Anti-rootkit won't work help.

[Jeysound123]

It says something how it kourrupted sorry for my spelling and grammar please help I have the payed version thanks~Stephen.

[AdvancedSetup]

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

• When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt

• Save both reports to your desktop
• Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
• You can ignore the note about zipping the Attach.txt file and just post it or attach it.

[Jeysound123]

This is the dds txt.DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Owner at 17:20:10 on 2013-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.955 [GMT -5:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\onlinebanking\online_banking_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\urladvisor\klwtbbho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\urladvisor\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{5ECCE67F-6EF1-46CA-B415-CC4E096E1501} : DHCPNameServer = 65.32.5.111 65.32.5.112
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1    www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2013-10-8 135776]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2013-4-29 161640]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-10-30 575072]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-4-12 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-14 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-6-6 145120]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 14.0.0\avp.exe [2013-10-8 214512]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-29 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-29 701512]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2013-4-19 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-10-8 24160]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-10-8 24672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-29 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-12-11 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-4-29 1691480]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\razer\razer game booster\driver\winring0.sys --> c:\program files\razer\razer game booster\driver\WinRing0.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-10-29 3921880]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-10-29 1042272]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-10-29 171416]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
.
=============== Created Last 30 ================
.
2013-12-11 22:02:00    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-11 04:33:21    --------    d--h--w-    c:\windows\PIF
2013-12-11 04:26:31    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-12-11 04:25:53    51416    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-09 23:48:17    --------    d-----w-    c:\documents and settings\owner\application data\ftblauncher
2013-12-05 00:44:54    --------    d-----w-    c:\program files\Ventrilo
2013-12-05 00:44:33    --------    d-----w-    c:\program files\common files\Wise Installation Wizard
2013-12-02 03:33:54    --------    dc-h--w-    c:\windows\ie8
2013-11-27 19:08:15    --------    d-----w-    c:\program files\CyberGhost 5
2013-11-16 12:33:21    --------    d-----w-    c:\program files\RaidCall
.
==================== Find3M ====================
.
2013-11-13 02:59:42    150528    ----a-w-    c:\windows\system32\imagehlp.dll
2013-11-07 12:26:54    135776    ----a-w-    c:\windows\system32\drivers\kl1.sys
2013-11-07 05:38:51    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17    1879040    ----a-w-    c:\windows\system32\win32k.sys
2013-10-29 07:57:34    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-29 07:57:33    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-29 07:57:33    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02    385024    ----a-w-    c:\windows\system32\html.iec
2013-10-23 23:45:49    172032    ----a-w-    c:\windows\system32\scrrun.dll
2013-10-12 15:56:19    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12:48    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-08 17:49:18    24672    ----a-w-    c:\windows\system32\drivers\klmouflt.sys
2013-10-08 17:49:18    24160    ----a-w-    c:\windows\system32\drivers\klkbdflt.sys
2013-10-07 10:59:21    603136    ----a-w-    c:\windows\system32\crypt32.dll
2013-09-20 14:49:30    18968    ----a-w-    c:\windows\system32\sdnclean.exe
.
============= FINISH: 17:20:47.06 ===============

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

This is the other 1

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/29/2013 2:49:26 PM
System Uptime: 12/11/2013 4:58:08 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5QL PRO
Processor: Intel Pentium III Xeon processor | LGA775 | 2500/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 257.46 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP254: 10/26/2013 10:45:29 AM - Software Distribution Service 3.0
RP255: 10/27/2013 2:30:23 AM - Software Distribution Service 3.0
RP256: 10/27/2013 9:59:48 PM - Software Distribution Service 3.0
RP257: 10/28/2013 5:03:04 PM - Restore Operation
RP258: 10/28/2013 5:09:06 PM - Restore Operation
RP259: 10/28/2013 5:10:10 PM - 3 days ago
RP260: 10/28/2013 5:15:49 PM - Restore Operation
RP261: 10/28/2013 10:15:48 PM - Software Distribution Service 3.0
RP262: 10/29/2013 9:51:08 PM - C
RP263: 10/30/2013 5:08:47 AM - Software Distribution Service 3.0
RP264: 10/30/2013 7:54:19 AM - Software Distribution Service 3.0
RP265: 10/31/2013 8:40:24 AM - System Checkpoint
RP266: 11/1/2013 11:52:52 PM - System Checkpoint
RP267: 11/2/2013 5:18:14 PM - Installed Rockstar Games Social Club
RP268: 11/2/2013 5:18:39 PM - Installed Grand Theft Auto IV
RP269: 11/2/2013 8:35:02 PM - Installed Windows Live ID Sign-in Assistant
RP270: 11/2/2013 8:35:17 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP271: 11/2/2013 8:35:34 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP272: 11/2/2013 8:42:07 PM - Installed Grand Theft Auto IV
RP273: 11/2/2013 9:47:26 PM - Removed Grand Theft Auto IV
RP274: 11/3/2013 3:12:35 AM - Software Distribution Service 3.0
RP275: 11/4/2013 5:56:06 AM - System Checkpoint
RP276: 11/5/2013 6:27:55 AM - System Checkpoint
RP277: 11/6/2013 6:35:13 AM - System Checkpoint
RP278: 11/7/2013 7:30:19 AM - System Checkpoint
RP279: 11/8/2013 8:05:33 AM - System Checkpoint
RP280: 11/9/2013 8:30:38 AM - System Checkpoint
RP281: 11/9/2013 10:01:33 PM - Installed RuneScape Launcher 1.2.3
RP282: 11/9/2013 10:15:22 PM - Removed RuneScape Launcher 1.2.3
RP283: 11/9/2013 10:18:13 PM - Installed Wizard101
RP284: 11/11/2013 4:10:48 AM - Installed Windows Movie Maker 2.0
RP285: 11/11/2013 6:00:14 PM - Software Distribution Service 3.0
RP286: 11/12/2013 6:00:16 PM - Software Distribution Service 3.0
RP287: 11/13/2013 8:52:00 PM - System Checkpoint
RP288: 11/15/2013 8:28:22 AM - System Checkpoint
RP289: 11/16/2013 9:46:21 AM - System Checkpoint
RP290: 11/18/2013 1:12:38 AM - System Checkpoint
RP291: 11/19/2013 1:54:22 AM - System Checkpoint
RP292: 11/20/2013 2:00:12 AM - System Checkpoint
RP293: 11/21/2013 3:22:18 AM - System Checkpoint
RP294: 11/22/2013 3:58:58 AM - System Checkpoint
RP295: 11/23/2013 6:49:16 AM - System Checkpoint
RP296: 11/26/2013 2:42:30 AM - System Checkpoint
RP297: 11/27/2013 3:36:36 AM - System Checkpoint
RP298: 11/28/2013 1:54:59 PM - System Checkpoint
RP299: 11/29/2013 5:30:27 PM - System Checkpoint
RP300: 12/1/2013 2:00:50 AM - Removed Steam
RP301: 12/1/2013 10:35:15 PM - Installed Windows Internet Explorer 8.
RP302: 12/2/2013 6:00:15 PM - Software Distribution Service 3.0
RP303: 12/3/2013 11:50:18 PM - System Checkpoint
RP304: 12/4/2013 7:44:52 PM - Installed Ventrilo Client
RP305: 12/5/2013 11:19:29 PM - System Checkpoint
RP306: 12/7/2013 12:50:05 AM - System Checkpoint
RP307: 12/8/2013 3:13:23 AM - System Checkpoint
RP308: 12/10/2013 3:54:08 AM - System Checkpoint
RP309: 12/10/2013 6:00:22 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
CCleaner
EPSON NX330 Series Printer Uninstall
Google Chrome
Google Update Helper
Grand Theft Auto IV
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Java 7 Update 25
Java Auto Updater
Kaspersky Internet Security
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
NVIDIA Drivers
Pando Media Booster
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB941569)
Skype Click to Call
Skype™ 6.10
Spybot - Search & Destroy
TeamSpeak 3 Client
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2904266)
Ventrilo Client
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Movie Maker 2.0
WinRAR 4.20 (32-bit)
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
12/9/2013 7:07:12 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
12/7/2013 8:23:29 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
12/5/2013 5:03:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
12/5/2013 5:03:36 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================-Sorry i did not add the attachement.

[AdvancedSetup]

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[Jeysound123]

 how to i attach the file

[AdvancedSetup]

Please click on the More Reply Options button and there you'll see an option to browse and attach files.

[Jeysound123]

Here is the ComboFix.txt and btw my pc said after that was done...Your computer has recoverd from somthing like a bad virus thanks but what is the txt for?
 

ComboFix.txt

[AdvancedSetup]

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus
  

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
    

  [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
  

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
  

 

[Jeysound123]

When I try to download ANTI-ROOTKIT It downloads and all than I update it than i  Press scan and it's telling me [DDA DRIVERS WAS NOT INSTALLED WHICH MAY BE CAUSE BY ROOT-KIT ACTVEITY]And than it sais can error has occured

[Jeysound123]

Junkware Removal Tool

JRT.txt

[Jeysound123]

 AdwCleaner

AdwCleanerR0.txt

AdwCleanerS0.txt

[AdvancedSetup]

Thank you, please continue with the other scans and post those logs when ready.  If needed we can look again at running MBAR later on.

[Jeysound123]

This is the 7th 1 and running the virus thing scanner now

 

FRST.txt

Addition.txt

[AdvancedSetup]

Okay, please post the ESET log when ready.

[Jeysound123]

How do i post the eset LOGS HELP.

[AdvancedSetup]

Just open it with notepad and copy/paste

[Jeysound123]

eset log m8

 

eset.log.txt

[AdvancedSetup]

Please uninstall ALL versions of Java from your Control Panel, Add/Remove and restart the computer, then run the following.

 

Please download JavaRa-1.16 and save it to your computer.

• Double click to open the zip file and then select all and choose Copy.
• Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
• Quit all browsers and other running applications.
• Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location and post it in your next reply.
  

 
Then run the following and again restart the computer.
 
Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
  

[Jeysound123]

This will clean my pc?

[AdvancedSetup]

No but it is part of the issue.  Please continue.

 

Here is something to read on why it can take so long to detect and clean up.

 

The complexity of finding, preventing, and cleanup from malware

[Jeysound123]

Alright so i undownloaded the think in controll pan okay now i put the WINRAR file in the removejava?

[Jeysound123]

JavaRA.TXT

[Jeysound123]

There My bad about the last post.

[Jeysound123]

Why won't it add a attachment i added is to both post or did it show up please help?

[Jeysound123]

Am i going to need 

Download RogueKiller on the desktop?