Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My laptop got infected and now I am not able to do anything. [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Lets try it a different way

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Download the attached fixlist.txt to your desktop

Attached File  fixlist.txt   259bytes   44 downloads

Run FRST and press Fix

Once it has completed the computer will reboot

On completion of the reboot a log will open

Please post that

 


  • 0

Advertisements


#17
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

what is the best various protection that I can down load again so that I don't get affect.... anymore.....


  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer at the moment .. Is it any better ?

With regards to antivirus I use Avast but there are two other free ones that you can use.

With regards to Avast I can help you install that and if you do not like it you can change

Download the following programme to your desktop Avast Free

Double click the installer and then when you are offered the choice select Custom install

avast2.JPG

In the central box deselect the following :

Grimefighter
Simple Management connector
Secure line


Then proceed with the installation
Currently they require you to register the free programme annually (that will change soon )

There is a small video here which will help you through the process


Be aware that the antivirus will talk to you when it updates or detects malware
  • 0

#19
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

I still not able to fix anything that you told me to fix ... can you please explain to me...how to do it.....


  • 0

#20
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

ok  do you have anything else that I can  download  that would help that is free...


  • 0

#21
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

not able to do anything... that you want me to do


  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What have you been able to do so far ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#23
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

when I tied to download it says that it can not be download..


  • 0

#24
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

I click on link l and I did disable everything..in order for it to go through.. 


  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Try a download from this link https://dl.dropboxus...76/ComboFix.exe
  • 0

Advertisements


#26
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

ok I was able to download the application it said that it was corrupt.....in went ahead and reg  it and though I would let you.. know


  • 0

#27
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

ComboFix 14-08-31.01 - judy 09/02/2014  17:39:17.2.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.5573.4155 [GMT -7:00]
Running from: c:\users\judy\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\8X9KCGO0\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\judy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprfl265.dll
.
Infected copy of c:\windows\SysWow64\comres.dll was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!SysWOW64!comres.dll
.
(((((((((((((((((((((((((   Files Created from 2014-08-03 to 2014-09-03  )))))))))))))))))))))))))))))))
.
.
2014-09-03 01:01 . 2014-09-03 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-03 01:01 . 2014-09-03 01:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-09-02 04:11 . 2014-09-02 04:11 -------- d-----w- c:\programdata\Foolish IT
2014-09-02 04:11 . 2014-09-02 04:11 -------- d-----w- c:\program files (x86)\Foolish IT
2014-09-02 03:53 . 2013-08-03 06:40 1374208 ----a-w- c:\windows\system32\wdc.dll
2014-09-02 03:53 . 2013-08-03 06:40 566784 ----a-w- c:\windows\system32\wvc.dll
2014-09-02 03:53 . 2013-08-03 06:40 462336 ----a-w- c:\windows\system32\sysmon.ocx
2014-09-02 03:51 . 2013-08-02 06:28 19758080 ----a-w- c:\windows\system32\shell32.dll
2014-09-02 03:51 . 2013-08-01 10:41 2233688 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-09-02 03:51 . 2013-08-02 06:28 10116608 ----a-w- c:\windows\system32\twinui.dll
2014-09-02 03:51 . 2013-04-09 23:17 1125888 ----a-w- c:\windows\system32\msctf.dll
2014-09-02 03:51 . 2013-07-31 00:42 1107968 ----a-w- c:\program files\Common Files\System\Ole DB\oledb32.dll
2014-09-02 03:51 . 2013-08-02 06:26 2304512 ----a-w- c:\windows\system32\authui.dll
2014-09-02 03:51 . 2013-08-10 05:21 448512 ----a-w- c:\windows\system32\SettingSync.dll
2014-09-02 03:51 . 2013-08-02 06:28 222208 ----a-w- c:\windows\system32\shdocvw.dll
2014-09-02 03:51 . 2013-07-31 00:50 941056 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\oledb32.dll
2014-09-02 03:51 . 2013-07-24 23:06 225280 ----a-w- c:\windows\system32\mbsmsapi.dll
2014-09-02 03:51 . 2013-08-10 05:21 128512 ----a-w- c:\windows\system32\SettingSyncInfo.dll
2014-09-02 03:50 . 2014-09-02 03:50 -------- d-----w- c:\program files\Google
2014-09-02 03:47 . 2014-09-02 03:50 -------- d-----w- c:\program files (x86)\Google
2014-09-02 03:46 . 2014-09-02 16:14 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-09-02 03:46 . 2014-09-02 03:46 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-09-02 03:46 . 2014-09-02 03:46 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-09-02 03:46 . 2014-09-02 03:46 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-09-02 03:46 . 2014-09-02 03:46 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-09-02 03:46 . 2014-09-02 03:46 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-09-02 03:46 . 2014-09-02 03:46 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-09-02 03:46 . 2014-09-02 03:46 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-09-02 03:46 . 2014-09-02 03:46 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-09-02 03:46 . 2014-09-02 03:46 43152 ----a-w- c:\windows\avastSS.scr
2014-09-02 03:45 . 2014-09-02 03:45 -------- d-----w- c:\program files\AVAST Software
2014-09-02 03:44 . 2014-02-26 23:40 982016 ----a-w- c:\windows\system32\KernelBase.dll
2014-09-02 03:44 . 2014-03-01 09:47 1258496 ----a-w- c:\windows\system32\kernel32.dll
2014-09-02 03:44 . 2014-02-26 23:18 621568 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-09-02 03:44 . 2014-03-01 09:47 1120768 ----a-w- c:\windows\system32\gpedit.dll
2014-09-02 03:44 . 2014-02-26 23:18 370688 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-09-02 03:44 . 2014-02-26 23:18 215040 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-09-02 03:44 . 2014-02-26 23:18 247808 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-09-02 03:44 . 2014-02-15 04:15 78336 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2014-09-02 03:44 . 2013-11-25 23:17 83968 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-09-02 03:42 . 2014-09-02 03:45 -------- d-----w- c:\programdata\AVAST Software
2014-09-02 03:40 . 2014-05-29 04:04 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2014-09-02 03:40 . 2014-05-08 01:34 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2014-08-31 23:34 . 2014-08-31 23:37 -------- d-----w- c:\windows\system32\MRT
2014-08-30 20:24 . 2013-06-29 03:08 32768 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-08-30 20:24 . 2013-05-04 04:48 27648 ----a-w- c:\windows\system32\drivers\hidusb.sys
2014-08-30 19:37 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-30 19:35 . 2013-03-02 02:43 2146304 ----a-w- c:\windows\system32\actxprxy.dll
2014-08-30 19:18 . 2013-03-02 10:39 69864 ----a-w- c:\windows\system32\drivers\pdc.sys
2014-08-30 19:18 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll
2014-08-30 19:18 . 2012-11-10 04:22 122880 ----a-w- c:\windows\system32\VmHostAI.dll
2014-08-30 19:18 . 2012-11-10 04:22 126976 ----a-w- c:\windows\system32\RDWebAI.dll
2014-08-30 19:18 . 2012-11-10 04:20 135680 ----a-w- c:\windows\system32\appserverai.dll
2014-08-30 19:18 . 2012-11-10 04:23 148480 ----a-w- c:\windows\system32\poqexec.exe
2014-08-30 19:17 . 2013-03-02 09:59 411880 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-08-30 19:16 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-08-30 19:14 . 2013-11-01 05:38 312320 ----a-w- c:\windows\system32\msieftp.dll
2014-08-29 22:16 . 2014-08-29 22:16 262312 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10245.bin
2014-08-29 22:00 . 2014-08-29 22:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-08-29 22:00 . 2014-08-29 22:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-08-29 21:42 . 2014-05-19 23:24 100352 ----a-w- c:\windows\system32\wudriver.dll
2014-08-29 21:42 . 2014-05-19 23:24 176640 ----a-w- c:\windows\system32\storewuauth.dll
2014-08-29 21:42 . 2013-08-16 05:21 49664 ----a-w- c:\windows\system32\wups.dll
2014-08-29 21:42 . 2013-08-16 05:21 49152 ----a-w- c:\windows\system32\wups2.dll
2014-08-29 21:42 . 2014-05-20 02:33 59416 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-29 21:42 . 2014-05-19 23:24 253440 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2014-08-29 21:42 . 2014-05-19 23:24 3286528 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-29 21:42 . 2014-05-19 23:24 1623040 ----a-w- c:\windows\system32\wucltux.dll
2014-08-29 21:42 . 2014-05-19 23:24 773632 ----a-w- c:\windows\system32\wuapi.dll
2014-08-29 21:41 . 2014-05-14 22:43 40448 ----a-w- c:\windows\system32\wuapp.exe
2014-08-29 21:41 . 2014-05-14 22:43 144384 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-29 21:23 . 2014-09-01 21:15 -------- d-----w- C:\AdwCleaner
2014-08-29 09:06 . 2014-08-29 09:17 -------- d-----w- C:\Windows.old
2014-08-29 08:44 . 2014-08-29 08:44 -------- d-----w- C:\$WINDOWS.~BT
2014-08-29 08:40 . 2014-08-29 08:40 -------- d-----w- c:\users\Public\OEM
2014-08-29 08:39 . 2013-01-29 19:28 51912 ----a-w- c:\windows\system32\drivers\Soluto.sys
2014-08-29 08:33 . 2014-08-29 08:33 -------- d-----w- c:\program files (x86)\OEM
2014-08-29 08:33 . 2014-08-29 08:33 -------- d-----w- c:\program files\Accessory Store
2014-08-29 08:33 . 2014-08-29 08:33 -------- d-----w- c:\programdata\OEM_YAHOO
2014-08-29 08:33 . 2014-08-29 08:33 -------- d-----w- c:\programdata\OEM_E471269A730D
2014-08-29 08:09 . 2014-09-03 00:45 -------- d-----w- c:\users\judy
2014-08-29 08:09 . 2014-08-29 08:10 -------- d-----w- c:\users\Guest
2014-08-29 07:42 . 2014-08-29 09:12 -------- d-----w- C:\$SysReset
2014-08-28 18:41 . 2014-09-02 03:32 -------- d-----w- C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-03 01:07 . 2013-08-03 10:32 65536 ----a-w- c:\windows\system32\spu_storage.bin
2014-09-02 04:11 . 2014-09-02 04:11 53248 ----a-w- c:\windows\SysWow64\zlib.dll
2014-08-29 08:30 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-06-20 17:30 . 2013-04-17 06:16 189912 ----a-w- c:\windows\system32\mfevtps.exe.f1d3.deleteme
2014-06-10 22:43 . 2014-08-30 19:37 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-13 642656]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-08-15 2994880]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-02 4085896]
.
c:\users\judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\judy\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-8-15 36414752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Soluto;Soluto;c:\windows\system32\Drivers\Soluto.sys;c:\windows\SYSNATIVE\Drivers\Soluto.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0401000.00E\ccSetx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 LMSvc;Launch Manager Service;c:\program files\Acer\Acer Launch Manager\LMSvc.exe;c:\program files\Acer\Acer Launch Manager\LMSvc.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
S3 AthrSdSrv;AthrSdSrv;c:\windows\system32\DRIVERS\athrsd.sys;c:\windows\SYSNATIVE\DRIVERS\athrsd.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 LMDriver;Launch Manager Wireless Driver;c:\windows\System32\drivers\LMDriver.sys;c:\windows\SYSNATIVE\drivers\LMDriver.sys [x]
S3 RadioShim;Shim for HID-KMDF Interface layer;c:\windows\System32\drivers\RadioShim.sys;c:\windows\SYSNATIVE\drivers\RadioShim.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-02 03:48 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02 03:47]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02 03:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-02 03:46 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\judy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-18 13427784]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-01-29 1253848]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
.
.
------- File Associations -------
.
.scr=CryptoPreventSCR
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\judy\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Google\Update\Install\{A688E879-F9E0-4A05-AF80-6004F952DF23}\37.0.2062.103_37.0.2062.102_chrome_updater.exe
c:\windows\TEMP\CR_C9360.tmp\setup.exe
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\progra~2\mcafee\SITEAD~1\saui.exe
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2014-09-02  19:03:20 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-03 02:03
.
Pre-Run: 427,069,689,856 bytes free
Post-Run: 426,613,133,312 bytes free
.
- - End Of File - - A3093B3E07BCABADD11CC9E01AD0EBE2
5FB38429D5D77768867C76DCBDB35194
 


  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer running now ? What problems are you experiencing
  • 0

#29
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

it seems to be better.. what do you suggested for me to used for an anti virus and so on..


  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well you now have Avast installed for an AV how does that suit you ?

We will now run Malwarebytes which will be your second line of defence

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP