Jump to content

Eddwill

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Not really, do you think I should keep any of the two and replace avast too? What do you think is the best free av which works good with mbam? And when you said not much showing up on the logs, was there anything showing? Thanks
  2. My files load up fairly quickly now, and ctrl+alt+delete doesnt take 10 seconds, and no more spinning mouse, it seems to be running fine. What do you reccomend I uninstall as the 2 of my anti viruses? and whats the best combo I can get? And how can I make sure im 100% clean? Can you reccomend any tools to check my pc? thanks
  3. when I did adwarecleaner it found several registry keys, said it would open a report on next reboot but didnt... all I know is they were susp paths...
  4. I'm pretty sure the 2 work together, or is that Internet security with avast as a primary av? Thanks for all the help so far, ill do the scans tommorow because I'm going to sleep. Do you think my computer is clean?
  5. ComboFix 13-10-04.02 - Administrator 06/10/2013 20:45:45.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4060.1392 [GMT 1:00] Running from: c:\users\Family\Downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-09-06 to 2013-10-06 ))))))))))))))))))))))))))))))) . . 2013-10-06 19:56 . 2013-10-06 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-06 19:56 . 2013-10-06 19:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-10-06 19:56 . 2013-10-06 19:56 -------- d-----w- c:\users\Hef\AppData\Local\temp 2013-10-05 12:14 . 2013-10-05 12:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-10-05 12:14 . 2013-10-05 12:14 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-10-05 12:13 . 2013-10-05 12:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-05 12:13 . 2013-10-05 12:13 -------- d-----w- c:\program files (x86)\Java 2013-10-04 21:25 . 2013-10-04 21:25 -------- d-----w- c:\program files (x86)\Common Files\COMODO 2013-10-02 17:47 . 2013-10-02 18:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-09-22 16:42 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-09-22 16:42 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-09-22 16:42 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-09-22 16:42 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-09-22 16:42 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-09-22 16:42 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-09-22 16:42 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-09-22 16:42 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-09-22 16:42 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-09-22 16:41 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr 2013-09-22 16:41 . 2013-09-22 16:41 -------- d-----w- c:\program files\AVAST Software 2013-09-22 16:40 . 2013-09-22 16:41 -------- d-----w- c:\programdata\AVAST Software 2013-09-22 15:07 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys 2013-09-22 15:03 . 2013-09-24 15:50 -------- d-----w- c:\program files\Microsoft Silverlight 2013-09-22 15:03 . 2013-09-24 15:50 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-09-22 15:01 . 2013-09-22 15:01 -------- d-----w- c:\users\Family\AppData\Local\Comodo 2013-09-22 15:00 . 2013-09-23 16:43 -------- d-----w- C:\VTRoot 2013-09-22 14:58 . 2013-09-22 14:59 -------- d-s---w- c:\programdata\Shared Space 2013-09-22 14:58 . 2013-09-22 14:58 -------- d-----w- c:\program files\COMODO 2013-09-22 14:58 . 2013-09-22 14:59 -------- d-----w- c:\programdata\COMODO 2013-09-22 14:58 . 2013-09-22 14:58 -------- d-----w- c:\users\Administrator\AppData\Local\Comodo 2013-09-22 14:58 . 2013-09-22 14:58 56072 ----a-w- c:\windows\system32\certsentry.dll 2013-09-22 14:58 . 2013-09-22 14:58 47368 ----a-w- c:\windows\SysWow64\certsentry.dll 2013-09-22 14:58 . 2013-09-22 14:58 -------- d-----w- c:\program files (x86)\Comodo 2013-09-22 14:58 . 2013-09-22 14:58 -------- d-----w- c:\programdata\Comodo Downloader 2013-09-22 14:57 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E1E6E03-67B2-46AB-AEC6-C830AAD44C1A}\mpengine.dll 2013-09-21 16:40 . 2013-09-21 16:40 -------- d-----w- c:\users\Administrator\AppData\Local\Apple . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-06 13:38 . 2011-07-20 18:24 25640 ----a-w- c:\windows\gdrv.sys 2013-10-05 12:13 . 2012-07-15 20:36 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-10-05 12:13 . 2012-07-15 20:36 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-09-22 16:42 . 2012-09-28 16:09 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-22 16:42 . 2011-07-20 18:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-22 16:28 . 2011-07-19 21:08 79143768 ----a-w- c:\windows\system32\MRT.exe 2013-09-05 09:35 . 2013-09-05 09:35 55504 ----a-w- c:\windows\SysWow64\offreg.dll 2013-08-22 07:40 . 2013-08-22 07:40 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-08-07 03:22 . 2011-07-19 20:57 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-08-02 01:48 . 2013-09-22 15:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-25 09:25 . 2013-08-15 06:09 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-25 08:57 . 2013-08-15 06:09 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58 . 2013-08-15 06:09 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-19 01:41 . 2013-08-15 06:09 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-07-09 05:52 . 2013-08-15 06:09 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 05:51 . 2013-08-15 06:09 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 05:46 . 2013-08-15 06:09 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 05:46 . 2013-08-15 06:09 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 05:46 . 2013-08-15 06:09 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-09 04:52 . 2013-08-15 06:09 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-07-09 04:52 . 2013-08-15 06:09 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-07-09 04:46 . 2013-08-15 06:09 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-07-09 04:46 . 2013-08-15 06:09 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46 . 2013-08-15 06:09 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-07-08 20:59 . 2013-06-18 15:16 708632 ----a-w- c:\windows\system32\drivers\cmdguard.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "AirPort Base Station Agent"="d:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968] "tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-10-01 2327248] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-9-30 49360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) "ForceActiveDesktopOn"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x] R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x] S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x] S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x] S2 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-05 14:50 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 16:42] . 2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20 06:40] . 2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20 06:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1502424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: Interfaces\{B71165DF-4025-46CF-ADE1-E78F7FA6E2C2}: NameServer = 156.154.70.22,156.154.71.22 FF - ProfilePath - c:\users\Administrator\AppData\Roaming\mozilla\firefox\Profiles\vm0dfvfo.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo . . ------- File Associations ------- . regedit=regedit.exe "%1" . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Wow6432Node-HKLM-Run-SpeetItUpFree - c:\program files (x86)\SpeedItup Free\speeditupfree.exe Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-10 - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3114336814-655589602-2515346114-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cc, 00,9e,b8,ef,09,b1,9c,bc,17,8a,68,fd,da "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,96, 6a,f6,60,4e,06,a3,f3,4d,fc,1b,7e,e3,67 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,07, 6e,c3,86,40,0d,a2,e1,92,9a,f7,9f,6d,5a "{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,3b,1b,4d,84,b5, bf,d2,3e,bd,04,b6,52,0f,79,5b,1d,b9,85 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e0, ac,12,5e,35,02,ae,28,04,f3,06,c8,42,e6 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,db, c3,76,f4,37,08,a8,7e,da,65,c7,83,c8,b0 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,47, 32,c5,0b,09,0d,bc,a9,89,e9,61,68,02,88 . [HKEY_USERS\S-1-5-21-3114336814-655589602-2515346114-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:e4,21,e7,96,a7,2f,ce,01 . [HKEY_USERS\S-1-5-21-3114336814-655589602-2515346114-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,7a,93,43,35,54,62,44,97,3f,17,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,86,0f,b7,2c,d6,62,44,a6,df,d7,\ . [HKEY_USERS\S-1-5-21-3114336814-655589602-2515346114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3114336814-655589602-2515346114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3114336814-655589602-2515346114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3114336814-655589602-2515346114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3114336814-655589602-2515346114-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\system\VritualRoot\MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\system\VritualRoot\MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\system\VritualRoot\MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\system\VritualRoot\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) @SACL=(02 0001) @Ace=(0x11) (1) (S-1-16-4096) . [HKEY_LOCAL_MACHINE\system\VritualRoot\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @SACL=(02 0001) @Ace=(0x11) (1) (S-1-16-4096) @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\system\VritualRoot\MACHINE\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\system\VritualRoot\MACHINE\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\system\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @SACL=(02 0001) @Ace=(0x11) (1) (S-1-16-4096) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\system\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @SACL=(02 0001) @Ace=(0x11) (1) (S-1-16-4096) @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\system\VritualRoot\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @SACL=(02 0001) @Ace=(0x11) (1) (S-1-16-4096) @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\system\VritualRoot\USER\S-1-5-21-3114336814-655589602-2515346114-1000\Software\Microsoft\Windows\CurrentVersion\DIFxApp\Components\{010FE46A-E358-43E2-8BDC-38BC8BEC82E0}] @Allowed: (Read) (RestrictedCode) "SymbolicLinkValue"=hex(39c0): "CleanupNeeded"=dword:00000001 "NoRollback"=hex(39c0): . [HKEY_LOCAL_MACHINE\system\VritualRoot\USER\S-1-5-21-3114336814-655589602-2515346114-1000\Software\Microsoft\Windows\CurrentVersion\DIFxApp\Components\{B7D782D2-96DF-4775-A0E1-A76CF7B04B65}] @Allowed: (Read) (RestrictedCode) "SymbolicLinkValue"=hex(39c0): "CleanupNeeded"=dword:00000001 "Reboot"=dword:00000001 "NoRollback"=hex(39c0): . Completion time: 2013-10-06 21:04:42 ComboFix-quarantined-files.txt 2013-10-06 20:04 . Pre-Run: 22,112,018,432 bytes free Post-Run: 23,005,962,240 bytes free . - - End Of File - - 99A5F7834AAA6C71CE22957704BEB258 A36C5E4F47E84449FF07ED3517B43A31
  6. Its running now, but my comodo popped up saying it isolated a file called pv.3xe, no this is not an exe mistake, it said pv.3xe
  7. Would it be possible to skip combo fix? Apparently it can delete some important files. If not I'll go and do it.
  8. Will sure do this, for me it's getting late. I'll do it tommorow morning or after I finish school. Thanks.
  9. Nothing was found with mbam anti rootkit, mabye I'm not ratted, but Im just paranoid, I think something is there,
  10. Have no clue why it picked up roblox as something bad, its a game that my little brother plays and its one of the most popular games on the net. RogueKiller V8.7.0 [sep 30 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Administrator [Admin rights]Mode : Scan -- Date : 10/02/2013 08:04:01| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] RobloxPlayerBeta.exe -- C:\Users\Family\AppData\Local\Roblox\Versions\version-14fe283fc52248e5\RobloxPlayerBeta.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - INTEL SSDSA2MH080G1GC ATA Device +++++--- User ---[MBR] 578c822f527b2bd72300af85d9295655[bSP] 5fea2e5f0a5c7bf1bd936f963f1f8c3e : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - ST31500341AS ATA Device +++++--- User ---[MBR] 79fecce136e0e5d1fda4ac4f13e49bfc[bSP] 9559ba34c192229dc41b953e9df7291b : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_10022013_080401.txt >>RKreport[0]_D_08052013_171442.txt;RKreport[0]_D_08222013_084619.txt;RKreport[0]_D_09222013_164242.txtRKreport[0]_S_08052013_171403.txt;RKreport[0]_S_08052013_171528.txt;RKreport[0]_S_08052013_172148.txtRKreport[0]_S_08052013_173533.txt;RKreport[0]_S_08222013_084505.txt;RKreport[0]_S_08222013_084758.txtRKreport[0]_S_09222013_164223.txt
  11. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2 Run by Administrator at 7:55:51 on 2013-10-02 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4060.1926 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\COMODO\COMODO Internet Security\cistray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe D:\Program Files (x86)\AirPort\APAgent.exe C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\COMODO\COMODO Internet Security\cis.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Family\AppData\Local\Roblox\Versions\version-14fe283fc52248e5\RobloxPlayerBeta.exe C:\Windows\system32\taskeng.exe C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe -update activex mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AirPort Base Station Agent] "d:\Program Files (x86)\AirPort\APAgent.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [speetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.0.1 TCP: Interfaces\{B71165DF-4025-46CF-ADE1-E78F7FA6E2C2} : NameServer = 156.154.70.22,156.154.71.22 TCP: Interfaces\{B71165DF-4025-46CF-ADE1-E78F7FA6E2C2} : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\mozilla\firefox\Profiles\vm0dfvfo.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-22 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-9-22 204880] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-7-19 21544] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-9-22 1030952] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-9-22 378944] R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-6-18 23168] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-6-18 708632] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-9-22 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-22 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-22 46808] R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-9-19 70352] R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-5-29 2094216] R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-9-17 2327248] R2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2011-7-19 68136] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-5 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-5 701512] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2011-7-19 144896] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-5 25928] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-19 325664] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-20 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-20 1255736] . =============== Created Last 30 ================ . 2013-09-24 18:03:08 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO 2013-09-22 16:42:19 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-09-22 16:42:19 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-09-22 16:42:18 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-09-22 16:42:18 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-09-22 16:42:18 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-09-22 16:41:47 41664 ----a-w- C:\Windows\avastSS.scr 2013-09-22 16:41:26 -------- d-----w- C:\Program Files\AVAST Software 2013-09-22 16:40:19 -------- d-----w- C:\ProgramData\AVAST Software 2013-09-22 15:07:24 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-09-22 15:00:50 -------- d--h--w- C:\VTRoot 2013-09-22 14:58:54 -------- d-s---w- C:\ProgramData\Shared Space 2013-09-22 14:58:39 -------- d-----w- C:\Program Files\COMODO 2013-09-22 14:58:34 -------- d-----w- C:\ProgramData\COMODO 2013-09-22 14:58:18 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo 2013-09-22 14:58:11 56072 ----a-w- C:\Windows\System32\certsentry.dll 2013-09-22 14:58:11 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll 2013-09-22 14:58:06 -------- d-----w- C:\Program Files (x86)\Comodo 2013-09-22 14:58:01 -------- d-----w- C:\ProgramData\Comodo Downloader 2013-09-22 14:57:37 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5E1E6E03-67B2-46AB-AEC6-C830AAD44C1A}\mpengine.dll 2013-09-21 16:40:52 -------- d-----w- C:\Users\Administrator\AppData\Local\Apple 2013-09-05 09:35:06 55504 ----a-w- C:\Windows\SysWow64\offreg.dll . ==================== Find3M ==================== . 2013-10-02 06:37:39 25640 ----a-w- C:\Windows\gdrv.sys 2013-09-22 16:42:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-22 16:42:33 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-08-22 07:40:52 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys 2013-08-07 03:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll 2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-07-08 20:59:52 708632 ----a-w- C:\Windows\System32\drivers\cmdguard.sys 2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 7:56:46.78 ===============
  12. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 19/07/2011 21:39:03System Uptime: 02/10/2013 07:37:27 (0 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | EG41MFT-US2HProcessor: Intel® Core2 Quad CPU Q9450 @ 2.66GHz | Socket 775 | 2667/333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 74 GiB total, 19.805 GiB free.D: is FIXED (NTFS) - 1397 GiB total, 1395.286 GiB free.Z: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP272: 22/09/2013 17:20:47 - Windows UpdateRP273: 22/09/2013 17:41:19 - avast! Free Antivirus SetupRP274: 23/09/2013 21:24:50 - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.7)Adobe Shockwave Player 11.6AirPortApple Mobile Device SupportApple Software Updateavast! Free AntivirusBonjourCOMODO AntivirusComodo DragonDefinition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionEnergy Saver Advance B9.0904.1EVEREST Ultimate Edition v5.00GeekBuddyGoogle ChromeGoogle Update HelperIntel® Control CenterIntel® Graphics Media Accelerator DriverJava 7 Update 25Java Auto UpdaterJavaFX 2.1.1Lagarith lossless video codec (Remove Only)Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft IntelliPoint 8.1Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mozilla Firefox 5.0 (x86 en-GB)ON_OFF Charge B10.0427.1PowerISOQuickTimeRealtek Ethernet Controller Driver For Windows 7Realtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
  13. A while ago I tried removing a backdoor ( fynloski.a ) and I was satisfied I had removed it, mabye I've been re-infected, cursor is always spinning, 10 seconds to open up folders, Internet is fine though. But something is 100% wrong because when I was doing my routine of several programs, roguekiller terminated 2 fake svchosts, I use avast, comodo, and mbam, and they work well. Any idea what I might be infected with? I can't do the steps until 2nd of October after at around 16:30, so be patient please, thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.