Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Numerous problems [Solved]


  • This topic is locked This topic is locked

#1
LesstheJake

LesstheJake

    Member

  • Member
  • PipPip
  • 19 posts
hi
got numerous problems
1st one is that a website I use the password has been changed and not by me so am worried might been hacked and have to change all my passwords, I just wanted a clean computer b4 I did that
secondly firefox keeps freezing and when I try and visit sites I get message saying server has been reset and try again. it works then but malware anti bytes tells me that its blocked a malicious site but the message is something to do with avast my internet secuirty. when i do get on sites the font is odd and not normal

Flash player also keeps crashing

here are logs, thanks

OTL logfile created on: 15/03/2013 22:37:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.74% Memory free
6.21 Gb Paging File | 4.41 Gb Available in Paging File | 71.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 191.58 Gb Free Space | 66.45% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
Drive E: | 0.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/15 22:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2013/03/15 00:47:36 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/08 01:50:27 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/06 23:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 23:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/06 23:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/03/03 19:50:25 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/19 18:02:54 | 003,273,136 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/04 10:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/08/31 00:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/08/31 00:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/08/31 00:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 02:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/15 00:47:36 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/13 22:21:12 | 000,115,137 | ---- | M] () -- C:\Users\Chris\AppData\Local\temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
MOD - [2013/03/08 01:50:26 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/02/14 20:38:29 | 005,679,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\a38d8bfa8fc932daef06d99a0eefee2b\DeviceHost.ni.dll
MOD - [2013/02/14 20:38:18 | 001,007,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\6b4d9af6519198ed1463fc15c60f9bc6\CPKTMusicPlugin.ni.dll
MOD - [2013/02/14 20:38:12 | 002,188,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\481dbce23ca5a4ba67eec2aca5245bb8\Kies.Common.Multimedia.ni.dll
MOD - [2013/02/14 20:38:09 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\6dc7c68e8ce7d96e45dda16f539685be\Kies.Common.MainUI.ni.dll
MOD - [2013/02/14 20:38:08 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\23cc5b347685264fd8fc12c960258f08\Kies.UI.ni.dll
MOD - [2013/02/14 20:38:08 | 000,201,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\68d66b0b679f9d00eb2674c7ea3e1f65\Kies.Common.Util.ni.dll
MOD - [2013/02/14 20:38:06 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\97be73c46aa6d52461a963e45da51162\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013/02/14 20:38:01 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\40ec6eb5a95de56636ea90f638d1eb2c\System.ServiceProcess.ni.dll
MOD - [2013/02/14 20:37:48 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\6bd72b5862c330b477f881354c38dfaf\Kies.ni.exe
MOD - [2013/02/14 19:18:13 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0783e0b01fd91c2c42abe0cb3e5d0c19\System.Windows.Forms.ni.dll
MOD - [2013/01/08 21:53:28 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\d141e2e8320dd31940696a69766fdc00\System.Runtime.Remoting.ni.dll
MOD - [2013/01/08 21:53:18 | 015,399,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8a4f27e3f254ded6f14720398a17aa16\Kies.Theme.ni.dll
MOD - [2013/01/08 21:53:16 | 000,608,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\5515b99ef1f56fd99dd92b2411898d1b\DevicePodcast.ni.dll
MOD - [2013/01/08 21:53:15 | 000,367,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\af8dbdfad9fdff93df66d5ed493e331d\DevicePhoto.ni.dll
MOD - [2013/01/08 21:53:15 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\727c54f055db0237275fe73a8bdc7e17\DeviceVideo.ni.dll
MOD - [2013/01/08 21:53:14 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\9ae37560b829acdf9dca42531006e9aa\DeviceMusic.ni.dll
MOD - [2013/01/08 21:53:13 | 000,461,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\122ad0cedf2147a2d9799ae69885f993\VideoManager.ni.dll
MOD - [2013/01/08 21:53:12 | 002,778,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\cc5ccf7e2de6141500219c08610bcf28\PodcastService.ni.dll
MOD - [2013/01/08 21:53:11 | 001,143,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\4a6ff3a0091024818451af7de4764388\Podcaster.ni.dll
MOD - [2013/01/08 21:53:09 | 000,607,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\bbd3df31bdf82f00f0959b329f01aaf4\PhotoManager.ni.dll
MOD - [2013/01/08 21:52:55 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\294c94f981d637f17ab1735a88c71f84\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013/01/08 21:52:47 | 003,079,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Pims\c14cb7394f803115099cf3d72f37418a\Kies.Common.Pims.ni.dll
MOD - [2013/01/08 21:52:44 | 001,843,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\b593abab1718c26186e305b33383c7f9\Phonebook.ni.dll
MOD - [2013/01/08 21:52:35 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\e6587bc657f47680e956ad43831c6c8d\MusicManager.ni.dll
MOD - [2013/01/08 21:52:35 | 000,024,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\lib_Samsung_WitchPl#\3e4f599ee2e3553dfef9dc1a805d9250\lib_Samsung_WitchPlaylist_v0.1.ni.dll
MOD - [2013/01/08 21:52:34 | 000,829,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\e3d4839bec42d803ddc86142167e1160\DeviceCommonLib.ni.dll
MOD - [2013/01/08 21:52:33 | 000,717,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\6025d83bd3f0639dec65010998b36c3a\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013/01/08 21:52:32 | 000,320,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\a733a21df78e533a0be98297f664753e\EBookManager.ni.dll
MOD - [2013/01/08 21:52:31 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\9babc9bc724237a609f4de0ad3323c9f\BATPlugin.ni.dll
MOD - [2013/01/08 21:52:30 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\5b125ea25878945be73a0b105206df41\AllShareController.ni.dll
MOD - [2013/01/08 21:52:26 | 000,507,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\7aed44092b17a6a553f177b60cb9577e\Kies.Common.MediaDB.ni.dll
MOD - [2013/01/08 21:52:26 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\70bb30bbc100d4ff16c7f87dbc2b31aa\Kies.Common.StoreManager.ni.dll
MOD - [2013/01/08 21:52:25 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\d30dd594f264c0bdcc68e2bbff360cfd\ASF_cSharpAPI.ni.dll
MOD - [2013/01/08 21:52:25 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\f5c5f12d694de2a89c2d40bcd4578ca0\Kies.Common.AllShare.ni.dll
MOD - [2013/01/08 21:52:24 | 000,278,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6bcf31801a136f6102d51c83ffe72448\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013/01/08 21:52:24 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\c91b6619219fe6012c9f97876abeca7c\AdminCmdAgent.ni.dll
MOD - [2013/01/08 21:52:24 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\d33bcbaa7fc23806108d6e65970c4391\Interop.FUSCryptLib.ni.dll
MOD - [2013/01/08 21:52:24 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CmdAgentLib\dc90a724aab7eaf26b0ef9e88e82a518\Interop.CmdAgentLib.ni.dll
MOD - [2013/01/08 21:52:23 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bf10beb0ff3048e6048dbea8e92c0c11\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013/01/08 21:52:23 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CDBurnCOMLib\3cca4aa585fffc4ba9c189cf488ff366\Interop.CDBurnCOMLib.ni.dll
MOD - [2013/01/08 21:52:22 | 000,565,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fca01ddd89f601aa8f3457e0f6dc0878\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013/01/08 21:52:22 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\a675afec192581f0f32d6581c68e5e8f\Interop.DevFileServiceLib.ni.dll
MOD - [2013/01/08 21:52:21 | 000,566,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\012cfbfe13e795a6fa2365918b878386\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013/01/08 21:52:21 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.SyncService#\f8535c82944631219a849a7875fb741d\Interop.SyncServiceLib.ni.dll
MOD - [2013/01/08 21:52:20 | 000,083,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceManag#\3f32ebfa7990cc80b9559827dcc32ad0\Interop.DeviceManagerLib.ni.dll
MOD - [2013/01/08 21:52:20 | 000,053,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.ConnectionM#\723b6e2736498b7929be6e3609914d19\Interop.ConnectionManagerLib.ni.dll
MOD - [2013/01/08 21:52:20 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\b983a0de4426c5297f9738f10da608c3\Interop.DeviceServiceModelDBLib.ni.dll
MOD - [2013/01/08 21:52:19 | 000,902,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f853d4336528646ea1177d8033c6ef30\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013/01/08 21:52:19 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e793084599a7bd89923c348e22057983\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/01/08 21:52:19 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceDataS#\977c2caec695ee297eeb58a447964cd1\Interop.DeviceDataServiceLib.ni.dll
MOD - [2013/01/08 21:52:18 | 001,025,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ffafe10b3805924b1088bc69a5de2f0b\Kies.Common.DeviceService.ni.dll
MOD - [2013/01/08 21:52:15 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7ade41f2c08fe2654323fddba67eee1d\System.Management.ni.dll
MOD - [2013/01/08 21:52:14 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\145952716fb5eee03a99b0ccf8ac02cb\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013/01/08 21:52:13 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\df583bdd5805a8ea646aa90a83e31a0a\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013/01/08 21:52:13 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\613d9b5af9aba20ee1353c43c9c0a84b\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013/01/08 21:52:13 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\3aacb3ad0998bea4cf56323794eb2c8f\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013/01/08 21:52:07 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\50ad795efa068504fbdd23ca78e0e959\ICSharpCode.SharpZipLib.ni.dll
MOD - [2013/01/08 21:52:07 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\8ea615184f2f6240df29ba506a9c178c\CabLib.ni.dll
MOD - [2013/01/08 21:52:07 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\683a2adb742ad60e4beba025bf957cf2\Kies.Common.DBManager.ni.dll
MOD - [2013/01/08 21:52:06 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\85ff769496d6b3a3fb81025d06cd8f7c\Interop.DeviceSearchLib.ni.dll
MOD - [2013/01/08 21:52:05 | 001,437,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8b05816d8b09b1b2b7e1ddb16a4af9e6\Kies.Locale.ni.dll
MOD - [2013/01/08 21:52:05 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\bc2ffeea3580f165f2314c754e24744c\Kies.MVVM.ni.dll
MOD - [2013/01/08 21:52:01 | 001,185,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\94115754846ba74909b9c7247ea049c8\Kies.Interface.ni.dll
MOD - [2013/01/08 21:51:40 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\cbb1eb18b6cfdc6f75b8643217ef079e\System.Runtime.Remoting.ni.dll
MOD - [2013/01/08 21:51:32 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll
MOD - [2013/01/08 21:34:00 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c627e9b7f10b01db43645284e601f255\PresentationFramework.ni.dll
MOD - [2013/01/08 21:33:59 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7600fa0122191abced58b5e98303dfb3\System.Configuration.ni.dll
MOD - [2013/01/08 21:33:56 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\293b5e60e01e652ae1bf4096bc6e9f9e\System.Drawing.ni.dll
MOD - [2013/01/08 21:33:52 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9471a54aa2b06e04f33b3e5dc9dc412a\PresentationFramework.Aero.ni.dll
MOD - [2013/01/08 21:33:46 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll
MOD - [2013/01/08 21:33:44 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll
MOD - [2013/01/08 21:33:39 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll
MOD - [2013/01/08 21:33:34 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll
MOD - [2013/01/08 21:33:31 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll
MOD - [2013/01/08 21:33:24 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll
MOD - [2012/08/31 00:52:22 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe


========== Services (SafeList) ==========

SRV - [2013/03/15 00:47:45 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 01:50:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/06 23:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/06 23:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/04 10:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\gttap1.sys -- (gttap1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/03/06 23:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/06 23:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/06 23:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/06 23:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/06 23:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/03/06 23:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/06 23:33:23 | 000,199,384 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/03/06 23:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/06 23:33:22 | 000,101,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/03/06 23:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/06 23:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/31 10:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/07/31 10:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/07/13 10:47:41 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/07/01 09:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/12/10 20:48:26 | 000,043,520 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D A4 EB B6 BB 1C CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/12/21 16:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/16 11:02:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/10 09:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/21 16:29:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/21 16:29:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 01:50:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/03 04:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2013/03/08 01:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 01:50:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/20 06:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/29 10:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/02/19 19:29:44 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: ScriptNo = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.2_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/20 00:09:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/15 22:37:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/03/15 22:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/03/14 00:15:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Old Firefox Data
[2013/03/13 22:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CactusVPN
[2013/03/09 14:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/03/09 00:47:44 | 000,353,352 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Chris\Desktop\mbam-check-2.0.0.1000.exe
[2013/03/09 00:12:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HijackThis.exe
[2013/03/08 19:55:07 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2013/03/08 01:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/07 13:35:27 | 019,734,176 | ---- | C] (Panda Security ) -- C:\Users\Chris\Desktop\PandaCloudCleaner(1).exe
[2013/03/03 19:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/03/01 22:49:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2013/03/01 22:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/03/01 08:53:04 | 000,000,000 | ---D | C] -- C:\LeG_VGRs_Installation
[2013/02/24 22:50:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2013/02/22 02:07:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/20 00:07:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/20 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2013/02/17 21:04:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2013/02/14 19:03:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2011/12/28 14:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/03/15 22:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/03/15 21:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/15 21:35:53 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/15 21:35:53 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/14 21:40:24 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/03/14 01:35:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/13 11:57:49 | 002,895,079 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(1).pdf
[2013/03/10 09:49:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/03/09 00:47:45 | 000,353,352 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Chris\Desktop\mbam-check-2.0.0.1000.exe
[2013/03/09 00:15:04 | 000,377,856 | ---- | M] () -- C:\Users\Chris\Desktop\f6slf7he.exe
[2013/03/09 00:12:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HijackThis.exe
[2013/03/08 19:55:55 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2013/03/08 13:33:34 | 000,597,667 | ---- | M] () -- C:\Users\Chris\Desktop\AdwCleaner.exe
[2013/03/07 15:19:46 | 000,001,754 | ---- | M] () -- C:\Users\Chris\Desktop\Update Checker.lnk
[2013/03/07 15:19:29 | 000,264,757 | ---- | M] () -- C:\Users\Chris\Desktop\FHSetup(2).exe
[2013/03/07 13:35:48 | 019,734,176 | ---- | M] (Panda Security ) -- C:\Users\Chris\Desktop\PandaCloudCleaner(1).exe
[2013/03/06 23:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/03/06 23:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/03/06 23:33:24 | 000,164,736 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/06 23:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/03/06 23:33:24 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/03/06 23:33:24 | 000,049,248 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/06 23:33:23 | 000,199,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/03/06 23:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/03/06 23:33:22 | 000,101,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/03/06 23:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/03/06 23:33:22 | 000,021,576 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/03/06 23:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/06 23:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/03/06 23:26:12 | 003,510,314 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost.pdf
[2013/03/04 10:09:56 | 000,350,832 | R--- | M] () -- C:\Users\Chris\Desktop\LIFE ON THE LINE_D92YFBEAEJFJ7.exe
[2013/03/03 19:51:05 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/03/03 19:50:27 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/03/01 23:23:55 | 000,032,768 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/01 22:49:08 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2013/02/20 00:09:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/18 18:59:15 | 333,690,880 | ---- | M] () -- C:\Users\Chris\Desktop\VTS_01_1.VOB
[2013/02/14 19:31:19 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/14 19:16:07 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/14 19:16:07 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/03/13 11:57:48 | 002,895,079 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(1).pdf
[2013/03/09 00:15:02 | 000,377,856 | ---- | C] () -- C:\Users\Chris\Desktop\f6slf7he.exe
[2013/03/08 13:33:32 | 000,597,667 | ---- | C] () -- C:\Users\Chris\Desktop\AdwCleaner.exe
[2013/03/07 15:19:29 | 000,264,757 | ---- | C] () -- C:\Users\Chris\Desktop\FHSetup(2).exe
[2013/03/06 23:26:11 | 003,510,314 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost.pdf
[2013/03/04 10:09:56 | 000,350,832 | R--- | C] () -- C:\Users\Chris\Desktop\LIFE ON THE LINE_D92YFBEAEJFJ7.exe
[2013/03/03 19:51:05 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/03/01 23:36:42 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/01 23:36:41 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/01 22:27:00 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/02/18 18:35:27 | 333,690,880 | ---- | C] () -- C:\Users\Chris\Desktop\VTS_01_1.VOB
[2013/01/13 17:03:01 | 003,610,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/16 14:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe
[2012/06/03 08:55:32 | 000,032,768 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/04/11 10:10:35 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/18 20:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 08:10:03 | 000,678,003 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 08:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 07:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/28 14:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 14:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/02/04 12:24:09 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/30 07:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/18 20:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo
[2012/03/19 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2013/01/14 18:49:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
[2012/09/12 13:33:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/06/15 23:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/03/18 20:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k
[2013/02/19 17:27:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2013/01/16 12:37:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2012/04/17 09:29:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wondershare

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV

< End of report >
  • 0

Advertisements


#2
LesstheJake

LesstheJake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
have I done something wrong as I see people who posted today have been addressed but not got anything myself?
  • 0

#3
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello LesstheJake

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#4
LesstheJake

LesstheJake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
something called emsisoft said I had a trojan called Trojan.Win32.InstallIQ.AMN
when I ran ESET it said it was a variant of Win32/InstallIQ


Results of screen317's Security Check version 0.99.61
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
avast! Internet Security
Emsisoft Anti-Malware
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Panda Cloud Cleaner
Java 7 Update 17
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Emsisoft Anti-Malware a2service.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


# AdwCleaner v2.115 - Logfile created 03/21/2013 at 12:49:17
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Chris - DELL-530
# Boot Mode : Normal
# Running from : C:\Users\Chris\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\APN

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\gs8jb6c1.default-1363387681773\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R10].txt - [1502 octets] - [22/02/2013 02:07:42]
AdwCleaner[R11].txt - [1563 octets] - [22/02/2013 19:46:31]
AdwCleaner[R12].txt - [1870 octets] - [23/02/2013 22:49:59]
AdwCleaner[R13].txt - [1637 octets] - [08/03/2013 13:33:48]
AdwCleaner[R14].txt - [1700 octets] - [08/03/2013 23:09:37]
AdwCleaner[R15].txt - [1761 octets] - [08/03/2013 23:10:20]
AdwCleaner[R16].txt - [1971 octets] - [16/03/2013 12:12:19]
AdwCleaner[R5].txt - [1168 octets] - [04/02/2013 18:31:11]
AdwCleaner[R6].txt - [1226 octets] - [04/02/2013 20:57:28]
AdwCleaner[R7].txt - [1322 octets] - [18/02/2013 14:12:49]
AdwCleaner[R8].txt - [1382 octets] - [18/02/2013 14:24:20]
AdwCleaner[R9].txt - [1442 octets] - [18/02/2013 16:01:01]
AdwCleaner[S10].txt - [1943 octets] - [21/03/2013 12:49:17]
AdwCleaner[S6].txt - [1075 octets] - [13/01/2013 21:52:33]
AdwCleaner[S7].txt - [1626 octets] - [22/02/2013 19:46:40]
AdwCleaner[S8].txt - [1935 octets] - [23/02/2013 22:52:01]
AdwCleaner[S9].txt - [1820 octets] - [08/03/2013 23:10:27]

########## EOF - C:\AdwCleaner[S10].txt - [2244 octets] ##########

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Remove -- Date : 03/21/2013 13:04:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] 75cea1566f37ed5202eeca8f75d9ee40
[BSP] f9ca80c0c038cea0eeca3eb48d6e0ec9 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 295243 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03212013_02d1304.txt >>
RKreport[1]_S_03212013_02d1301.txt ; RKreport[2]_D_03212013_02d1304.txt
  • 0

#5
LesstheJake

LesstheJake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
my anti virus has flagged up 2 rootkits.
what do i do?
something weird happened with MBAM, it kept asking for updates and then crashing

Attached Thumbnails

  • Untitled.jpg

Edited by LesstheJake, 21 March 2013 - 07:52 AM.

  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello LesstheJake

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
LesstheJake

LesstheJake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
okay what do I do with the avast telling me rootkit been found I have not touched it since it came up?
  • 0

#8
LesstheJake

LesstheJake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
after I ran combofix i couldnt launch Firefox or IE and it said these registry keys had been marked for deletion? computer is really slow when running pages

ComboFix 13-03-21.01 - Chris 21/03/2013 18:27:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1404 [GMT 0:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-21 to 2013-03-21 )))))))))))))))))))))))))))))))
.
.
2013-03-21 18:44 . 2013-03-21 18:44 -------- d-----w- c:\users\Chris\AppData\Local\temp
2013-03-21 18:44 . 2013-03-21 18:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-21 18:44 . 2013-03-21 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-20 17:46 . 2013-03-21 17:56 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2013-03-18 21:09 . 2013-01-31 08:19 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-03-18 21:09 . 2013-01-31 08:19 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-03-18 21:02 . 2013-02-05 17:52 821824 ----a-w- c:\windows\system32\dgderapi.dll
2013-03-18 21:02 . 2013-02-05 17:52 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2013-03-18 21:02 . 2013-02-05 17:52 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2013-03-18 13:42 . 2013-03-18 13:42 -------- d-----w- c:\program files\RealNetworks
2013-03-18 13:42 . 2013-03-18 13:42 -------- d-----w- c:\programdata\RealNetworks
2013-03-18 13:41 . 2013-03-18 13:41 -------- d-----w- c:\program files\Common Files\xing shared
2013-03-17 23:23 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-16 22:18 . 2013-03-16 22:18 -------- d-----w- c:\program files\ESET
2013-03-16 15:41 . 2013-03-16 15:56 -------- d-----w- c:\program files\TunnelBear
2013-03-09 14:23 . 2013-03-09 14:23 -------- d-----w- c:\program files\Common Files\Java
2013-03-09 14:22 . 2013-03-09 14:22 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-01 23:36 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-01 23:36 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-01 08:53 . 2013-03-01 08:53 -------- d-----w- C:\LeG_VGRs_Installation
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 22:58 . 2012-12-13 19:48 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 22:58 . 2012-12-13 19:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-09 14:22 . 2011-12-26 22:04 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-09 14:22 . 2011-12-26 22:00 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 23:33 . 2012-09-23 23:35 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-09-23 23:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-09-23 23:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-09-23 23:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-09-23 23:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-03-06 23:33 . 2012-09-23 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2012-09-23 23:35 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-09-23 23:34 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-03-06 23:33 . 2012-09-23 23:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-06 23:32 . 2012-04-17 11:53 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-09-23 23:33 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-03 19:50 . 2008-10-23 12:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-02-05 17:53 . 2012-01-22 18:59 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-02-05 17:52 . 2013-02-05 17:52 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2013-02-05 17:52 . 2013-02-05 17:52 330240 ----a-w- c:\windows\MASetupCaller.dll
2013-02-05 17:52 . 2013-02-05 17:52 30568 ----a-w- c:\windows\MusiccityDownload.exe
2013-02-05 17:52 . 2013-02-05 17:52 172032 ----a-w- c:\windows\system32\muzapp.exe
2013-01-05 05:26 . 2013-02-14 19:10 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26 . 2013-02-14 19:10 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28 . 2013-02-14 19:10 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38 . 2013-02-14 19:10 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 01:50 . 2013-03-08 01:50 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2013-01-30 3365288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-03-18 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 05501848
*NewlyCreated* - 71513165
*NewlyCreated* - A2ACC
*NewlyCreated* - A2INJECTIONDRIVER
*NewlyCreated* - A2UTIL
*Deregistered* - 05501848
*Deregistered* - 71513165
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 22:58]
.
.
------- Supplementary Scan -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\gs8jb6c1.default-1363387681773\
FF - ExtSQL: 2013-03-10 09:49; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-03-15 15:32; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\McAfee\SiteAdvisor
FF - ExtSQL: 2013-03-18 13:42; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-21 18:44
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-03-21 18:46:03
ComboFix-quarantined-files.txt 2013-03-21 18:46
ComboFix2.txt 2013-02-20 00:16
.
Pre-Run: 191,854,616,576 bytes free
Post-Run: 191,922,651,136 bytes free
.
- - End Of File - - C48FF9824B6A283EF3AD42CB670E4B09

Edited by LesstheJake, 21 March 2013 - 01:37 PM.

  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello LesstheJake

please take note of NOTE2 below


:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:


AV: avast! Internet Security
AV: Emsisoft Anti-Malware



Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.




At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#10
LesstheJake

LesstheJake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
no problems running it just gpt avast and malware bytes. malwarebytes switched itself off and thats when I got the rootkit message
did you find any trojans or anything bad? is the rootkit a worry?
comp seems faster now

ComboFix 13-03-21.01 - Chris 22/03/2013 11:49:39.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1708 [GMT 0:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-22 to 2013-03-22 )))))))))))))))))))))))))))))))
.
.
2013-03-22 11:55 . 2013-03-22 11:55 -------- d-----w- c:\users\Chris\AppData\Local\temp
2013-03-22 11:55 . 2013-03-22 11:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-22 11:55 . 2013-03-22 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-20 17:46 . 2013-03-21 21:03 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2013-03-18 21:09 . 2013-01-31 08:19 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-03-18 21:09 . 2013-01-31 08:19 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-03-18 21:02 . 2013-02-05 17:52 821824 ----a-w- c:\windows\system32\dgderapi.dll
2013-03-18 21:02 . 2013-02-05 17:52 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2013-03-18 21:02 . 2013-02-05 17:52 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2013-03-18 13:42 . 2013-03-18 13:42 -------- d-----w- c:\program files\RealNetworks
2013-03-18 13:42 . 2013-03-18 13:42 -------- d-----w- c:\programdata\RealNetworks
2013-03-18 13:41 . 2013-03-18 13:41 -------- d-----w- c:\program files\Common Files\xing shared
2013-03-17 23:23 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-16 22:18 . 2013-03-16 22:18 -------- d-----w- c:\program files\ESET
2013-03-16 15:41 . 2013-03-16 15:56 -------- d-----w- c:\program files\TunnelBear
2013-03-09 14:23 . 2013-03-09 14:23 -------- d-----w- c:\program files\Common Files\Java
2013-03-09 14:22 . 2013-03-09 14:22 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-01 23:36 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-01 23:36 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-01 08:53 . 2013-03-01 08:53 -------- d-----w- C:\LeG_VGRs_Installation
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 22:58 . 2012-12-13 19:48 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 22:58 . 2012-12-13 19:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-09 14:22 . 2011-12-26 22:04 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-09 14:22 . 2011-12-26 22:00 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 23:33 . 2012-09-23 23:35 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-09-23 23:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-09-23 23:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-09-23 23:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-09-23 23:33 199384 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-03-06 23:33 . 2012-09-23 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2012-09-23 23:35 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-09-23 23:34 101656 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-03-06 23:33 . 2012-09-23 23:33 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-03-06 23:32 . 2012-04-17 11:53 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-09-23 23:33 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-03 19:50 . 2008-10-23 12:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-02-05 17:53 . 2012-01-22 18:59 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-02-05 17:52 . 2013-02-05 17:52 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2013-02-05 17:52 . 2013-02-05 17:52 330240 ----a-w- c:\windows\MASetupCaller.dll
2013-02-05 17:52 . 2013-02-05 17:52 30568 ----a-w- c:\windows\MusiccityDownload.exe
2013-01-05 05:26 . 2013-02-14 19:10 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26 . 2013-02-14 19:10 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28 . 2013-02-14 19:10 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38 . 2013-02-14 19:10 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 01:50 . 2013-03-08 01:50 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-03-18 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 22:58]
.
.
------- Supplementary Scan -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\gs8jb6c1.default-1363387681773\
FF - ExtSQL: 2013-03-10 09:49; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-03-15 15:32; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\McAfee\SiteAdvisor
FF - ExtSQL: 2013-03-18 13:42; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-22 11:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-03-22 11:57:29
ComboFix-quarantined-files.txt 2013-03-22 11:57
ComboFix2.txt 2013-03-21 18:46
ComboFix3.txt 2013-02-20 00:16
.
Pre-Run: 191,839,387,648 bytes free
Post-Run: 191,791,366,144 bytes free
.
- - End Of File - - 60ECA56F39E3AE61EB78FFF894E45F46

Edited by LesstheJake, 22 March 2013 - 06:44 AM.

  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello LesstheJake

No I have not seen any other evidence of a rootkit yet

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#12
LesstheJake

LesstheJake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Leawo Video Converter version 5.1.0.0
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Internet Security
CCleaner
ConvertXtoDVD 4.0.9.322
D3DX10
EasyBCD 1.7
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04]
FileHippo.com Update Checker
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel® Graphics Media Accelerator Driver
Java 7 Update 17
Java Auto Updater
K-Lite Codec Pack 7.0.0 (Standard)
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee SiteAdvisor
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Excel Viewer 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MyFreeCodec
Nero 7 Lite 7.10.1.2
Panda Cloud Cleaner
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.93
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Segoe UI
Skitch
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
YouTube Downloader App 3.00
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java 7 Update 17

[/list]


Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#14
LesstheJake

LesstheJake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
2 problem
1st is that it tells me I have no firewall on even though I have avast protecting me
secondly I log on a website and it says server not found so I refresh and MBAM tells me its blocked a malicious site but the
site is something to do with avast schost.eve?

also just logged into my online banking, was that a mistake?

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.22.12

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chris :: DELL-530 [administrator]

Protection: Enabled

22/03/2013 23:10:08
mbam-log-2013-03-22 (23-10-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197198
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:21:19, on 22/03/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\notepad.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Users\Chris\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

--
End of file - 4993 bytes

Edited by LesstheJake, 22 March 2013 - 05:22 PM.

  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello LesstheJake


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP