Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer acting weird possible infections?


  • Please log in to reply

#1
Annoyance

Annoyance

    Member

  • Member
  • PipPip
  • 84 posts
Hi

Today I ran a Spybot search and destroy scan and it said it found Delta toolbar dunno if or how to get a log from that scan anyway i clicked fix it so I then preceded to to an adwcleaner scan with nothing turning up..sorry not got that scan result i deleted the file

then I did roguekiller scan logs below:
also a combofix scan which it said a system file was infected: log below:

do i still need the OTL scan if so let me know and I shall get on it straight away.


Regards
Paul

The Logs:

RKreport 1

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Scan -- Date : 06/12/2013 00:50:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKX-221CA SCSI Disk Device +++++
--- User ---
[MBR] 054084b740f9856ab99868f89389181a
[BSP] da986eff135fd6a3a758d7f3bf2f4e17 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40962048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41166848 | Size: 456838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_06122013_02d0050.txt >>
RKreport[1]_S_06122013_02d0050.txt



RKreport 2

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Remove -- Date : 06/12/2013 00:51:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKX-221CA SCSI Disk Device +++++
--- User ---
[MBR] 054084b740f9856ab99868f89389181a
[BSP] da986eff135fd6a3a758d7f3bf2f4e17 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40962048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41166848 | Size: 456838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_06122013_02d0051.txt >>
RKreport[1]_S_06122013_02d0050.txt ; RKreport[2]_D_06122013_02d0051.txt


Combofix Log:


