Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have an issue connecting to the Internet through DNS on 1 computer [


  • This topic is locked This topic is locked

#1
tootooroo

tootooroo

    Member

  • Member
  • PipPip
  • 13 posts
I made a topic here about it. I'm not sure what is going on. No matter what I do I cannot connect. Details are in the spoiler tag and on the thread I linked,

Spoiler


A couple people on that topic were kind enough to point me here suggesting I have malware. I'm not quite sure if I do but it doesn't hurt to try and see if it's a causation.

I have used Avast, CCleaner, and tried system restore to fix my issue. None of have helped.

Here's the OTL test,

Spoiler


And here's the extras the OTL test gave me

Spoiler


Thanx.

Edited by tootooroo, 05 August 2013 - 07:42 PM.

  • 0

Advertisements


#2
tootooroo

tootooroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here are a couple pictures of my DNS issues.

I tried using Google's DNS but it doesn't work.

Attached Thumbnails

  • Network Connections.png
  • Troubleshoot.png

Edited by tootooroo, 05 August 2013 - 07:41 PM.

  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


Step 1.

P2P Warning!:

IMPORTANT I have noticed that there are signs of uTorrent P2P (Peer to Peer) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use it until your computer is cleaned.


Step 2.

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



Step 3.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 4.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    services.*
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt.
  • Post the log



Step 5.

Please post:

CKfiles.txt
aswMBR log
OTL.txt


Also tell me if you recognize these programs and if so what they are:

"{2106A43A-B5A6-4A97-B316-4B3D30C435B4}" = 対魔忍アサギ2~淫謀の東京キングダム~完全版
"{39A1D3CC-7534-43CC-A0C7-72EF2883C963}" = 対魔忍アサギ外伝~カオス・アリーナ編~
"{3DF0A248-BF06-4800-9B45-997D25AB57EB}" = 対魔忍アサギ3 初回限定版
"{FD0F8FE6-17C1-408A-8F8C-5FD9D9083CE1}" = 対魔忍ユキカゼDL版
  • 0

#4
tootooroo

tootooroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks so much for responding.

I did everything you asked.

CKfiles
Spoiler


aswMBR
Spoiler


OTL
Spoiler


As for those 4 files you asked about, they're anime games (visual novels). I won't lie, they're pornographic, but I d/led them around 2010.
  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
From a computer security standpoint the presence of pornographic materials nearly always have some form of malware with them. This is a simple fact and for security purposes, even though it was in 2010, I would strongly recommend that you uninstall and remove them.

That said, if you choose to keep them they maybe rendered inoperable when we do some of the steps necessary to clean your machine. One of the versions of an infection you have is quite old and may have been there for awhile and is just now being noticed because of additional torrents with malware as well as several adware items that are currently on your machine.



Step 1.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Right click on ComboFix.exethen select run as administrator & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to something problems. Simply reboot the computer.


Step 2.

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Right click on TDSSKiller.exe and select run as administrator to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Step 3.

Please post with out using the spoiler.

Combofix.txt
TDSSKiller log



Please give me an update on how the computer is running, any changes, etc.
  • 0

#6
tootooroo

tootooroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry for the late response. TDSSKiller didn't act as how you said it would. I didn't get a cure or reboot computer option so I rebooted my computer manually. I hope that's just as good.

My computer is the same as before. Says I'm connected but I can't access any website.

Anyway

Combofix.txt

I ran this last night and got a txt file but now it's gone. I don't know what happened to it and you told me not to run it a 2nd time (I carry all my files from my laptop to my desktop via usb stick so maybe it got lost in translation).

TDSSKiller log

16:09:59.0801 3728 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
16:10:01.0802 3728 ============================================================
16:10:01.0802 3728 Current date / time: 2013/08/10 16:10:01.0802
16:10:01.0802 3728 SystemInfo:
16:10:01.0802 3728
16:10:01.0802 3728 OS Version: 6.1.7601 ServicePack: 1.0
16:10:01.0802 3728 Product type: Workstation
16:10:01.0802 3728 ComputerName: MRBADASS-MR-PC
16:10:01.0802 3728 UserName: Mr. Badass
16:10:01.0802 3728 Windows directory: C:\Windows
16:10:01.0802 3728 System windows directory: C:\Windows
16:10:01.0802 3728 Running under WOW64
16:10:01.0802 3728 Processor architecture: Intel x64
16:10:01.0802 3728 Number of processors: 8
16:10:01.0802 3728 Page size: 0x1000
16:10:01.0802 3728 Boot type: Normal boot
16:10:01.0802 3728 ============================================================
16:10:02.0098 3728 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1600000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:10:02.0118 3728 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:10:02.0122 3728 Drive \Device\Harddisk2\DR3 - Size: 0x3DF80000 (0.97 Gb), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:10:02.0124 3728 ============================================================
16:10:02.0124 3728 \Device\Harddisk0\DR0:
16:10:02.0124 3728 MBR partitions:
16:10:02.0124 3728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1377000
16:10:02.0124 3728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x138B000, BlocksNum 0xE7A7F800
16:10:02.0124 3728 \Device\Harddisk1\DR1:
16:10:02.0124 3728 MBR partitions:
16:10:02.0124 3728 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:10:02.0124 3728 \Device\Harddisk2\DR3:
16:10:02.0125 3728 MBR partitions:
16:10:02.0125 3728 \Device\Harddisk2\DR3\Partition1: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0x1EFBE0
16:10:02.0125 3728 ============================================================
16:10:02.0166 3728 C: <-> \Device\Harddisk0\DR0\Partition2
16:10:02.0203 3728 H: <-> \Device\Harddisk1\DR1\Partition1
16:10:02.0203 3728 ============================================================
16:10:02.0203 3728 Initialize success
16:10:02.0203 3728 ============================================================
16:10:31.0015 7300 Deinitialize success
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
My instructions say where the combofix file is located:

