Jump to content

Trooper_Shock

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Trooper_Shock
    Thanks Adam! I am so thankful for your help! I'm glad people like you are helping so many people out! I will try to make sure I don't run into any more viruses while I surf the web! Happy Holidays! -Dax
  2. Trooper_Shock
    Okay, Java is uninstalled and here is the Security Check Checkup: Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 2.0.3.1025 Adobe Flash Player 16.0.0.235 Adobe Reader XI Google Chrome (39.0.2171.71) Google Chrome (39.0.2171.95) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  3. Trooper_Shock
    I have completed all steps to step 3. However when I try to run Java Control Panel a screen will briefly appear and then disappear. As for how my computer runs, it has already shown major improvements! Thanks for all your help so far! Here are the results of the FRST fix: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014Ran by Dax at 2014-12-18 19:31:04 Run:2Running from C:\Users\Dax\Downloads\FRST-OlderVersionLoaded Profiles: Dax & Parker (Available profiles: Dax & Parker)Boot Mode: Normal============================================== Content of fixlist:*****************startC:\$RECYCLE.BIN\S-1-5-21-2800673357-853013121-2299416948-1000\$R6WBO18C:\$RECYCLE.BIN\S-1-5-21-2800673357-853013121-2299416948-1000\$RF9M1N8C:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\glgnlmfoninngjlnekapkpknehobdbknC:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\hfeppchlkbnhnabkmdbgfppgggpmmgfgC:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\jfgkhdllihigkpbacgceimhpfcpijfjlC:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\jnbheadbnhadecceclkpdkghadocilgeC:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\mpincfnchjbkefadchbhpnhfobgcbgiiC:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\plellciaeinkknhinnpljmecidjgnjfnC:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\pncolkimahpljhjhjgholhcfioaacbjoC:\Users\Dax\AppData\LocalLow\A_Free_Ride_Games_BarC:\Users\Dax\AppData\Roaming\wabEventSupport16EmptyTemp:end***************** C:\$RECYCLE.BIN\S-1-5-21-2800673357-853013121-2299416948-1000\$R6WBO18 => Moved successfully.C:\$RECYCLE.BIN\S-1-5-21-2800673357-853013121-2299416948-1000\$RF9M1N8 => Moved successfully.C:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\glgnlmfoninngjlnekapkpknehobdbkn => Moved successfully.C:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\hfeppchlkbnhnabkmdbgfppgggpmmgfg => Moved successfully.C:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\jfgkhdllihigkpbacgceimhpfcpijfjl => Moved successfully.C:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\jnbheadbnhadecceclkpdkghadocilge => Moved successfully.C:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\mpincfnchjbkefadchbhpnhfobgcbgii => Moved successfully.C:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\plellciaeinkknhinnpljmecidjgnjfn => Moved successfully.C:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Users\pncolkimahpljhjhjgholhcfioaacbjo => Moved successfully.C:\Users\Dax\AppData\LocalLow\A_Free_Ride_Games_Bar => Moved successfully.C:\Users\Dax\AppData\Roaming\wabEventSupport16 => Moved successfully.EmptyTemp: => Removed 461.4 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
  4. Trooper_Shock
    Alright, they are all done! Here they are: # AdwCleaner v4.105 - Report created 13/12/2014 at 22:28:49# Updated 08/12/2014 by Xplode# Database : 2014-12-13.4 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Dax - DAX-PC# Running from : C:\Users\Dax\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** Service Deleted : c2cautoupdatesvcService Deleted : c2cpnrsvc ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AskFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\SystweakFolder Deleted : C:\ProgramData\ytd video downloaderFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloaderFolder Deleted : C:\Program Files (x86)\Application UpdaterFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\MobogenieFolder Deleted : C:\Users\Dax\AppData\Local\apnFolder Deleted : C:\Users\Dax\AppData\Local\BabylonFolder Deleted : C:\Users\Dax\AppData\Local\ConduitFolder Deleted : C:\Users\Dax\AppData\Local\genienextFolder Deleted : C:\Users\Dax\AppData\Local\MobogenieFolder Deleted : C:\Users\Dax\AppData\Local\CrashRptFolder Deleted : C:\Users\Dax\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Dax\AppData\LocalLow\ConduitEngineFolder Deleted : C:\Users\Dax\AppData\Roaming\SystweakFolder Deleted : C:\Users\Dax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MobogenieFolder Deleted : C:\Users\Dax\Documents\MobogenieFolder Deleted : C:\Users\Parker\AppData\Roaming\SystweakFolder Deleted : C:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl[x] Not Deleted : C:\Windows\System32\roboot64.exeFile Deleted : C:\Users\Dax\daemonprocess.txt ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller\FileParade bundle uninstaller.lnk ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAddValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\systweakKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\conduitEngineKey Deleted : HKLM\SOFTWARE\BabylonKey Deleted : HKLM\SOFTWARE\ConduitKey Deleted : HKLM\SOFTWARE\systweakKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobogenieKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0FKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Google Chrome v39.0.2171.95 -\\ Chromium v ************************* AdwCleaner[R0].txt - [5336 octets] - [13/12/2014 22:25:42]AdwCleaner[s0].txt - [5305 octets] - [13/12/2014 22:28:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5365 octets] ########## MyEsetScan.txt FRST scan #3.txt Addition FRST scan #3.txt
  5. Trooper_Shock
    Hi Adam, i just downloaded and started the scan for adwcleaner. sorry for the delay. I will get back to you with the info in a jiffy!
  6. Trooper_Shock
    Alright, here is the RKreport: RogueKiller V10.0.9.0 (x64) [Dec 8 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Dax [Administrator]Mode : Scan -- Date : 12/10/2014 16:52:51 ¤¤¤ Processes : 1 ¤¤¤[suspicious.Path] Curse.exe -- C:\Users\Dax\AppData\Roaming\Curse Client\Bin\Curse.exe[7] -> Killed [TermProc] ¤¤¤ Registry : 15 ¤¤¤[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | mobilegeni daemon : C:\Program Files (x86)\Mobogenie\DaemonProcess.exe -> Found[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2800673357-853013121-2299416948-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2800673357-853013121-2299416948-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤[suspicious.Path][File] Curse.lnk -- C:\Users\Dax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [LNK@] C:\Users\Dax\AppData\Roaming\CURSEC~1\Bin\Curse.exe /startup -> Found ¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++--- User ---[MBR] 3b2b43ae2a63bcb052ff8f9e8f9ed418[bSP] 8cce1324f39ad24395afca674bf41337 : HP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 14618 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30019584 | Size: 939210 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )
  7. Trooper_Shock
    I got the fix log and i was able to delete "A Free Ride Games Bar" "Conduit Engine" "free rides game player" and "YTD toolbar" but was unable to find and delete "Mobogenie." I know "Mobogenie" is connected to "Raidcall" which I use to chat with some friends. Should I delete "Raidcall" or continue the steps you have already given? Here is the fix log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02 Ran by Dax at 2014-12-07 19:55:51 Run:1Running from C:\Users\Dax\DownloadsLoaded Profile: Dax (Available profiles: Dax & Parker)Boot Mode: Normal============================================== Content of fixlist:*****************startCloseProcesses:HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-2800673357-853013121-2299416948-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-2800673357-853013121-2299416948-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONURLSearchHook: HKLM-x32 - (No Name) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - No FileSearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1320680SearchScopes: HKU\S-1-5-21-2800673357-853013121-2299416948-1000 -> {9448CCC9-8E8D-4637-AA51-71BA5C3CC938} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}SearchScopes: HKU\S-1-5-21-2800673357-853013121-2299416948-1000 -> {9D4BA016-9AFA-4206-A773-BD46A463EFD3} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10266&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^US&apn_uid=fb1c9d47-bd1b-4f55-84cd-d82da17d52e0&apn_sauid=200A3866-CD96-400E-AE44-2C735BF82559SearchScopes: HKU\S-1-5-21-2800673357-853013121-2299416948-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1320680BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No FileFilter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No FileFF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileC:\Program Files (x86)\Pando NetworksCHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No PathS3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]2014-11-12 17:05 - 2014-11-12 17:05 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieBrowserModeListFolder: C:\ProgramData\B5F9D6B23B0B5B50D342EB8FC01A051DC:\Windows\SysWOW64\config\systemprofile\AppData\Local\{9af037cc-f32e-75fc-ffea-c43a048d51e2}C:\Users\Dax\AppData\Local\Temp\spetdwpCustomCLSID: HKU\S-1-5-21-2800673357-853013121-2299416948-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No File PathTask: {CDD36156-F3BD-4D23-A8C4-47E6D1112896} - System32\Tasks\{F13D3A1D-48A8-435B-8FEE-301CC80F5B04} => C:\Users\Dax\AppData\Local\7f7c434a-9ce1-480e-a292-2fd6220cd967ad\fcaceeafdcdad.exeC:\Users\Dax\AppData\Local\7f7c434a-9ce1-480e-a292-2fd6220cd967adCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end***************** Processes closed successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully."HKU\S-1-5-21-2800673357-853013121-2299416948-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully."HKU\S-1-5-21-2800673357-853013121-2299416948-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\S-1-5-21-2800673357-853013121-2299416948-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{f92a9fe4-2850-4198-b9d5-279880e49b16} => value deleted successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => Key deleted successfully."HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key not found."HKU\S-1-5-21-2800673357-853013121-2299416948-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9448CCC9-8E8D-4637-AA51-71BA5C3CC938}" => Key deleted successfully."HKCR\CLSID\{9448CCC9-8E8D-4637-AA51-71BA5C3CC938}" => Key not found."HKU\S-1-5-21-2800673357-853013121-2299416948-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D4BA016-9AFA-4206-A773-BD46A463EFD3}" => Key deleted successfully."HKCR\CLSID\{9D4BA016-9AFA-4206-A773-BD46A463EFD3}" => Key not found."HKU\S-1-5-21-2800673357-853013121-2299416948-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully."HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key not found."HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key deleted successfully."HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => Key not found."HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => Key deleted successfully."HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}" => Key not found."HKLM\Software\Wow6432Node\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0" => Key deleted successfully.C:\Program Files (x86)\Free Ride Games\npExentCtl.dll => Moved successfully."HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.C:\Program Files (x86)\Pando Networks => Moved successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.EagleX64 => Service deleted successfully.C:\Users\Dax\AppData\Local\EmieBrowserModeList => Moved successfully. ========================= Folder: C:\ProgramData\B5F9D6B23B0B5B50D342EB8FC01A051D ======================== 2014-11-08 17:10 - 2014-11-08 20:27 - 0000785 _____ () C:\ProgramData\B5F9D6B23B0B5B50D342EB8FC01A051D\TraceIDE.log ====== End of Folder: ====== C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{9af037cc-f32e-75fc-ffea-c43a048d51e2} => Moved successfully.C:\Users\Dax\AppData\Local\Temp\spetdwp => Moved successfully."HKU\S-1-5-21-2800673357-853013121-2299416948-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDD36156-F3BD-4D23-A8C4-47E6D1112896}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDD36156-F3BD-4D23-A8C4-47E6D1112896}" => Key deleted successfully.C:\Windows\System32\Tasks\{F13D3A1D-48A8-435B-8FEE-301CC80F5B04} => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F13D3A1D-48A8-435B-8FEE-301CC80F5B04}" => Key deleted successfully.C:\Users\Dax\AppData\Local\7f7c434a-9ce1-480e-a292-2fd6220cd967ad => Moved successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Global, OK!Reseting Interface, OK!Reseting Route, OK!Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reseting Interface, OK!Reseting Unicast Address, OK!Reseting Route, OK!Restart the computer to complete this action. ========= End of CMD: ========= EmptyTemp: => Removed 5.4 GB temporary data. The system needed a reboot. ==== End of Fixlog ====
  8. Trooper_Shock
    The scans have finished. here are the results: ComboFix scan: ComboFix 14-12-07.01 - Dax 12/07/2014 15:21:11.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4091 [GMT -8:00]Running from: c:\users\Dax\Downloads\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Microsoft\Windows\DRM\6B24.tmpc:\programdata\Microsoft\Windows\DRM\6E04.tmpc:\users\Dax\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dllc:\windows\msdownld.tmp..CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.You should verify if current CLSID data is correct: .HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}.HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32 (Default) REG_SZ c:\windows\system32\thumbcache.dll ThreadingModel REG_SZ Apartment.HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32.HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\.((((((((((((((((((((((((( Files Created from 2014-11-08 to 2014-12-08 )))))))))))))))))))))))))))))))..2014-12-08 01:08 . 2014-12-08 01:08 -------- d-----w- c:\users\Public\AppData\Local\temp2014-12-08 01:08 . 2014-12-08 01:08 -------- d-----w- c:\users\Parker\AppData\Local\temp2014-12-08 01:08 . 2014-12-08 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp2014-12-03 03:58 . 2014-12-03 04:01 -------- d-----w- C:\FRST2014-11-20 02:30 . 2014-11-20 02:30 -------- d-----w- c:\program files\iPod2014-11-20 02:30 . 2014-11-20 02:34 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A72014-11-20 02:30 . 2014-11-20 02:34 -------- d-----w- c:\program files\iTunes2014-11-20 02:30 . 2014-11-20 02:34 -------- d-----w- c:\program files (x86)\iTunes2014-11-19 01:52 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll2014-11-19 01:52 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll2014-11-19 01:52 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll2014-11-19 01:52 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll2014-11-16 07:09 . 2014-11-16 07:09 -------- d-----w- c:\program files (x86)\NVIDIA Corporation2014-11-16 07:09 . 2014-11-16 07:09 -------- d-----w- c:\program files (x86)\AGEIA Technologies2014-11-13 01:05 . 2014-11-13 01:05 -------- d-sh--w- c:\users\Dax\AppData\Local\EmieBrowserModeList2014-11-12 04:02 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll2014-11-12 04:01 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll2014-11-12 04:01 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2014-11-09 01:10 . 2014-11-09 01:10 -------- d-----w- c:\programdata\B5F9D6B23B0B5B50D342EB8FC01A051D2014-11-09 01:06 . 2014-11-09 01:10 -------- d-----w- c:\users\Dax\AppData\Local\gamemaker_studio2014-11-09 01:06 . 2014-11-09 01:06 -------- d-----w- c:\programdata\gamemaker_studio2014-11-08 22:14 . 2014-11-08 22:14 -------- d-----w- c:\users\Dax\AppData\Roaming\fltk.org2014-11-08 22:14 . 2014-11-08 22:14 -------- d-----w- c:\programdata\fltk.org...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-12-03 02:42 . 2014-07-03 09:54 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-11-26 03:29 . 2012-04-01 05:16 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-11-26 03:29 . 2011-07-26 07:57 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-11-12 05:55 . 2011-07-08 01:16 103374192 ----a-w- c:\windows\system32\MRT.exe2014-11-04 22:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe2014-11-02 04:20 . 2014-12-06 08:23 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74A9CE1A-F457-4835-90EC-1881DEE04615}\mpengine.dll2014-10-14 22:09 . 2013-05-07 22:34 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys2014-10-14 22:09 . 2013-03-29 03:46 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys2014-10-14 22:09 . 2013-03-29 03:46 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys2014-10-01 18:11 . 2014-07-03 09:53 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-10-01 18:11 . 2014-07-03 09:53 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-10-01 18:11 . 2013-06-17 21:06 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-09-25 02:08 . 2014-09-30 22:10 371712 ----a-w- c:\windows\system32\qdvd.dll2014-09-25 01:40 . 2014-09-30 22:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll2014-09-09 22:11 . 2014-09-23 22:14 2048 ----a-w- c:\windows\system32\tzres.dll2014-09-09 21:47 . 2014-09-23 22:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-26 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-19 703736]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2014-03-01 775872]"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2011-06-22 4837808].c:\users\Dax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk - c:\users\Dax\AppData\Roaming\Curse Client\Bin\Curse.exe /startup [2014-5-23 6142728].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"wave2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 CXPLRCAP;Capture Device;c:\windows\system32\drivers\CxPlrCap.sys;c:\windows\SYSNATIVE\drivers\CxPlrCap.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys;c:\windows\SYSNATIVE\drivers\hitmanpro36.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [x]R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]start [bU].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-11-27 00:12 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:29].2014-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 01:58].2014-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 01:58]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560].------- Supplementary Scan -------.uStart Page = https://www.google.com/uLocal Page = c:\windows\system32\blank.htmTCP: DhcpNameServer = 192.168.1.254..------- File Associations -------.JSEFile=NOTEPAD.EXE "%1".- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-{199DC582-663B-46BB-A6BB-2115193364E7} - (no file)Wow6432Node-HKCU-Run-{694A76D2-2C33-42B7-94E4-7FB900050370} - (no file)Wow6432Node-HKCU-Run-Mozilla Tray - c:\users\Dax\AppData\Local\Mozilla\rlgrujphca.dllWow6432Node-HKCU-Run-{3CA72574-2421-4B80-992B-654883D4F148} - (no file)Wow6432Node-HKCU-Run-{1A204769-544F-4E9B-8C01-ABD1DD649CEE} - (no file)Wow6432Node-HKCU-Run-{05F5278C-078B-45C1-9D8F-B68407270FEE} - (no file)Wow6432Node-HKCU-Run-{174DC19A-EC9E-4ED9-9396-1069BD044F3C} - (no file)Wow6432Node-HKCU-Run-Mxbrbmekqb - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exeAddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b"{F92A9FE4-2850-4198-B9D5-279880E49B16}"=hex:51,66,7a,6c,4c,1d,38,12,8a,9c,39, fd,62,66,f6,04,c6,c3,64,d8,85,ba,df,02"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea, 34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b"{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed, f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7, 23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a, 34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1, 79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:98,8d,13,4b,a4,68,cd,01.[HKEY_USERS\S-1-5-21-2800673357-853013121-2299416948-1000\Software\SecuROM\License information*]@Allowed: (Read) (RestrictedCode)"datasecu"=hex:a7,c7,2c,f1,09,5f,07,ed,c0,e7,db,d2,68,a0,62,4f,69,c9,39,88,0c, 68,04,32,1a,63,a4,44,ea,bf,86,9c,8a,16,42,b9,8b,8d,b1,a9,4a,9c,3b,69,37,b1,\"rkeysecu"=hex:6a,d1,27,b2,dd,a6,5b,3d,04,16,a0,f4,93,92,f1,f1.[HKEY_USERS\S-1-5-21-2800673357-853013121-2299416948-1000_Classes\clsid\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]@Allowed: (B 1 2 3 5) (S-1-5-21-2800673357-853013121-2299416948-1000).[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.15".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Avira\AntiVir Desktop\avguard.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXEc:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEc:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe.**************************************************************************.Completion time: 2014-12-07 17:17:39 - machine was rebootedComboFix-quarantined-files.txt 2014-12-08 01:17ComboFix2.txt 2013-06-17 22:14.Pre-Run: 286,881,050,624 bytes freePost-Run: 331,248,615,424 bytes free.- - End Of File - - DFD4472783D3954409A673B7FB8380095C616939100B85E558DA92B899A0FC36 Thank you for your patience! FRST scan #2.txt Addition FRST scan #2.txt
  9. Trooper_Shock
    I unticked enable real-time protection on Avira antivirus but combo fix still sent me a warning: ComboFix has detected the following real time scanner(s) to be active antivirus: Avira desktop antispywear: Avira desktop It then went on saying that these may cause problems and cause damages to my computer and prompted me to only press "OK" when these scanners have been disabled. Is their anything further I must do before running this. I will currently turn Avira back on until further notice so any virus cant harm my computer further.
  10. Trooper_Shock
    I'm sorry for the long wait. I have been very busy this week and unfortunately do not have times to preform the procedure tonight. Thank you for your help. and I will complete these steps tomorrow if possible. I really am sorry for the delay. Thank you for all your help and patience!
  11. Trooper_Shock
    Hello Adam! Thanks for your reply! Here is all the scans you asked for! Malwarebytes: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/2/2014 Scan Time: 6:47:46 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.12.03.02 Rootkit Database: v2014.12.02.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Dax Scan Type: Threat Scan Result: Completed Objects Scanned: 385298 Time Elapsed: 53 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) I appreciate the Help! FRST scan #1.txt Addition FRST scan #1.txt TDSSKiller.3.0.0.41_02.12.2014_20.16.00_log.txt
  12. Trooper_Shock
    Hello, my name is Dax. Feel free to refer to me by my user name or my real name or any nicknames you coin for me. Recently my computer has been running very slowly so I took a look at task manager to see what was slowing it down. What I first saw was three or four files named "dllhost.exe *32" with a description of "com surrogate". I got suspicious of it and looked around for information on the internet. From what I read, it seems I have a virus. Looking into a lot of the high running files, one of which being the dllhost.exe *32, I noticed they all fell into one file location: C:\Windows\SysWOW64. When I ran scans from malwarebytes and Avira they reported that nothing was wrong, meanwhile windows defender always says it runs into an error before it can finish scanning. Can anyone help me delete this virus? I'm not very computer savvy so I may get confused easy and be slow in executing your advice. Tell me if you need any more information!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.