run in reduced functionality mode beacuse it is outdated and i click (yes) but a blue cmd screen opens momentarily then everything quits.
  6. Yes sorry I;ve been away from home the past couple of days. I'll have the log up tonight or tomorrow morning
  7. Also, I wasn't able to locate the temporary java files after I finished updating it. Control panel -> click java symbol, i wasnt able to find that
  8. nvm the combofix was able to go through even though it was paused on that line: ComboFix 13-09-28.02 - James 09/29/2013 18:52:08.3.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4022.2726 [GMT -4:00]Running from: C:\Users\James\Desktop\ComboFix.exeCommand switches used :: C:\Users\James\Desktop\CFScript (1).txt FILE ::"C:\Users\James\AppData\Local\Temp\Shortcut_IMsetup.exe""C:\Users\James\AppData\Local\Temp\WSSetup.exe""C:\Users\James\Downloads\BitTorrent.exe""C:\Users\James\Downloads\cbsidlm-tr1_10a-Spyrix_Free_Keylogger-SEO-75708733.exe""C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733 (1).exe""C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733 (2).exe""C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733.exe""C:\Users\James\Downloads\Elite Keylogger 4.9.exe""C:\Users\James\Downloads\elite_keylogger.exe""C:\Windows\System32\ARFC\wrtc.exe""C:\Windows\System32\autosvr.exe""C:\Windows\System32\WNLT\Installation\WSSetup.exe""C:\Windows\SysWOW64\ARFC\wrtc.exe""C:\Windows\SysWOW64\autosvr.exe""C:\Windows\SysWOW64\WNLT\Installation\WSSetup.exe""E:\Users\James\Downloads\setup.exe" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\TEMP C:\Windows\SysWow64\sfcfiles.dll . . . is missing!! C:\Windows\system32\drivers\ipsec.sys . . . is missing!! C:\Windows\system32\drivers\psched.sys . . . is missing!! ((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-29 )))))))))))))))))))))))))))))))
  9. Ok so I'm having problems with your last tips. For Combo fix, the first time I tried it, it was working well until it got stuck on one step where it was trying to empty the trash can or some files in it and it couldn't because the the recycle bin was corrupt. I had to look up a fix for that and its ok now. But this time when i try to run combfix i get a line that says : Can't write: C:\32788R22FWJFW\pev.3XE Combofix cant finish doing what its doing (or maybe even start at all).
  10. security check Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is disabled!)``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Java 7 Update 40 Java version out of Date! Adobe Flash Player 11.8.800.168 Adobe Reader XI Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent`````````````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  11. adwcleaner log # AdwCleaner v3.005 - Report created 25/09/2013 at 17:33:01# Updated 22/09/2013 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : James - JAMES-PC# Running from : C:\Users\James\Downloads\adwcleaner.exe# Option : Clean ***** [ Services ] ***** [#] Service Deleted : IBUpdaterService ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\ConduitFolder Deleted : C:\Program Files (x86)\Free Offers from Freeze.comFolder Deleted : C:\Windows\SysWOW64\ARFCFolder Deleted : C:\Windows\SysWOW64\jmdpFolder Deleted : C:\Windows\SysWOW64\WNLTFolder Deleted : C:\Users\James\AppData\Local\ConduitFolder Deleted : C:\Users\James\AppData\Local\creFolder Deleted : C:\Users\James\AppData\LocalLow\ConduitFile Deleted : C:\ENDFile Deleted : C:\Windows\System32\dmwu.exeFile Deleted : C:\Windows\System32\ImhxxpComm.dllFile Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\n00gtfom.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\ImInstallerKey Deleted : HKCU\Software\WNLTKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Freeze.comKey Deleted : HKLM\Software\InfoAtomsKey Deleted : HKLM\Software\systweakKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLTKey Deleted : [x64] HKLM\SOFTWARE\WNLT ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v [ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\n00gtfom.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2719 octets] - [25/09/2013 17:32:18]AdwCleaner[s0].txt - [2514 octets] - [25/09/2013 17:33:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2574 octets] ##########
  12. C:\$Recycle.Bin\S-1-5-21-834887272-1993684041-1390076833-1001\$RAY076D\Backup\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE180DN1\WSSetup[1].exe a variant of Win32/Toolbar.Perion.G application C:\$Recycle.Bin\S-1-5-21-834887272-1993684041-1390076833-1001\$RAY076D\Drivers\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE180DN1\WSSetup[1].exe a variant of Win32/Toolbar.Perion.G application C:\$Recycle.Bin\S-1-5-21-834887272-1993684041-1390076833-1001\$RAY076D\en-us\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE180DN1\WSSetup[1].exe a variant of Win32/Toolbar.Perion.G application C:\Qoobox\Quarantine\C\Users\Default\AppData\Roaming\WingSearch\openpotlib.dll.vir a variant of Win32/Adware.Kraddare.GC application C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\WingSearch\openpotlib.dll.vir a variant of Win32/Adware.Kraddare.GC application C:\Users\James\AppData\Local\Temp\Shortcut_IMsetup.exe probably a variant of Win32/SweetIM.C application C:\Users\James\AppData\Local\Temp\WSSetup.exe a variant of Win32/Toolbar.Perion.G application C:\Users\James\Downloads\BitTorrent.exe a variant of Win32/InstallCore.BT application C:\Users\James\Downloads\cbsidlm-tr1_10a-Spyrix_Free_Keylogger-SEO-75708733.exe Win32/DownloadAdmin.G application C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733 (1).exe Win32/DownloadAdmin.G application C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733 (2).exe Win32/DownloadAdmin.G application C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733.exe Win32/DownloadAdmin.G application C:\Users\James\Downloads\Elite Keylogger 4.9.exe a variant of Win32/InstallCore.BA application C:\Users\James\Downloads\elite_keylogger.exe Win32/Toggle.D.Gen application C:\Windows\System32\autosvr.exe a variant of Win32/KeyLogger.EliteKeylogger.AB application C:\Windows\System32\ARFC\wrtc.exe a variant of Win32/Toolbar.Perion.G application C:\Windows\System32\WNLT\Installation\WSSetup.exe a variant of Win32/Toolbar.Perion.G application C:\Windows\SysWOW64\autosvr.exe a variant of Win32/KeyLogger.EliteKeylogger.AB application C:\Windows\SysWOW64\ARFC\wrtc.exe a variant of Win32/Toolbar.Perion.G application C:\Windows\SysWOW64\WNLT\Installation\WSSetup.exe a variant of Win32/Toolbar.Perion.G application E:\Users\James\Downloads\setup.exe a variant of Win32/AirAdInstaller.A application
  13. i didnt save the log when it popped up after the scan.. i pressed the restart button when it urged me to complete the removal process. however, upon rebooting i got the same black desktop screen with a mouse pointer... the very problem at the beginning. i already had to remove malwarebytes in safe mode so i could restart my computer succesfully. do you want me to reinstall and do a scan again to save the log but not remove it? i got the same popup "could not run cleanup.dll from malwarebytes, etc." upon rebooting after uninstallation.
  14. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Y767NGO\WingSearch(20120918)_wingsearch[1].exe a variant of Win32/Adware.Kraddare.GC application C:\Users\Default\AppData\Roaming\WingSearch\openpotlib.dll a variant of Win32/Adware.Kraddare.GC application C:\Users\Guest\AppData\Roaming\WingSearch\openpotlib.dll a variant of Win32/Adware.Kraddare.GC application C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\8ad2ef-525daf42 Win32/TrojanProxy.Bakcorox.A trojan C:\Users\James\Downloads\cbsidlm-tr1_10a-Spyrix_Free_Keylogger-SEO-75708733.exe Win32/DownloadAdmin.G application C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733 (1).exe Win32/DownloadAdmin.G application C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733 (2).exe Win32/DownloadAdmin.G application C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733.exe Win32/DownloadAdmin.G application C:\Users\James\Downloads\Elite Keylogger 4.9.exe a variant of Win32/InstallCore.BA application C:\Users\James\Downloads\elite_keylogger.exe Win32/Toggle.D.Gen application C:\Windows\System32\autosvr.exe a variant of Win32/KeyLogger.EliteKeylogger.AB application C:\Windows\SysWOW64\autosvr.exe a variant of Win32/KeyLogger.EliteKeylogger.AB application E:\Users\James\Downloads\setup.exe a variant of Win32/AirAdInstaller.A application
  15. Farbar Service Scanner Version: 13-09-2013 Ran by James (administrator) on 16-09-2013 at 18:27:40 Running from "C:\Users\James\Downloads" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** ***sorry i i didnt copy + paste the whole thing in the last post
  16. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  17. Farbar Service Scanner Version: 13-09-2013 Ran by James (administrator) on 15-09-2013 at 15:38:59 Running from "C:\Users\James\Downloads" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  18. Farbar Service Scanner Version: 13-09-2013 Ran by James (administrator) on 13-09-2013 at 15:33:37 Running from "C:\Users\James\Downloads" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist. Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  19. Update: Finished the long scan from malwarebytes, ill attach the log. All of the threats were PUPS.[something], there were about 10. I selected all to be removed, and then was urged to restart the computer. Once I restarted I faced the same exact problem I had in the beginning =/ Computer takes a long time on the Welcome screen and then a black screen greets me instead of my desktop loading. I tried rebooting several times and the same thing happened each time. I decided to go into safe mode and uninstall Malwarebytes because that's the solution i used last time. Once I restarted computer back into normal mode after uninstalling my computer went back to normal. HOWEVER, at first the screen was black, then an error message popped up saying it was unable to start the cleanup.dll of malwarebytes. (I'm assuming the PUPS threats were never removed) So, yeah. The problem hasn't been fixed. I'll try running the Farbar scanner now to see what it does. mbam-log-2013-09-12 (17-24-31).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.