ComboFix 13-06-08.02 - Paul 12/06/13 1:03.9.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1791.552 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-12 to 2013-06-12 )))))))))))))))))))))))))))))))
.
.
2013-06-12 00:12 . 2013-06-12 00:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-12 00:12 . 2013-06-12 00:12 -------- d-----w- c:\users\Shona\AppData\Local\temp
2013-06-12 00:12 . 2013-06-12 00:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-11 23:36 . 2013-06-11 23:36 -------- d-----w- c:\users\Paul\AppData\Local\Adobe
2013-06-11 13:23 . 2010-10-11 00:11 1924096 ----a-w- c:\windows\system32\drivers\athurx.sys
2013-06-11 11:32 . 2013-06-11 11:32 -------- d-----w- c:\program files (x86)\TubeDigger
2013-06-07 05:48 . 2009-05-20 21:32 35840 ----a-r- c:\windows\system32\drivers\BVRPMPR5a64.SYS
2013-06-07 05:44 . 2013-06-07 05:48 -------- d-----w- C:\Netgear
2013-05-28 14:28 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C817B759-4EB5-4030-BFA6-A5EE3E800D08}\mpengine.dll
2013-05-20 17:34 . 2013-05-20 17:34 -------- d-----w- c:\program files\Speccy
2013-05-15 18:49 . 2012-10-17 13:53 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2013-05-15 18:49 . 2013-05-15 18:49 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2013-05-15 18:18 . 2013-05-15 18:19 -------- d-----w- c:\users\Paul\AppData\Local\Nokia
2013-05-15 18:17 . 2013-05-15 22:31 -------- d-----w- c:\programdata\Nokia
2013-05-15 17:44 . 2013-05-15 17:46 -------- d-----w- c:\users\Paul\AppData\Roaming\PC Suite
2013-05-15 17:44 . 2013-05-15 17:46 -------- d-----w- c:\users\Paul\AppData\Roaming\Nokia
2013-05-15 17:44 . 2013-05-15 17:44 -------- d-----w- c:\programdata\PC Suite
2013-05-15 17:42 . 2013-05-15 17:44 -------- d-----w- c:\program files\DIFX
2013-05-15 17:42 . 2013-01-23 09:31 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
2013-05-15 17:42 . 2013-05-15 22:31 -------- d-----w- c:\program files (x86)\Nokia
2013-05-15 17:40 . 2013-05-15 17:49 -------- d-----w- c:\programdata\Installations
2013-05-15 12:14 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 12:14 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 12:14 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 12:14 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 12:14 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 12:14 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 12:14 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 12:14 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 12:14 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 12:13 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 12:13 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 12:13 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 01:29 . 2013-05-15 01:29 9195912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 13:17 . 2011-09-27 19:02 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 01:29 . 2012-12-30 03:17 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 01:29 . 2012-12-30 03:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 19:09 . 2013-05-09 19:09 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-09 19:09 . 2012-06-14 21:26 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-09 19:09 . 2011-09-27 20:23 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-09 08:59 . 2013-02-28 13:53 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-02-28 13:53 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-02-12 22:55 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-02-12 22:55 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-02-12 22:55 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-12 22:55 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-02-12 22:55 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-02-12 22:55 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-02-12 22:55 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-02-12 22:55 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 16:26 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 01:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 04:47 . 2013-04-15 04:47 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-15 04:47 . 2013-04-15 04:47 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-15 04:47 . 2013-04-15 04:47 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-15 04:47 . 2013-04-15 04:47 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-15 04:47 . 2013-04-15 04:47 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-15 04:47 . 2013-04-15 04:47 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-15 04:47 . 2013-04-15 04:47 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-15 04:47 . 2013-04-15 04:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-15 04:47 . 2013-04-15 04:47 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-15 04:47 . 2013-04-15 04:47 441856 ----a-w- c:\windows\system32\html.iec
2013-04-15 04:47 . 2013-04-15 04:47 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-15 04:47 . 2013-04-15 04:47 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-15 04:47 . 2013-04-15 04:47 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-15 04:47 . 2013-04-15 04:47 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-15 04:47 . 2013-04-15 04:47 235008 ----a-w- c:\windows\system32\url.dll
2013-04-15 04:47 . 2013-04-15 04:47 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-15 04:47 . 2013-04-15 04:47 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-15 04:47 . 2013-04-15 04:47 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-15 04:47 . 2013-04-15 04:47 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-15 04:47 . 2013-04-15 04:47 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-15 04:47 . 2013-04-15 04:47 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-15 04:47 . 2013-04-15 04:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-15 04:47 . 2013-04-15 04:47 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-15 04:47 . 2013-04-15 04:47 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-15 04:47 . 2013-04-15 04:47 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-15 04:47 . 2013-04-15 04:47 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-15 04:47 . 2013-04-15 04:47 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-15 04:47 . 2013-04-15 04:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-15 04:47 . 2013-04-15 04:47 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-15 04:47 . 2013-04-15 04:47 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-15 04:47 . 2013-04-15 04:47 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-15 04:47 . 2013-04-15 04:47 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-15 04:47 . 2013-04-15 04:47 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-15 04:47 . 2013-04-15 04:47 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-15 04:47 . 2013-04-15 04:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-15 04:47 . 2013-04-15 04:47 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-15 04:47 . 2013-04-15 04:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-15 04:47 . 2013-04-15 04:47 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-15 04:47 . 2013-04-15 04:47 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-15 04:47 . 2013-04-15 04:47 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-15 04:47 . 2013-04-15 04:47 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-15 04:47 . 2013-04-15 04:47 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-15 04:47 . 2013-04-15 04:47 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-15 04:47 . 2013-04-15 04:47 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-15 04:47 . 2013-04-15 04:47 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-15 04:47 . 2013-04-15 04:47 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-15 04:47 . 2013-04-15 04:47 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-15 04:47 . 2013-04-15 04:47 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-15 04:47 . 2013-04-15 04:47 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-13 05:49 . 2013-05-15 12:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:14 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:14 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:14 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 21:01 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 13:50 . 2012-03-15 22:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-22 23:28 . 2012-12-22 01:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-03-22 23:28 . 2012-12-22 01:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-03-19 06:04 . 2013-04-10 20:12 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 20:12 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 20:12 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 20:12 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 20:12 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 20:12 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 gwmvid;gwmvid;c:\windows\system32\DRIVERS\gwmvid.sys;c:\windows\SYSNATIVE\DRIVERS\gwmvid.sys [x]
R3 gwrdmir;gwrdmir;c:\windows\system32\DRIVERS\gwrdmir.sys;c:\windows\SYSNATIVE\DRIVERS\gwrdmir.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 01:29]
.
2013-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000Core.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-06 15:05]
.
2013-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000UA.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-06 15:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\
FF - prefs.js: browser.search.selectedEngine - Amazon (UK) Search Suggestions
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.ftp - 64.37.51.112
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 64.37.51.112
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 64.37.51.112
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 64.37.51.112
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-16 19:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-16 20:00; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:01; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:06; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:12; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - ExtSQL: 2013-04-16 20:13; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:14; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:20; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:21; {E10A6337-382E-4FE6-96DE-936ADC34DD04}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
FF - ExtSQL: 2013-04-16 20:24; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-19 01:11; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-06-12 01:19:08 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-12 00:19
.
Pre-Run: 224,024,879,104 bytes free
Post-Run: 223,711,924,224 bytes free
.
- - End Of File - - F9C09F0DDE250512D0322A486F0FBEC2
70E629B51C16B3C007730C6AE57144C9
  • 0

Advertisements


#2
Annoyance

Annoyance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi

you can close this thread.. i no longer need help i am now satisfied with my own scans that I am clean


Regards
Paul
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP