dazz156 Posted August 13, 2013 ID:714330 Share Posted August 13, 2013 don't no if i'm in the right place does anyone understand these log reports from Malwarebytes//AdwCleaner[s1]//ComboFixevery time i do a new windows installation of toshiba recovery disk i seem to always get a Infected file what combofix has to fix and then when i go on the internet i get this message security alertyou are about to leave a secure internet connection.it will be possible for others to viewinformation you senddo you want to continue?witch i never got this message before i used combo.ain't toshiba recovery disk supposed to wipe allviruses clean and fix errors so why does this happen. heres the log reports .Malwarebytes Anti-MalwareMalwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.08.12.06Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421darren :: DARREN-PC [administrator]Protection: Enabled12/08/2013 23:50:24mbam-log-2013-08-12 (23-50-24).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 31500Time elapsed: 9 minute(s), 52 second(s) [aborted]Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\darren\AppData\Local\Temp\nsu70F0.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.(end)# AdwCleaner v2.306 - Logfile created 08/13/2013 at 02:39:21# Updated 19/07/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : darren - DARREN-PC# Boot Mode : Normal# Running from : C:\Users\darren\Downloads\AdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] *****Key Deleted : HKCU\Software\ConduitKey Deleted : HKLM\Software\Conduit***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16496[OK] Registry is clean.-\\ Google Chrome v28.0.1500.95File : C:\Users\darren\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [868 octets] - [13/08/2013 02:38:44]AdwCleaner[s1].txt - [804 octets] - [13/08/2013 02:39:21]########## EOF - C:\AdwCleaner[s1].txt - [863 octets] ##########ComboFix 13-08-12.01 - darren 13/08/2013 3:34.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.2012 [GMT 1:00]Running from: c:\users\darren\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\ptc:\windows\system32\pt\toscdspd.cpl.mui.Infected copy of c:\windows\system32\userinit.exe was found and disinfectedRestored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe..((((((((((((((((((((((((( Files Created from 2013-07-13 to 2013-08-13 )))))))))))))))))))))))))))))))..2013-08-13 02:41 . 2013-08-13 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-13 02:17 . 2013-07-15 02:34 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA380CC0-C2D5-405A-ADD6-2C2FB7FF37EA}\mpengine.dll2013-08-12 22:43 . 2013-08-12 22:43 -------- d-----w- c:\programdata\Malwarebytes2013-08-12 22:43 . 2013-08-12 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-08-12 22:43 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-08-12 22:07 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll2013-08-12 22:07 . 2013-08-12 22:07 -------- d-----w- c:\program files\DVD Flick2013-08-12 22:07 . 2008-08-31 12:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx2013-08-12 22:07 . 2007-08-31 17:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx2013-08-12 22:07 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx2013-08-12 22:07 . 2004-03-08 23:00 609824 ----a-w- c:\windows\system32\comctl32.ocx2013-08-12 22:07 . 2004-03-08 23:00 212240 ----a-w- c:\windows\system32\richtx32.ocx2013-08-12 22:07 . 1998-06-23 23:00 164144 ----a-w- c:\windows\system32\comct232.ocx2013-08-12 22:06 . 2013-08-12 22:06 -------- d-----w- c:\program files\ImgBurn2013-08-12 18:06 . 2013-07-15 02:34 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-08-08 14:17 . 2013-08-08 14:17 -------- d-----w- c:\program files\Common Files\Java2013-08-08 14:17 . 2013-08-08 14:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll2013-08-08 14:17 . 2013-08-08 14:16 789416 ----a-w- c:\windows\system32\deployJava1.dll2013-08-08 14:16 . 2013-08-08 14:16 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-08-08 14:16 . 2013-08-08 14:16 -------- d-----w- c:\program files\Java2013-08-08 13:45 . 2013-08-08 13:45 -------- d-----w- c:\program files\NeoSpeech2013-08-08 13:44 . 2013-08-08 13:44 -------- d-----w- c:\windows\Downloaded Installations2013-08-08 13:42 . 2013-08-08 13:42 -------- d-----w- c:\programdata\NCH Software2013-08-08 13:42 . 2013-08-08 13:42 -------- d-----w- c:\program files\NCH Software2013-08-08 13:27 . 2013-08-08 13:27 -------- d-----w- c:\program files\naturalsoft2013-08-08 13:26 . 2013-08-08 13:26 -------- d-----w- c:\programdata\NaturalSoft2013-08-08 13:21 . 2013-07-16 04:02 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-08 13:21 . 2013-07-16 04:02 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D7E4697-FB30-470D-ABF4-0A6E5053A5E0}\gapaengine.dll2013-08-08 12:44 . 2013-08-08 12:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-08-08 12:44 . 2013-08-08 12:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-08-08 12:24 . 2013-08-08 12:46 -------- d-----w- c:\program files\Microsoft Silverlight2013-08-08 12:19 . 2013-08-08 12:19 -------- d-----w- c:\program files\Microsoft Security Client2013-08-08 12:10 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys2013-08-08 11:44 . 2013-08-08 11:46 -------- d-----w- c:\windows\system32\MRT2013-08-08 02:22 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll2013-08-08 02:22 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll2013-08-08 02:22 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll2013-08-08 01:54 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll2013-08-08 01:54 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll2013-08-08 01:47 . 2013-08-08 01:47 -------- d-----w- c:\program files\Microsoft.NET2013-08-08 01:35 . 2013-08-08 01:35 -------- d-----w- c:\program files\Windows Portable Devices2013-08-08 01:29 . 2013-07-15 02:34 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{915A087B-E8F2-49A3-B09E-D42288D71E8F}\mpengine.dll2013-08-08 01:29 . 2013-05-02 15:28 238872 ------w- c:\windows\system32\MpSigStub.exe2013-08-08 01:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll2013-08-08 01:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll2013-08-08 01:00 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys2013-08-08 00:40 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll2013-08-08 00:40 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll2013-08-08 00:40 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll2013-08-08 00:40 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe2013-08-08 00:40 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll2013-08-08 00:38 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe2013-08-08 00:23 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll2013-08-08 00:23 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll2013-08-08 00:23 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys2013-08-08 00:22 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll2013-08-08 00:22 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll2013-08-08 00:22 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll2013-08-08 00:22 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2013-08-08 00:22 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2013-08-08 00:22 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll2013-08-08 00:22 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2013-08-08 00:22 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2013-08-08 00:22 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe2013-08-08 00:22 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll2013-08-08 00:22 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2013-08-08 00:08 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll2013-08-08 00:08 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll2013-08-08 00:08 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll2013-08-08 00:08 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll2013-08-08 00:08 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll2013-08-08 00:05 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat2013-08-08 00:04 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll2013-08-08 00:03 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys2013-08-08 00:01 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll2013-08-08 00:00 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll2013-08-07 23:57 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe2013-08-07 23:57 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe2013-08-07 23:57 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe2013-08-07 23:57 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\msdxm.ocx2013-08-07 23:57 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll2013-08-07 23:57 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll2013-08-07 23:57 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe2013-08-07 23:43 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL2013-08-07 23:34 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll2013-08-07 23:34 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll2013-08-07 23:25 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe2013-08-07 23:25 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll2013-08-07 23:25 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll2013-08-07 23:25 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll2013-08-07 23:25 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll2013-08-07 23:25 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll2013-08-07 23:25 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll2013-08-07 23:25 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll2013-08-07 23:25 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe2013-08-07 23:24 . 2013-08-07 23:24 -------- d-----w- c:\program files\VideoLAN2013-08-07 23:05 . 2013-08-07 23:05 979456 ----a-w- c:\windows\system32\MFH264Dec.dll2013-08-07 23:03 . 2013-08-07 23:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-08-07 23:03 . 2013-08-07 23:03 519680 ----a-w- c:\windows\system32\d3d11.dll2013-08-07 23:03 . 2013-08-07 23:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll2013-08-07 23:03 . 2013-08-07 23:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll2013-08-07 23:03 . 2013-08-07 23:03 252928 ----a-w- c:\windows\system32\dxdiag.exe2013-08-07 23:03 . 2013-08-07 23:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll2013-08-07 23:03 . 2013-08-07 23:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll2013-08-07 22:53 . 2013-08-07 22:54 -------- d-----w- c:\windows\system32\ca-ES2013-08-07 22:53 . 2013-08-07 22:54 -------- d-----w- c:\windows\system32\eu-ES2013-08-07 22:53 . 2013-08-07 22:53 -------- d-----w- c:\windows\system32\vi-VN2013-08-07 22:50 . 2013-08-07 22:50 -------- d-----w- c:\windows\system32\SPReview2013-08-07 22:39 . 2009-04-10 22:28 97792 ----a-w- c:\windows\system32\mprapi.dll2013-08-07 22:38 . 2013-08-07 22:38 -------- d-----w- c:\windows\system32\EventProviders2013-08-07 22:22 . 2013-08-07 22:22 -------- d-----w- c:\programdata\IsolatedStorage2013-08-07 22:05 . 2008-04-28 15:59 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys2013-08-07 22:05 . 2013-08-07 22:05 -------- d-----w- c:\program files\Jumpstart2013-08-07 22:03 . 2008-07-15 18:59 17960 ----a-w- c:\windows\system32\drivers\UVCFTR_S.SYS2013-08-07 22:01 . 2013-08-07 22:01 -------- d-----w- c:\programdata\ToshibaEurope2013-08-07 22:01 . 2013-08-12 18:03 -------- d-----w- c:\users\darren2013-08-07 21:51 . 2013-08-07 21:51 -------- d-----w- c:\windows\system32\nn-NO2013-08-07 21:51 . 2008-04-29 01:37 376832 ----a-w- c:\windows\system32\S64CPA.exe2013-08-07 21:51 . 2008-04-29 01:37 53248 ----a-w- c:\windows\system32\athihvui.dll2013-08-07 21:51 . 2008-04-29 01:37 393216 ----a-w- c:\windows\system32\athihvs.dll2013-08-07 21:51 . 2013-08-07 21:51 -------- d-----w- c:\program files\Atheros2013-08-07 21:51 . 2013-08-07 21:51 -------- d-----w- c:\program files\Cisco2013-08-07 21:51 . 2013-08-07 22:05 -------- d-----w- c:\programdata\Atheros2013-08-07 21:50 . 2008-07-18 17:52 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys2013-08-07 21:50 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll..(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-07 23:03 . 2013-08-07 23:03 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui2013-06-18 20:50 . 2013-06-18 20:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-06-18 20:50 . 2013-06-18 20:50 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]"NDSTray.exe"="NDSTray.exe" [bU]"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]"Skytel"="Skytel.exe" [2007-11-20 1826816]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCacheHsfXAudioService REG_MULTI_SZ HsfXAudioService.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-08-08 13:03 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-08 12:44].2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-08 13:01].2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-08 13:01]..------- Supplementary Scan -------.IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.HKCU-Run-TOSCDSPD - TOSCDSPD.EXEHKLM-Run-cfFncEnabler.exe - cfFncEnabler.exeHKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exeShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLLSafeBoot-WudfPfSafeBoot-WudfRd...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-08-13 03:43Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.------------------------ Other Running Processes ------------------------.c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exec:\program files\Microsoft Security Client\MsMpEng.exec:\windows\system32\WLANExt.exec:\program files\TOSHIBA\ConfigFree\CFSvcs.exec:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exec:\program files\Malwarebytes' Anti-Malware\mbamservice.exec:\windows\system32\TODDSrv.exec:\program files\TOSHIBA\Power Saver\TosCoSrv.exec:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exec:\windows\system32\DRIVERS\xaudio.exec:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exec:\program files\Malwarebytes' Anti-Malware\mbamgui.exec:\program files\TOSHIBA\ConfigFree\NDSTray.exec:\windows\RtHDVCpl.exec:\windows\system32\igfxsrvc.exec:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exec:\program files\TOSHIBA\ConfigFree\CFSwMgr.exec:\windows\system32\igfxext.exec:\program files\Synaptics\SynTP\SynTPHelper.exec:\\?\c:\windows\system32\wbem\WMIADAP.EXEc:\windows\servicing\TrustedInstaller.exe.**************************************************************************.Completion time: 2013-08-13 03:47:11 - machine was rebootedComboFix-quarantined-files.txt 2013-08-13 02:47.Pre-Run: 93,861,871,616 bytes freePost-Run: 93,706,547,200 bytes free.- - End Of File - - 769D8283F97D0B65C2E539DE78E551E25C616939100B85E558DA92B899A0FC36 Link to post Share on other sites More sharing options...
dazz156 Posted August 13, 2013 Author ID:714354 Share Posted August 13, 2013 RogueKiller V8.6.5 [Aug 5 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : darren [Admin rights]Mode : Scan -- Date : 08/13/2013 04:56:17| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++--- User ---[MBR] 88474500f2c4441764b72ec32c69cddc[bSP] a61dcb458f730231d78b33897ce0594f : Windows Vista MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 119000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 246786048 | Size: 117973 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_08132013_045617.txt >> Link to post Share on other sites More sharing options...
dazz156 Posted August 13, 2013 Author ID:714361 Share Posted August 13, 2013 if i knew how to start a new topic i would have done Link to post Share on other sites More sharing options...
dazz156 Posted August 13, 2013 Author ID:714367 Share Posted August 13, 2013 will someone tell me how to make a new topic Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 13, 2013 Root Admin ID:714373 Share Posted August 13, 2013 Hello Dazz I've moved your topic to it's own new topic so you're good to go here. Please follow the steps below and we'll try to get you cleaned up. Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.Please enable your system to show hidden files: How to see hidden files in WindowsP2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Please download RogueKiller and save it to your desktop.You can check here if you're not sure if your computer is 32-bit or 64-bitRogueKiller 32-bit | RogueKiller 64-bit Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes Close the program > Don't Fix anything! Don't run any other options, they're not all bad!! Post back the report which should be located on your desktop.STEP 03Please download Malwarebytes Anti-Rootkit from hereUnzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 04Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirusSTEP 05Please download AdwCleaner by Xplode to your desktop.Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. If prompted by the User Account Control click Yes to allow it to run. Under Actions click on the Delete button. Click OK on all prompts. You will be prompted to restart your computer. A text file will open after the restart. Please post the entire contents of that logfile to your next reply. You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.STEP 06Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.STEP 07Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Link to post Share on other sites More sharing options...
dazz156 Posted August 13, 2013 Author ID:714494 Share Posted August 13, 2013 will my toshiba recovery disk clean out all viruses all will still have them Link to post Share on other sites More sharing options...
dazz156 Posted August 13, 2013 Author ID:714496 Share Posted August 13, 2013 will my toshiba recovery disk clean out all viruses or will i still have them Link to post Share on other sites More sharing options...
dazz156 Posted August 13, 2013 Author ID:714527 Share Posted August 13, 2013 RogueKiller V8.6.5 [Aug 5 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : darren [Admin rights]Mode : Scan -- Date : 08/13/2013 15:25:01| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++--- User ---[MBR] 88474500f2c4441764b72ec32c69cddc[bSP] a61dcb458f730231d78b33897ce0594f : Windows Vista MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 119000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 246786048 | Size: 117973 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_08132013_152501.txt >> Malwarebytes Anti-Rootkit BETA 1.06.1.1005www.malwarebytes.orgDatabase version: v2013.08.13.03Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421darren :: DARREN-PC [administrator]13/08/2013 15:26:27mbar-log-2013-08-13 (15-26-27).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 211604Time elapsed: 40 minute(s), 54 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
dazz156 Posted August 13, 2013 Author ID:714531 Share Posted August 13, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.4.4 (08.12.2013:1)OS: Windows Vista Home Premium x86Ran by darren on 13/08/2013 at 16:12:52.96~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 13/08/2013 at 16:14:50.63End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# AdwCleaner v2.306 - Logfile created 08/13/2013 at 16:18:06# Updated 19/07/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : darren - DARREN-PC# Boot Mode : Normal# Running from : C:\Users\darren\Downloads\AdwCleaner.exe# Option [search]***** [services] ********** [Files / Folders] ********** [Registry] ********** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16496[OK] Registry is clean.-\\ Google Chrome v28.0.1500.95File : C:\Users\darren\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R3].txt - [927 octets] - [13/08/2013 06:13:26]AdwCleaner[R4].txt - [975 octets] - [13/08/2013 06:16:28]AdwCleaner[R5].txt - [1034 octets] - [13/08/2013 16:17:51]AdwCleaner[R6].txt - [849 octets] - [13/08/2013 16:18:06]AdwCleaner[s1].txt - [990 octets] - [13/08/2013 06:13:48]AdwCleaner[s2].txt - [975 octets] - [13/08/2013 03:13:17]########## EOF - C:\AdwCleaner[R6].txt - [1026 octets] ########## Link to post Share on other sites More sharing options...
dazz156 Posted August 13, 2013 Author ID:714533 Share Posted August 13, 2013 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-08-2013Ran by darren at 2013-08-13 16:57:24Running from C:\Users\darren\DownloadsBoot Mode: Normal============================================================================== Installed Programs =======================Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)Atheros Driver Installation Program (Version: 5.2)Atheros Wi-Fi Protected Setup LibraryCD/DVD Drive Acoustic Silencer (Version: 2.02.03)Cisco EAP-FAST Module (Version: 2.1.6)Cisco LEAP Module (Version: 1.0.12)Cisco PEAP Module (Version: 1.0.13)Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)DVD Flick 1.3.0.7 (Version: 1.3.0.7)ERUNT 1.1jExpress BurnGoogle Chrome (Version: 28.0.1500.95)Google Update Helper (Version: 1.3.21.153)HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.2.0)ImgBurn (Version: 2.5.8.0)Intel® Graphics Media Accelerator DriverIntel® Matrix Storage ManagerJava 7 Update 25 (Version: 7.0.250)Java Auto Updater (Version: 2.1.9.5)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Security Client (Version: 4.3.0215.0)Microsoft Security Essentials (Version: 4.3.215.0)Microsoft Silverlight (Version: 5.1.20513.0)Microsoft XML Parser (Version: 8.20.8730.4)MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)NaturalReaderFree (Version: 11.9)NetWaiting (Version: 2.5.52)Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)Realtek High Definition Audio Driver (Version: 6.0.1.5599)Realtek USB 2.0 Card Reader (Version: )Synaptics Pointing Device Driver (Version: 11.2.4.0)TOSHIBA Assist (Version: 2.01.08)TOSHIBA ConfigFree (Version: 7.2.20)TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)TOSHIBA Face Recognition (Version: 2.0.17.32)TOSHIBA Hardware Setup (Version: 2.00.08)TOSHIBA Manuals (Version: 7.40)Toshiba Online Product Information (Version: 1.00.0012)TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b)TOSHIBA Supervisor Password (Version: 2.00.04)TOSHIBA Value Added Package (Version: 1.1.24)TRDCReminder (Version: 1.00.0015)TRORDCLauncher (Version: 1.0.0.1)Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)VLC media player 2.0.8 (Version: 2.0.8)Windows Media Encoder 9 SeriesWindows Media Encoder 9 Series (Version: 9.00.3374) ==================== Restore Points =========================12-08-2013 18:01:07 Restore Operation12-08-2013 18:11:11 darren13-08-2013 04:56:01 Removed NextUp.com-NeoSpeech Paul16 Voice13-08-2013 05:43:27 Removed NaturalReaderFree.13-08-2013 13:31:17 Installed NaturalReaderFree.==================== Hosts content: ==========================2006-11-02 11:23 - 2013-08-13 05:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============Task: {06B11361-724C-4E7A-823D-140A4523ED51} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)Task: {52408333-B08B-4492-99F6-8BED71FB8A4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-08] (Adobe Systems Incorporated)Task: {5592D089-6A5C-4D9C-8EA7-4E67BF3DEA4F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-08] (Google Inc.)Task: {92A5D599-6CA0-4D7D-ADF8-4C69C6CB3325} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)Task: {983B46E6-3D1E-4994-B30C-1A4242939C15} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)Task: {AEDE4048-4F11-47A9-84EC-D7D304043F6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-08] (Google Inc.)Task: {D9ADAB26-A456-4CE6-B398-660286E1A2F0} - System32\Tasks\NCH Software\ExpressBurnReminder => C:\Program Files\NCH Software\ExpressBurn\ExpressBurn.exe [2013-04-26] (NCH Software)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe==================== Faulty Device Manager Devices =============Name: Synaptics PS/2 Port TouchPadDescription: Synaptics PS/2 Port TouchPadClass Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: SynapticsService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved.==================== Event log errors: =========================Application errors:==================System errors:=============Microsoft Office Sessions:=========================CodeIntegrity Errors:=================================== Date: 2013-08-13 14:57:34.658 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-13 14:57:34.361 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-13 14:57:33.784 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-13 14:57:33.254 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 19:43:40.300 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 19:16:56.989 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 19:07:33.589 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 18:58:35.684 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 05:24:08.732 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 05:24:02.139 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Percentage of memory in use: 36%Total physical RAM: 2939.25 MBAvailable physical RAM: 1866.64 MBTotal Pagefile: 6108.78 MBAvailable Pagefile: 5126.61 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1909.59 MB==================== Drives ================================Drive c: (Vista) (Fixed) (Total:116.21 GB) (Free:73.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: (Data) (Fixed) (Total:115.21 GB) (Free:109.94 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 2823C420)Partition 1: (Not Active) - (Size=1 GB) - (Type=27)Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
dazz156 Posted August 13, 2013 Author ID:714539 Share Posted August 13, 2013 eset online scaner was clean on virusesFRST.txtAddition.txtRKreport0_S_08132013_152501.txtmbar-log-2013-08-13 (15-26-27).txtklj.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 13, 2013 Root Admin ID:714659 Share Posted August 13, 2013 Question: will my toshiba recovery disk clean out all viruses or will i still have them? Answer: It really depends on what type of recovery Toshiba does. It would need to remove the current partition and create a new one and format it and then reinstall or reimage. If it's not doing that then there are some infections that can survive a reinstall and format only. Its possible that the image from Toshiba has some minor traces of applications that are considered PUP (Possibly Unwanted Program) but that is not the same as being an actual infection. You should also not be doing restores over and over if you are then you need to learn how to better protect your computer. Please run the following antivirus scanner and let me know if it finds anything. Then I don't see an installed antivirus on your computer so unless I've missed it then you need to install one. Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MBNOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.Shutdown your antivirus to avoid any conflicts while scanning.Once the scans have completed please re-enable your antivirus.If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection ModulesIf needed you can also temporarily disable it from starting with WindowsTemporarily turn off any other security add-ons or applications you may also have.Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.If it does not have a Digital Signature then do not run it.Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.Click on the Yes button to start the installer.Click OK to scan your computer in the Enhanced Protection ModeClick on the check box to agree to participate in their software improvement program.Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.Then click on the Start scanning button.If a threat is found you can click on the Action column in the program.Your options will be Cure or IgnoreIf you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.Then click on the Neutralize button.Once completed click on the green Open Report link. It will open the report in NOTEPADSave the report to your desktop. The report will be called Cureit.logClose Dr.Web Cureit!Reboot your computer to allow files that were in use to be moved/deleted during reboot.After reboot, attach the log Cureit.log you saved previously in your next reply.Re-Enable your antivirus and other security programs when all done. Link to post Share on other sites More sharing options...
dazz156 Posted August 13, 2013 Author ID:714669 Share Posted August 13, 2013 toshiba recovery image i made when i got the laptop .i have microsoft security essntials do you think dr web curelt would be better then microsoft . Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 13, 2013 Root Admin ID:714670 Share Posted August 13, 2013 Just about any antivirus is better than MSE but there are probably some better more main stream antivirus products.Let's get the system cleaned up first and then we'll worry about another antivirus program. Go ahead and run that scanner and post back a log or if nothing was found it may not produce one. Link to post Share on other sites More sharing options...
dazz156 Posted August 13, 2013 Author ID:714698 Share Posted August 13, 2013 dr web found no virusesis it safe to never allow websites to request your physical loaction on in internet explorerand to block all trird -party cookiesi delete the files out of %temp% folder all the time is that safe to do.in cmd when i type in net view i comes up the follwing errorC:\Users\darren>net viewSystem error 6118 has occurred.The list of servers for this workgroup is not currently availabledo you no how i can fix this because some times it works then it wont Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 13, 2013 Root Admin ID:714714 Share Posted August 13, 2013 We'll take a look at some other things and see if we can tell what's going on with the computer still. Please delete your current copy of Combofix and download a new fresh copy and run that and post back the new log. Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below. Important! - Please make sure you save combofix to your desktop and do not run it from your browser Direct download link for: ComboFix.exe Please make sure you disable your security applications before running ComboFix. Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load. Please attach that log file to your next reply. If needed the file can be located here: C:\combofix.txt NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Then run the following tool and post back it's log too. Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply. Please download MiniToolBox save it to your desktop and run it.Checkmark the following check-boxes:Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using Reset FF Proxy Settings option Firefox should be closed. Link to post Share on other sites More sharing options...
dazz156 Posted August 14, 2013 Author ID:714838 Share Posted August 14, 2013 from what you seen in the last reports could you tell if my computer is infected with malwareComboFix.txtFSS.txtResult.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 14, 2013 Root Admin ID:714851 Share Posted August 14, 2013 Only some minor (Potentially Unwanted Programs) were found, all pretty minor stuff. Please Run TFC by OldTimer to clear temporary files:Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Then reboot and run the following. Next, download Security Check from here or here.Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Then let me know how the computer is running and if there are still any signs of an infection. Thanks Link to post Share on other sites More sharing options...
dazz156 Posted August 14, 2013 Author ID:714953 Share Posted August 14, 2013 ok thanks did thatcheckup.txt Link to post Share on other sites More sharing options...
dazz156 Posted August 14, 2013 Author ID:714957 Share Posted August 14, 2013 the computer is running okay no signs of an infection.thank you for the help Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 14, 2013 Root Admin ID:715113 Share Posted August 14, 2013 If you can do without Java that would be the best. That software seems to get compromised every other month. Most users simply don't need it and often sites that are trying to infect you ask for it. So be careful and only install it if you have to and make sure you uncheck any additional software offers it may recommend. http://www.java.com Please Uninstall ComboFix:Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller) Update and re-enable your antivirus if you've not done so after removing Combofix. Please download OTC to your desktop.http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall. Any questions...please post back. Take care and stay safe out there. Thank you for using the Malwarebytes forum. Link to post Share on other sites More sharing options...
dazz156 Posted August 14, 2013 Author ID:715134 Share Posted August 14, 2013 okay thanks for your help .is it safe to never allow websites to request your physical loaction on in internet explorerand to block all trird -party cookiesi delete the files out of %temp% folder all the time is that safe to do.and is it safe to block all incoming connetions in firewall settings .in cmd when i type in net view i comes up the follwing errorC:\Users\darren>net viewSystem error 6118 has occurred.The list of servers for this workgroup is not currently availabledo you no how i can fix this because some times it works then it wont Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 14, 2013 Root Admin ID:715168 Share Posted August 14, 2013 You can try to block all cookies but many sites will not work properly if you do not allow them so that's up to you. No harm one way or anotherNo you cannot block ALL incoming connections as many are required in order for the computer to operate properly. Most modern Firewalls can already self adjust to the most common settings needed. Not sure what is causing the 6118 error but you can post in the PC Help forum or on the Microsoft Answers site to see if anyone can assist you with that. Thanks again Link to post Share on other sites More sharing options...
dazz156 Posted August 16, 2013 Author ID:715722 Share Posted August 16, 2013 SpywareBlasterSpywareGuardare they safe to use Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 16, 2013 Root Admin ID:715753 Share Posted August 16, 2013 Yes, they are safe but the guard seems problematic at times to me but may work for you. Link to post Share on other sites More sharing options...
Recommended Posts