Jump to content

MissionsEdge

Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by MissionsEdge

  1. Well, the laptop was stolen yesterday. If I get it back I will be back. If not, then thanks for the help.
  2. Covenant Eyes is a program that tracks what sites I visit and then sends them out to people I select. It is a way of helping me guard my eyes from viewing pornography.
  3. The 'list restore points' was not an option to tick. The log is attached. Result.txt
  4. I have run everything and the logs are below. The one with (2) is the most recent log.I have tried video on youtube and it still won't play quite right. Though it has done a little better - emphasis on a little. Also downloading things is still an issue. _Windows_Repair_Log (2).txt _Windows_Repair_Log.txt
  5. I downloaded the Adobe Reader on my machine and of coarse it gave an error when trying to run. So I downloaded it on my wife's machine and moved it over. When I run it now nothing happens. It asks if I am sure if I want to run it and then...nothing. So that didn't get fixed. My flash player is up to date. I ran the Services Repair and the log is having trouble attaching. So I had to open the file and click on save as and save it as the same file name but a different location. I ran FSS and the log is attached. It updated and then wouldn't run saying it wasn't a Win32 application. I ran the older version. FRST.txt SvcRepair.log
  6. The upload screen looked different last time. This should do it. Also I had issues running the SecurityCheck software after downloading it on my machine and a restart didn't fix it. There was a message about the file being corrupted or something like that. I had to use my wife's computer to download. checkup.txt
  7. Here is the log. I feel my computer should be running well but the video issue and some other small things are still persistent. If it isn't malware, do you have any suggestions of places I might go on the web to figure these issues out? By the way, thank you so much for your help! I really appreciate it.
  8. Here is the script error. Hopefully it is bigger. Also the downloads failing is troubling. It doesn't appear to be malware according to your last post. I tried watching video on YouTube and it worked for about 30 seconds and then it freezes and won't play even though it has loaded. I am very curious as to what is causing this.
  9. I ran both programs and the logs are attached. I had to download them both to my wife's computer because Cureit wouldn't run after I downloaded from my machine. Also, I had to run Rogue Killer twice because the first time it didn't save the report automatically. Instead I figured out I had to click on the report button. RKreport_SCN_07012014_004344.log cureit.log
  10. I ran the combo fix. The log is attached. It said that Norton 360 was active but I know it wasn't. I tried to turn it off even more but when I clicked ok it said that Norton was still running and that it would go ahead and that I have been warned. It doesn't appear anything drastic happened though. So that is good. As for the ESET virus scan I had issues. I went there and it did exactly as you said it would until I clicked install the active x and it gave an error message of sorts. That is attached below. After hitting retry, noting happened for some time. Also the script error is still present. Actually the combofix log can't be attached for some reason. So I have pasted the text below. ComboFix 14-06-27.01 - EDGE 06/30/2014 8:53.2.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.6035 [GMT 3:00]Running from: c:\users\EDGE\Desktop\ComboFix.exeCommand switches used :: c:\users\EDGE\Desktop\CFScript.txtAV: Norton 360 *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}SP: Norton 360 *Enabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\EDGE\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb02rqr.dll..((((((((((((((((((((((((( Files Created from 2014-05-28 to 2014-06-30 )))))))))))))))))))))))))))))))..2014-06-30 06:04 . 2014-06-30 06:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-06-30 06:04 . 2014-06-30 06:04 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-29 06:20 . 2010-08-30 05:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-06-29 06:19 . 2014-06-29 06:25 -------- d-----w- C:\AdwCleaner2014-06-28 20:13 . 2014-06-28 20:15 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-06-28 20:12 . 2014-06-28 20:12 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-06-28 20:12 . 2014-05-12 04:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-06-28 20:12 . 2014-05-12 04:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-06-28 20:12 . 2014-05-12 04:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-06-28 14:47 . 2014-06-29 06:04 -------- d-----w- C:\FRST2014-06-14 04:56 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2014-06-14 04:56 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS2014-06-14 04:39 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll2014-06-14 04:39 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll2014-06-14 04:33 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll2014-06-14 04:33 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll2014-06-14 04:33 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll2014-06-14 04:33 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml3r.dll2014-06-14 04:33 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll2014-06-14 04:33 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll2014-06-14 04:33 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll2014-06-14 04:33 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll2014-06-14 04:20 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll2014-06-14 04:20 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll2014-06-04 05:21 . 2014-06-19 07:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-06-16 04:28 . 2012-06-30 02:12 95414520 ----a-w- c:\windows\system32\MRT.exe2014-05-06 04:40 . 2014-05-16 13:12 23544320 ----a-w- c:\windows\system32\mshtml.dll2014-05-06 04:17 . 2014-05-16 13:12 2724864 ----a-w- c:\windows\system32\mshtml.tlb2014-05-06 03:07 . 2014-05-16 13:12 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-05-06 03:00 . 2014-05-16 13:12 84992 ----a-w- c:\windows\system32\mshtmled.dll2014-04-14 23:34 . 2014-04-14 23:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2014-04-12 02:22 . 2014-05-15 01:30 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys2014-04-12 02:22 . 2014-05-15 01:30 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2014-04-12 02:19 . 2014-05-15 01:30 29184 ----a-w- c:\windows\system32\sspisrv.dll2014-04-12 02:19 . 2014-05-15 01:30 136192 ----a-w- c:\windows\system32\sspicli.dll2014-04-12 02:19 . 2014-05-15 01:30 28160 ----a-w- c:\windows\system32\secur32.dll2014-04-12 02:19 . 2014-05-15 01:30 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-04-12 02:19 . 2014-05-15 01:30 31232 ----a-w- c:\windows\system32\lsass.exe2014-04-12 02:12 . 2014-05-15 01:30 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-04-12 02:10 . 2014-05-15 01:30 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2014-04-08 09:28 . 2014-04-08 09:28 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"iFunBox Price Watch"="c:\program files (x86)\iFunbox 2014\iFunBox2014.exe" [2013-11-26 7748096]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-12 2068856].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"NMSVC"="c:\program files (x86)\CE\CovenantEyes.exe" [2012-10-22 2433832]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-12 2068856]"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992].c:\users\EDGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\EDGE\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2014-4-14 1107296].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 1079584].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"SynchronousMachineGroupPolicy"= 0 (0x0)"SynchronousUserGroupPolicy"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001.R2 airtel mobile broadband. RunOuc;airtel mobile broadband. OUC;c:\program files (x86)\airtel mobile broadband\UpdateDog\ouc.exe;c:\program files (x86)\airtel mobile broadband\UpdateDog\ouc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMEFA64.SYS [x]S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [x]S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140613.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140613.001\IDSvia64.sys [x]S1 networx;networx;c:\windows\system32\drivers\networx.sys;c:\windows\SYSNATIVE\drivers\networx.sys [x]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1503000.00C\SYMNETS.SYS [x]S2 Auth Service;Auth Service;c:\windows\system32\authServer.exe;c:\windows\SYSNATIVE\authServer.exe [x]S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.3.0.12\N360.exe;c:\program files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [x]S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys;c:\windows\SYSNATIVE\DRIVERS\enecirhid.sys [x]S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys;c:\windows\SYSNATIVE\DRIVERS\enecirhidma.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-06-14 10:12 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 19:10].2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10 07:10].2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10 07:10].2014-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2165792265-1873194787-1899886707-1002Core.job- c:\users\EDGE\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-23 14:41].2014-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2165792265-1873194787-1899886707-1002UA.job- c:\users\EDGE\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-23 14:41]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"NetWorx"="c:\program files\NetWorx\networx.exe" [2013-10-26 5019344].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\nvinitx.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/ig?hl=enmLocal Page = c:\windows\system32\blank.htmuInternet Settings,ProxyOverride = <local>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.htmlIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmLSP: CESpy.dllTCP: DhcpNameServer = 41.190.192.172DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CABFF - ProfilePath - c:\users\EDGE\AppData\Roaming\Mozilla\Firefox\Profiles\dbg3waf9.default\FF - prefs.js: browser.startup.homepage - www.google.comFF - ExtSQL: 2014-05-01 23:28; {170503FA-3349-4F17-BC86-001888A5C8E2}; c:\users\EDGE\AppData\Roaming\Mozilla\Firefox\Profiles\dbg3waf9.default\extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"--.[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1""ImagePath"="\SystemRoot\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS""TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.3.0.12;c:\program files (x86)\Norton 360\Engine64\21.3.0.12".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.12".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exec:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe.**************************************************************************.Completion time: 2014-06-30 09:13:09 - machine was rebootedComboFix-quarantined-files.txt 2014-06-30 06:13ComboFix2.txt 2014-06-29 17:52.Pre-Run: 200,380,260,352 bytes freePost-Run: 200,055,033,856 bytes free.- - End Of File - - 10DD5B2ED4F2A6C3CAFB3289C1DA4745
  11. The file uploader is back to normal. Here is the Adware log and picture of the script error (present before combofix). AdwCleanerS0.txt
  12. Here is another file. I am not sure why the file uploader has changed. Fixlog.txt
  13. Ok so I have done this. I had to use my wife's computer to download Combofix as my computer's download wouldn't run. I also forgot to mention something. There is a script error that keeps showing up. It shows up even when I am not running a browser or surfing the net. I have included a picture of it. Also, below it will only allow me to upload 2 files so I will reply with one more message with two attachments. ComboFix.txt
  14. Here are the logs. I ran the scan and the fix. When I run the fix I get a message from a program - Covenant Eyes (a program that monitors all my internet sites visited and runs in the background) - telling me it has been deleted and re-installed automatically and that the computer will restart in 30 seconds. It did this the first time I ran the fix. But again, the logs are attached from the scan and fix. FRST.txt Fixlog.txt
  15. I downloaded RKill, the first button @bleepingcomputer, and put the download in my desktop. I then tried to run it but it says it is not a Win32 application. I haven't had this problem in a long time but this makes twice now today. Any thoughts?
  16. So I did all of this except to run the farbar scanner. I downloaded it and tried to install but it said it was not a valid Win32 application. I ran FRST and hit the fix button the log is attached. I have an older copy of malwarebytes - something like version 1.75 and some change. Its definitions were 450 days old. I changed the settings as you requested. Then I tried to update it as instructed. It got to 99% and then started over at 0% automatically. It did this 7 times before I stopped it. I downloaded the most recent version of MBAM onto my wife's computer and then moved the setup file onto my machine. I uninstalled MBAM and then installed the most updated version. Once that was done I could not find the settings you were discussing. So I ran the scan anyways and it found 2 files and they got quarantined. The log is attached (I saved a log before and after quarantine - this log is after). Again the last step proved impossible. Fixlog.txt 2014-06-28 Malwarebytes scan 2.txt
  17. I don't really use Firefox. I mainly use Chrome and from time to time I use IE. But I am happy to turn it off or delete.
  18. I have a Toshiba Satelite intel core i7, Windows 7 x64. For a few months now my machine has been acting up. 1. iTunes will not sync with my phone very well. I have done everything I can think of to fix it. It feels like malware but it may not be. 2. Video from youtube, hulu, netflix, and other sites will either play for a little bit and then quit or have an error or sorts or just won't play. It is rather frustrating. 3. Downloads will frequently be interupted and when they do complete then they might not work because it says they are corrupted. My copy of MBAM wouldn't install after I downloaded it. I had to have a copy from my wife's machine put onto mine to install. Even now it won't update - it will get to 99% and then just quit giving a program error. 4. My internet has trouble connecting to modems and routers. Many times it will be fine and then after it goes to sleep it will take a troubleshoot to connect. I have downloaded and run farbar and have both files attached. I hope we can get this problem resolved. Addition.txt FRST.txt
  19. I am working on this. I am using my external hard drive as a usb jump drive and I cannot format it. So I am trying to find a jump drive I can format.
  20. I have tried this. I got the command window open in repair mode and it gave the same message as before. What can I try now?
  21. Greetings. Thanks for helping me with this. I know my wife's machine is windows 7 x64. However, the FRST64 would not run on her machine. When I tried to run it on her machine, I got this message "c:\users\EDGE\desktop\frst64.exe is not a valid Win32 application". So I tried the 32 bit version and I get the same message. Where should I go from here?
  22. My wife's Windows 7 x64 Toshiba computer has stopped suddenly connecting to the internet. The wifi monitor in the lower right hand corner of the screen says it is connected to a network and has access to internet. However, no browser will connect to the internet. It was working fine and then all of a sudden about 3 days ago it quit working. I have tried various removal services but nothing has worked. It feels like a virus or malware but I have no idea what it is. I have had her run logs and here they are. attach.txt dds.txt
  23. My wife's Windows 7 x64 Toshiba computer has stopped suddenly connecting to the internet. The wifi monitor in the lower right hand corner of the screen says it is connected to a network and has access to internet. However, no browser will connect to the internet. It was working fine and then all of a sudden about 3 days ago it quit working. I have tried various removal services but nothing has worked. It feels like a virus or malware but I have no idea what it is. I have had her run logs and here they are. Please help! attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.