Please include the C:\ComboFix.txt in your next reply.

Please recover the ComboFix file from there.




The TDSSKiller file is not complete.
  • Make sure all three of the boxes pointed out in the pictures are checked in addition to the ones that are already checked and if it does not require a reboot after changing the parameters just start the scan.
  • Then when it is complete click on report and post that report.




Please post both files, you can post them one at a time so that you do not lose them. :)
  • 0

#8
tootooroo

tootooroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I'm sorry again for responding late. Work has kept me busy. Thanks for being patient with me.

Combofix.txt
ComboFix 13-08-09.02 - Mr. Badass 0/2013 Sat 2:04.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.8174.6212 [GMT -4:00]
Running from: c:\users\Mr. Badass\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\1023611.bat
c:\programdata\1023611.pad
c:\programdata\1023611.reg
c:\programdata\4356147.bat
c:\programdata\4356147.pad
c:\programdata\4356147.reg
c:\programdata\4971938.bat
c:\programdata\4971938.pad
c:\programdata\4971938.reg
c:\programdata\vbd3.pad
c:\programdata\windows
c:\programdata\windows\ccdxmmde.dat
c:\programdata\windows\drss.dat
c:\programdata\windows\xessmsxe.dat
c:\users\Mr. Badass\AppData\Roaming\mIRC\logs\status.log
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\SysWow64\msvfd32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Toolbar Updater Service
-------\Service_Adobe Licensing Console
.
.
((((((((((((((((((((((((( Files Created from 2013-07-10 to 2013-08-10 )))))))))))))))))))))))))))))))
.
.
2013-08-10 06:11 . 2013-08-10 06:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-05 10:15 . 2013-08-05 10:15 -------- d-----w- c:\users\Mr. Badass\AppData\Local\ElevatedDiagnostics
2013-08-04 19:39 . 2013-08-05 08:07 -------- d-----w- c:\program files (x86)\Project64 2.1
2013-07-26 10:37 . 2013-07-26 10:37 -------- d-----w- c:\users\Mr. Badass\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-07-26 10:37 . 2013-07-26 10:37 -------- d-----w- c:\users\Mr. Badass\AppData\Roaming\Adobe Mini Bridge CS5
2013-07-16 07:37 . 2013-07-16 07:37 -------- d-----w- c:\program files (x86)\MagicISO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-28 01:51 . 2012-11-12 02:00 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-28 01:51 . 2011-08-05 23:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-22 08:10 . 2013-06-22 08:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-22 08:10 . 2013-04-18 03:25 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-22 08:10 . 2011-07-15 21:13 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-22 07:57 . 2013-06-22 07:57 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-22 07:57 . 2013-06-22 07:57 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-22 07:57 . 2012-12-11 22:47 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-22 07:57 . 2012-12-11 22:47 188840 ----a-w- c:\windows\system32\java.exe
2013-06-22 07:57 . 2012-12-11 22:47 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-22 07:57 . 2011-07-15 21:13 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-31 15:00 . 2013-06-04 08:03 1922048 ----a-w- c:\windows\system32\VSFilter.dll
2013-05-21 23:31 . 2011-03-28 22:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-19 04:18 . 2011-07-15 21:31 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-05-19 04:18 . 2011-07-15 21:31 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-12-19 09:46 . 2012-12-19 09:39 4096000 ----a-w- c:\program files (x86)\GUTE5B5.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"AdobeBridge"="" [BU]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-06-12 802136]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2012-11-23 93856]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2013-01-02 181360]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"BrowserPlugInHelper"="c:\program files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe" [2013-02-04 410912]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe -s [2011-7-15 7485792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/05/19 00:22;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 BTMNET;Motorola Bluetooth Network Adapter Service;c:\windows\system32\DRIVERS\btmnet.sys;c:\windows\SYSNATIVE\DRIVERS\btmnet.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys;c:\windows\SYSNATIVE\drivers\hitmanpro36.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe;c:\windows\SYSNATIVE\lxbfcoms.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]
S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe;c:\program files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE;c:\program files (x86)\AlienRespawn\sftservice.EXE [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 19:42 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 01:51]
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 09:39]
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 09:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-14 11777128]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-08-25 16557832]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-03-21 13256]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://proxy.allsearchapp.com/app/start/
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={CABAA1E7-9443-11E2-9D78-F04DA2DDA8A9}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant =
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{780B0CA4-C86F-4377-8343-225D52CFBE4B}: NameServer = 66.228.116.178,66.228.116.179
TCP: Interfaces\{780B0CA4-C86F-4377-8343-225D52CFBE4B}\2375942554138393: NameServer = 66.228.116.178,66.228.116.179
TCP: Interfaces\{780B0CA4-C86F-4377-8343-225D52CFBE4B}\458696370296370247865602E43514C202869602765797A7: NameServer = 66.228.116.178,66.228.116.179
TCP: Interfaces\{83E3121E-F772-4042-A109-051CF8654780}: NameServer = 66.228.116.178,66.228.116.179
TCP: Interfaces\{83E3121E-F772-4042-A109-051CF8654780}\2375942554138393: NameServer = 66.228.116.178,66.228.116.179
TCP: Interfaces\{B0E032FF-A28F-4F3C-BC62-37C9AC0E4E0F}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E11AA7FE-94FE-46D9-8E2B-EF226CA4C60D}: NameServer = 66.228.116.178,66.228.116.179
TCP: Interfaces\{FDCE0AF2-6B58-4423-BAE7-4F8BD0C54F0C}: NameServer = 66.228.116.178,66.228.116.179
FF - ProfilePath - c:\users\Mr. Badass\AppData\Roaming\Mozilla\Firefox\Profiles\s8pf2j7y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://proxy.allsearchapp.com/app/start/
FF - prefs.js: keyword.URL - hxxp://www.ergative.com/search.php?q=
FF - ExtSQL: !HIDDEN! 2013-05-24 04:55; {829AD732-F3DB-4011-81C4-135F2FB05D8E}; c:\program files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
FF - user.js: browser.startup.homepage - hxxp://proxy.allsearchapp.com/app/start/
FF - user.js: browser.search.defaultenginename - All Search
FF - user.js: browser.search.defaultenginename - All Search
FF - user.js: browser.newtab.url - hxxp://proxy.allsearchapp.com/app/start/
FF - user.js: extensions.enabledAddons - [email protected]:1.0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
URLSearchHooks-{2421d847-721c-404f-87b4-bbd2b95d1087} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Toolbar-Locked - (no file)
HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Sunbelt Software\VIPRE\SBRC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-607710156-2917596151-443702668-1000\Software\SecuROM\License information*]
"datasecu"=hex:3d,b9,fb,4d,b3,df,90,87,3a,d3,a6,74,71,a5,37,ea,90,d8,35,fb,5e,
a0,85,c2,7a,fe,79,06,f1,54,92,20,9f,eb,4e,60,8d,93,34,96,f8,9d,9c,a8,24,f7,\
"rkeysecu"=hex:d1,c3,de,e8,24,16,44,da,25,d2,10,b8,09,eb,b4,3a
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWlan.exe
c:\program files (x86)\AlienRespawn\TOASTER.EXE
c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2013-08-10 02:27:54 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-10 06:27
.
Pre-Run: 1,480,205,578,240 bytes free
Post-Run: 1,480,435,343,360 bytes free
.
- - End Of File - - CB118CA4CB5C1B7A15C53628F22F238B
D41D8CD98F00B204E9800998ECF8427E

_____

As for TDSSKiller, I did everything you asked me to but I don't get what you said I'd get. I attached the images of what happens for me. I did select everything, I did reboot, I disabled Avast, I kept skip, but I don't get the reboot option.

Attached Thumbnails

  • Untitled.png
  • Untitled1.png
  • Untitled2.png

  • 0

#9
tootooroo

tootooroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have the log the 2nd time around but I can't post it. It's too long for here. I tried pastebin but it's still too long/big. I can split it into parts on pastebin if you want, otherwise I can upload it onto something like mediafire.
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Media fire is fine just post a link.
  • 0

#11
tootooroo

tootooroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Alright

http://www.mediafire...te8nch1qncq36hz

Thanks again for your patience "^__^
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Download AdwCleaner from here to your desktop
Run AdwCleaner for Vista and 7 right click and select Run as administrator

Select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please post it


Step 2.

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 3.

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL by right clicking the icon and selecting run as administrator.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2012/01/12 15:31:06 | 000,818,087 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\msvfd32.exe -- (Adobe Licensing Console)
    [2012/01/12 15:31:06 | 000,818,087 | ---- | C] ( ) -- C:\Windows\SysWow64\msvfd32.exe
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=546040238
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...8-F04DA2DDA8A9}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...8-F04DA2DDA8A9}
    IE - HKU\S-1-5-21-607710156-2917596151-443702668-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://proxy.allsear....com/app/start/
    IE - HKU\S-1-5-21-607710156-2917596151-443702668-1000\..\URLSearchHook: {2421d847-721c-404f-87b4-bbd2b95d1087} - No CLSID value found
    IE - HKU\S-1-5-21-607710156-2917596151-443702668-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKU\S-1-5-21-607710156-2917596151-443702668-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-607710156-2917596151-443702668-1000\..\SearchScopes\{43682B77-B546-4606-A6AD-D81710E1AB36}: "URL" = http://proxy.allsear...q={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "All Search"
    FF - prefs.js..browser.startup.homepage: "http://proxy.allsear...com/app/start/"
    FF - user.js..browser.startup.homepage: "http://proxy.allsear...com/app/start/"
    FF - user.js..browser.search.defaultenginename: "All Search"
    FF - user.js..browser.search.defaultenginename: "All Search"
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
    [2011/08/02 19:52:30 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
    O4 - HKU\S-1-5-21-607710156-2917596151-443702668-1000..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-607710156-2917596151-443702668-1000..\Run: [AlSrvN] C:\Users\Mr. Badass\Desktop\Alcohol_120__1.9.8.7612_+_crack\Alcohol 120% 1.9.8.7612 + crack\Crack\Plugins\Helper\AlSrvN.exe File not found
    O4 - HKU\S-1-5-21-607710156-2917596151-443702668-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-607710156-2917596151-443702668-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-607710156-2917596151-443702668-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
    [2013/02/19 23:14:35 | 000,000,153 | ---- | C] () -- C:\ProgramData\1023611.reg
    [2013/02/19 23:14:35 | 000,000,067 | ---- | C] () -- C:\ProgramData\1023611.bat
    [2013/02/19 23:14:17 | 095,023,320 | ---- | C] () -- C:\ProgramData\1023611.pad
    [2013/02/13 19:37:11 | 000,000,153 | ---- | C] () -- C:\ProgramData\4356147.reg
    [2013/02/13 19:37:11 | 000,000,067 | ---- | C] () -- C:\ProgramData\4356147.bat
    [2013/02/13 19:36:48 | 095,023,320 | ---- | C] () -- C:\ProgramData\4356147.pad
    [2013/02/07 06:50:05 | 000,000,153 | ---- | C] () -- C:\ProgramData\4971938.reg
    [2013/02/07 06:50:05 | 000,000,067 | ---- | C] () -- C:\ProgramData\4971938.bat
    [2013/02/07 06:49:44 | 095,023,320 | ---- | C] () -- C:\ProgramData\4971938.pad
    [2012/11/25 22:18:58 | 000,290,500 | ---- | C] () -- C:\Users\Mr. Badass\AppData\Local\funmoods-speeddial_sf.crx
    [2012/11/25 22:18:57 | 000,031,465 | ---- | C] () -- C:\Users\Mr. Badass\AppData\Local\funmoods.crx
    [2012/09/14 04:10:52 | 000,000,368 | ---- | C] () -- C:\ProgramData\BvedkQJGQT9xm9
    [2011/12/07 18:40:39 | 000,000,000 | ---D | M] -- C:\Users\Mr. Badass\AppData\Roaming\OpenCandy
    [2013/08/09 02:45:48 | 000,000,000 | ---D | M] -- C:\Users\Mr. Badass\AppData\Roaming\uTorrent
    [2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

    :files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]






    Posted Image



  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again, check the Scan all users box, and click the Quick Scan button. Post the log it produces in your next reply.


Step 4.

Please post:

AwCleaner log
JRT.txt
OTL fix log
OTL.txt



Please give me an update on the issues with your computer, especially any changes
  • 0

#13
tootooroo

tootooroo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
M-My internet works. I came on to do those steps and before I had a chance I checked real quick and it works! I have no idea how but I'm so happy it's back to normal. I cannot put into words how appreciative I am of your assistance and had it has not been for you my internet wouldn't be working now. Thanks so much. I apologise for the late replies. Getting my computer back to normal was important but between my job and relationship I found it difficult finding time.

I am still going to run those programs but I will do it tomorrow (or the 15th). Do you still want me to post the logs?

Edited by tootooroo, 15 August 2013 - 03:30 AM.

  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Yes please run the tools and post the logs there is still active malware on your computer. We have removed the major issues but more remains.


Regards,

CompCav
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP