Avast WEBforum
Other => Viruses and worms => Topic started by: sandy55 on November 10, 2012, 02:17:17 AM
-
I am not sure I can find all the reports but will do my best. It seems the last program found something.
Not sure if I was to do them all but I did :)
Having trouble finding them as this is a new system unlike the one I am use to so they may be out of order as I find them.
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mine [Admin rights]
Mode : Scan -- Date : 11/09/2012 16:55:26
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] GoogleCrashHandler64.exe -- C:\Users\mine\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6476GSXN +++++
--- User ---
[MBR] 36eab5a6644e6a8447a0d7baffc56cfd
[BSP] fedc857b4861f5c67fb8d75a9e84f154 : Windows Vista MBR Code
FSS
Farbar Service Scanner Version: 09-11-2012
Ran by mine (administrator) on 09-11-2012 at 16:57:06
Running from "C:\Users\mine\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
# AdwCleaner v2.007 - Logfile created 11/09/2012 at 14:34:50
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : mine - MINE-PC
# Boot Mode : Normal
# Running from : C:\Users\mine\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\ProgramData\Partner
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.64
File : C:\Users\mine\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [693 octets] - [09/11/2012 14:34:50]
########## EOF - C:\AdwCleaner[R1].txt - [752 octets] ##########
# AdwCleaner v2.007 - Logfile created 11/09/2012 at 14:35:49
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : mine - MINE-PC
# Boot Mode : Normal
# Running from : C:\Users\mine\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\ProgramData\Partner
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.64
File : C:\Users\mine\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [820 octets] - [09/11/2012 14:34:50]
AdwCleaner[R2].txt - [752 octets] - [09/11/2012 14:35:49]
########## EOF - C:\AdwCleaner[R2].txt - [811 octets] ##########
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.09.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mine :: MINE-PC [administrator]
Protection: Enabled
11/9/2012 2:55:51 PM
mbam-log-2012-11-09 (14-55-51).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283787
Time elapsed: 16 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
OTL logfile created on: 11/9/2012 3:48:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mine\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.95 Gb Total Physical Memory | 3.93 Gb Available Physical Memory | 66.12% Memory free
11.90 Gb Paging File | 9.70 Gb Available in Paging File | 81.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.46 Gb Total Space | 550.54 Gb Free Space | 94.03% Space Free | Partition Type: NTFS
Computer Name: MINE-PC | User Name: mine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/09 15:45:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mine\Downloads\OTL.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/24 18:21:18 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\mine\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2011/02/01 12:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 12:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/03 13:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/28 19:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
-
I ran out of space ...
========== Modules (No Company Name) ==========
MOD - [2012/10/31 14:15:05 | 000,460,312 | ---- | M] () -- C:\Users\mine\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/10/31 14:15:02 | 004,007,448 | ---- | M] () -- C:\Users\mine\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 14:13:47 | 000,587,288 | ---- | M] () -- C:\Users\mine\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 14:13:46 | 000,123,928 | ---- | M] () -- C:\Users\mine\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 14:13:35 | 000,156,712 | ---- | M] () -- C:\Users\mine\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 14:13:34 | 000,274,984 | ---- | M] () -- C:\Users\mine\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 14:13:32 | 002,168,360 | ---- | M] () -- C:\Users\mine\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/12/09 16:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 14:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/02/01 12:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 12:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/29 13:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/01/28 15:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/10/30 15:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 15:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 15:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 15:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 15:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/04 19:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/14 11:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/09 10:29:08 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/08 18:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 00:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/08 10:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/10 17:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 07:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 14:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
-
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-09 16:40:15
-----------------------------
16:40:15.996 OS Version: Windows x64 6.1.7601 Service Pack 1
16:40:15.996 Number of processors: 4 586 0x2A07
16:40:15.996 ComputerName: MINE-PC UserName: mine
16:40:17.977 Initialize success
16:40:18.492 AVAST engine defs: 12110900
16:40:28.476 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:40:28.491 Disk 0 Vendor: TOSHIBA_ GB00 Size: 610480MB BusType: 3
16:40:28.507 Disk 0 MBR read successfully
16:40:28.523 Disk 0 MBR scan
16:40:28.523 Disk 0 Windows VISTA default MBR code
16:40:28.538 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:40:28.569 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 599511 MB offset 3074048
16:40:28.601 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9468 MB offset 1230872576
16:40:28.663 Disk 0 scanning C:\windows\system32\drivers
16:40:34.669 Service scanning
16:41:14.571 Modules scanning
16:41:14.587 Disk 0 trace - called modules:
16:41:14.633 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:41:14.649 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800811d060]
16:41:14.649 3 CLASSPNP.SYS[fffff88001b9343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006e93050]
16:41:16.115 AVAST engine scan C:\windows
16:41:19.157 AVAST engine scan C:\windows\system32
16:41:51.028 Disk 0 MBR has been saved successfully to "C:\Users\mine\Desktop\Logs\MBR.dat"
16:41:51.028 The log file has been saved successfully to "C:\Users\mine\Desktop\Logs\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-09 16:40:15
-----------------------------
16:40:15.996 OS Version: Windows x64 6.1.7601 Service Pack 1
16:40:15.996 Number of processors: 4 586 0x2A07
16:40:15.996 ComputerName: MINE-PC UserName: mine
Ok I think that is it.
-
Rogue Killer is still open it has a button to click to fix host fix proxy fix dns
should I do this?
-
The last flash from Avast before the crash flash was something about the gov't shadowing computers for a long time now.. maybe part of the virus... for all I know.
-
Hi sandy55,
Please do not run programs on you own such as RogueKiller as these are programs that, if used improperly, can damage your system more than it already is! So the answer as to what to do with RogueKiller is, ....nothing. Just attach the log and do nothing else.
Follow this guide and attach all logs produced from these four programs: AdwCleaner, Malwarebytes, OTL, and aswMBR.exe. Must stress to not try to fix anything here: we have several malware experts for that, and each does know what they are doing.
http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0)
Attaching will save you enormous time as you do not have to copy/paste each log produced.
Once these logs from only these four programs are attached, someone is certain to contact a malware expert for you to have one of them look at your logs.
EDIT: Sorry, logs were posted as runons, did not see all of them, my mistake. To attach click the "Attachments and other options" link below the text box you are replying in; click browse to find your log, highlight it, and click 'Save'. Your log is now attached.
-
giving this a try...
I hope I am not hindering your work by doing this wrong.
I am not use to working with Windows 7 or notepad. Have been typing in the name of the program and trying to add text.
When I look at the OTL file accessed from start search I see a few different text files and a file that says moved folders which you would not be able to see on your end... I have no clue what is important to you.
I have attached some files in the way you suggested some are repeats but I think a few small things are new they may be what you need. I will take another look at this as I think I am not finished but my brain has gone on vacation with overload.
-
The firewall in Avast is working now am I to take this as a sign my computer is ok now?
I am going to do a boot scan while my brain takes a vacation from this.
-
hi,
No, not hindering the work here at all. It is easier to view the logs when they are attached, is all. When attached, the complete log is there also, whereas it is possible to omit an important part using copy/paste function, so....
A malware expert will be along in a bit. Please be patient. Do not worry, they are certified malware experts; they also volunteer their time here, so due to possible time zone differences, it may be a bit before one of them analyses your logs, and steps into your thread.
Good job so far.
-
Hi logs look good, what problems are you experiencing ?
-
I had a message saying avast had crashed and the firewall would not turn on. I think this was the first post I made in general before I was directed here. I am hoping maybe it is ok as I have been using it. From what you can see it is ok now. I was using the free version when the message from Avast popped up in the lower r corner I am now using a free trial of what I think is pro but don't quote that as I am not sure what it is called now.
-
Are you experiencing any problems now ?
-
Not that I can tell but I am not very good at this. I did not have any problems before the flash message from Avast stating Avast had crashed so who knows the computer slowed down about a month ago for no apparent reason but was still faster than my old one. I am not sure what to look for I am hoping if there is nothing outrageous going on that it is ok am I right or not?
-
I can see nothing untoward on the computer, though I can dig deeper if you wish
-
I would not want you to waste your time as I said I really can't see anything wrong but then again I did not see any problems when the message of avast crashing popped up either. I think you should use your own judgement as you likely know better then I if this would be a good use of your time.
-
In all probability it was coincidental with Avast blocking the malware and then crashing
However, it is always better to be safe than sorry
I will do a slightly deeper check
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
how do I turn off avast antispyware and antivirus...?
all I have been able to do is stop the firewall.
I do not feel ok to run with it on as it says do at your own risk that usually means trouble for me.
and unchecked some boxes in choices of how to view scans ect.
-
Accept the warning but do not allow Avast to block or quarantine any files whilst combofix is running
-
I do not know how to stop avast from doing anything... except the firewall.
I have no system tray for avast that I can find.
On my old computer when I had avast I could shut it down via a tool bar on desk top.
My old computer was windows xp this one is windows 7 could this difference be the
reason I do not have the icon in the same place as before?
I do not know how to get to the next step of controlling avast...
-
As I recall the button was blue...I don't have it.
-
If Avast tries to stop or block anything a popup will appear select no action on it
-
This is a copy paste
2012-11-18 14:00:47 . 2012-11-18 14:00:47 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TosReelTimeMonitor.reg.dat
2012-11-18 14:00:46 . 2012-11-18 14:00:46 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
2012-11-18 14:00:46 . 2012-11-18 14:00:46 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TCrdMain.reg.dat
2012-11-18 14:00:46 . 2012-11-18 14:00:46 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TPwrMain.reg.dat
2012-11-18 14:00:46 . 2012-11-18 14:00:46 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-11-18 14:00:30 . 2012-11-18 14:00:30 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2012-11-18 13:58:29 . 2012-11-18 13:58:29 6,198 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-11-18 13:54:14 . 2012-11-18 13:54:16 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
think I MAY have attached it using the attach button below just in case the above is not complete...now is this the only file from combo fix that is needed?
-
ComboFix 12-11-16.02 - mine 11/18/2012 5:55.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4476 [GMT -8:00]
Running from: c:\users\mine\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-18 13:59 . 2012-11-18 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-16 20:15 . 2012-10-17 09:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8BC4461-57B4-49C4-A210-32FD600FE594}\mpengine.dll
2012-11-15 20:51 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-15 20:51 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 21:01 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 21:00 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 21:00 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-10 06:18 . 2012-10-30 23:51 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-11-10 06:18 . 2012-10-30 23:51 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-11-10 06:18 . 2012-10-30 23:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-11-10 06:18 . 2012-09-21 09:26 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-11-10 00:28 . 2012-11-10 00:28 -------- d-----w- C:\_OTL
2012-11-09 22:55 . 2012-11-09 22:55 -------- d-----w- c:\users\mine\AppData\Roaming\Malwarebytes
2012-11-09 22:54 . 2012-11-09 22:54 -------- d-----w- c:\programdata\Malwarebytes
2012-11-09 22:54 . 2012-11-09 22:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-09 22:54 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-04 07:36 . 2012-11-04 07:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-11-04 07:36 . 2012-11-04 07:36 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-11-04 07:36 . 2012-11-04 07:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-11-04 07:36 . 2012-11-04 07:36 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-04 06:29 . 2012-11-04 06:49 -------- d-----w- c:\users\mine\2012-11-03
2012-11-03 03:12 . 2012-11-15 20:50 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-30 19:41 . 2012-11-03 03:26 -------- d-----w- c:\users\mine\AppData\Local\ElevatedDiagnostics
2012-10-29 00:49 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-29 00:49 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-29 00:49 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-29 00:49 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-29 00:49 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-29 00:49 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-29 00:49 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-29 00:49 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-10-29 00:49 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-29 00:49 . 2012-10-29 00:49 -------- d-----w- c:\programdata\AVAST Software
2012-10-29 00:49 . 2012-10-29 00:49 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-18 17:39 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-18 17:21 . 2012-09-18 17:21 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-18 17:21 . 2012-09-18 17:21 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-18 17:21 . 2012-09-18 17:21 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-18 17:21 . 2012-09-18 17:21 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-18 17:21 . 2012-09-18 17:21 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-18 17:21 . 2012-09-18 17:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-18 17:21 . 2012-09-18 17:21 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-18 17:21 . 2012-09-18 17:21 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-18 17:21 . 2012-09-18 17:21 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-18 17:21 . 2012-09-18 17:21 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-18 17:21 . 2012-09-18 17:21 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-18 17:21 . 2012-09-18 17:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-18 17:21 . 2012-09-18 17:21 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-18 17:21 . 2012-09-18 17:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-18 17:21 . 2012-09-18 17:21 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-18 17:21 . 2012-09-18 17:21 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-18 17:21 . 2012-09-18 17:21 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-18 17:21 . 2012-09-18 17:21 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-18 17:21 . 2012-09-18 17:21 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-18 17:21 . 2012-09-18 17:21 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-18 17:21 . 2012-09-18 17:21 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-18 17:21 . 2012-09-18 17:21 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-18 17:21 . 2012-09-18 17:21 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-18 17:21 . 2012-09-18 17:21 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-18 17:21 . 2012-09-18 17:21 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-18 17:21 . 2012-09-18 17:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-18 17:21 . 2012-09-18 17:21 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-18 17:21 . 2012-09-18 17:21 448512 ----a-w- c:\windows\system32\html.iec
2012-09-18 17:21 . 2012-09-18 17:21 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-18 17:21 . 2012-09-18 17:21 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-18 17:21 . 2012-09-18 17:21 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-18 17:21 . 2012-09-18 17:21 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-18 17:21 . 2012-09-18 17:21 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-18 17:21 . 2012-09-18 17:21 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-18 17:21 . 2012-09-18 17:21 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-18 17:21 . 2012-09-18 17:21 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-18 17:21 . 2012-09-18 17:21 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-18 17:21 . 2012-09-18 17:21 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-18 17:21 . 2012-09-18 17:21 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-18 17:21 . 2012-09-18 17:21 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-18 17:21 . 2012-09-18 17:21 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-18 17:21 . 2012-09-18 17:21 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-18 17:21 . 2012-09-18 17:21 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-18 17:21 . 2012-09-18 17:21 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-18 17:21 . 2012-09-18 17:21 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-18 17:21 . 2012-09-18 17:21 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-18 17:21 . 2012-09-18 17:21 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-18 17:20 . 2012-09-18 17:20 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-18 17:20 . 2012-09-18 17:20 160256 ----a-w- c:\windows\system32\wextract.exe
2012-08-22 18:12 . 2012-09-18 16:13 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-18 16:13 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-18 16:13 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-18 1255736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service;
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 aswFW;avast! TDI Firewall driver;
S1 aswKbd;aswKbd;
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17 23:47]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17 23:47]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3596218228-180181814-200797472-1000Core.job
- c:\users\mine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18 23:47]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3596218228-180181814-200797472-1000UA.job
- c:\users\mine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-18 06:01:28
ComboFix-quarantined-files.txt 2012-11-18 14:01
.
Pre-Run: 590,716,887,040 bytes free
Post-Run: 590,636,081,152 bytes free
.
- - End Of File - - 7EE6E5493E73AD5FF14FB3925406A6E9
Here is the log also a copy paste as I can't locate it otherwise likely due to my inexperience with windows 7.
I had to cut it in half as it was too large.
-
You could have attached the combofix log
How is the computer behaving ?
-
The computer seems to be fine as far as I can tell.
I have no idea what to look for but it does what I ask which I am told in not much compared to what it could do...just hearsay.
-
If all is well tomorrow let me know and I will tidy up
-
I am not sure this is working correctly as I cannot see the forum pages the same as I once did.
I went to free avast and have been using it since my trial ran out.
I continually get this balloon message
avast! WebRep has crashed. Click this balloon to reload the extension.
I downloaded and used unhackme it is giving me this message..
AFX rootkit
avast! Firewall \System\ContentControl\Set\Services
Description implements main functionality for avast
Another thing I am not sure about before (last computer) there was a blue dot on the lower right side of my computer associated with avast to say if it was working Since I have had this computer during the free trial and now with the free version this has never appeared?
So my question is do I allow this program to delete this file?
and when I do click on the balloon to fix the web rep has crashed issue nothing happens not one thing.. it goes away and comes back in seconds.
-
******************************
Start checking at 12/8/2012 time:4:26:57 AM
UnHackMe Engine Version:5.9
Key:avast! Firewall
Source:\SYSTEM\CurrentControlSet\Services
Info about key:avast! Firewall Key:\SYSTEM\CurrentControlSet\Services
Service/Driver Additional Information
Name:Type
Value:32
Type:REG_BINARY
Name:Start
Value:4
Type:REG_BINARY
Name:ErrorControl
Value:1
Type:REG_BINARY
Name:ImagePath
Value:"C:\Program Files\AVAST Software\Avast\afwServ.exe"
Type:REG_EXPAND_SZ
Name:DisplayName
Value:avast! Firewall
Type:REG_SZ
Name:Group
Value:ShellSvcGroup
Type:REG_SZ
Name:WOW64
Value:1
Type:REG_BINARY
Name:ObjectName
Value:LocalSystem
Type:REG_SZ
Name:ServiceSidType
Value:1
Type:REG_BINARY
Name:Description
Value:Implements main functionality for avast! Firewall
Type:REG_SZ
Name:FailureActions
Name:DeleteFlag
Value:1
Type:REG_BINARY
Rootkit is detecting using CompareServLists (compare SCM manager's drivers list with drivers in the Services registry key).
can't seem to find the file to attach it so copied and pasted it above.
-
I downloaded and used unhackme it is giving me this message..
AFX rootkit
avast! Firewall \System\ContentControl\Set\Services
Do not delete this, it is Avast firewall
there was a blue dot on the lower right side of my computer associated with avast
Do you have an orange blob in its place
As to webrep I do not use that so I will need to check it out
-
If all is well tomorrow let me know and I will tidy up
I have been out of town to a funeral and did not see your reply things have been hectic.
-
Not a problem, did you see my last post
-
No orange blob.
-
Have you tried a repair of Avast
(https://dl.dropbox.com/u/73555776/Avast%20repair.JPG)
-
I am wondering if this web rep crash is the same message that inspired the original post... I can't recall now if it said web rep crashed or just avast crashed.
As far as I can tell things are working ok the only goofy thing was my hotmail account was messed up on the sign in page my messages were on top of the sign in page before I signed in.. page over top of a page... the next time I used hotmail it would be gone then come back then be gone... thought it was a hotmail issue... Have not noticed it lately.
-
Have you tried a repair of Avast
(https://dl.dropbox.com/u/73555776/Avast%20repair.JPG)
No I have not. Could you please tell me where you found that page.
-
Combofix reported that Avast was functioning normally so it looks as though it is the GUI that is missing. A repair should fix that
Go to control panel > Programs and Features
Select Avast and that page will appear
-
I clicked repair... got this message:
if this program did not uninstall correctly try uninstalling using settings that are compatible with your versions of windows
Program : Unknown
Publisher: Unknown
Location: C:\programFiles\Avast software asw Run Dll.exe
Is this normal? sorry it is taking me long I have to write all down then copy it here...
it also has an unintalled correctly with a green arrow... I did not think I was uninstalling anything?
press the green arrow or not?
-
previous message if from program compatibility assistant... does it make any sense to you... ?
-
Is this Avast free, Pro or AIS ?
-
I had the free when I got the first message later used the trial it ran out.. still no reply to me email on how to pay for avast... another thread sorry... went back to the free... when the trial ran out. currently using free again
-
OK lets fully remove Avast cleanup and re-install
Download Avast from here to your desktop http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe
Download aswClear from here http://files.avast.com/files/eng/aswclear.exe
Uninstall Avast via Control Panel > Programs and Features
Reboot to safe mode and run aswClear
Return to normal mode and install Avast
-
ok how do I reboot in safe mode?
-
Reboot the computer and as soon as the power is applied press and hold F8 a menu will appear. Select safe mode
-
thanks I am doing it now.
-
Ok did all that a feel rather smug and proud of myself. ;)
I registered with the free version to avoid any future issues with the change over from different versions. I did get some loopy message from chrome saying my preferences would not be saved and I could not access all features... of what I don't know. I have the orange bit now. I am hoping this is fixed and all is well. Do you think I should run the unhackme program again to see if it comes back clear now? Or just get rid of it?
-
I also noticed for the first time the recommend page and went there tried to sign in with what I just registed which is how I sign in here and it says my email and password are incorrect. I tried to create a new account using all the same information and it says the email is already in use...oh bother I am quite sure of the password as just did it a moment ago.
-
OK lets clear my rubbish now and then see how the computer is behaving
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Remove ComboFix- Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
- In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg)
- Follow the prompts on the screen
- A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
(http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif) Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:- Go to this site (http://java.com/en/) and click Do I have Java
- It will check your current version and then offer to update to the latest version
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport (http://www.trusteer.com/Products/Trusteer-Rapport-for-Online-Banking)
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)Keep safe :wave:
-
I repeatedly get the message window cannot find Combofix/Uninstall?
-
However I can find it when I do a file search now what?
-
OK let OTL remove it, this will happen when you press the cleanup button
-
system restore says it is only for window vista or window xp I used it anyway...
I could not get the java to do as you asked so I deleted the entire file...
everything else is done.
If I find I need that java file to live happily I will try to download it from scratch at that time as of now
I have now idea how the computer is working as all I have been able to accomplish is the things you have asked above \will watch it and report back any glitches if any.
thanks for your help..
-
Removing Java is a good move, I doubt if you will really need it again