Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Skips while typing and will not start in safe mode.


  • Please log in to reply
4 replies to this topic

#1 moselbee

moselbee

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 30 October 2013 - 03:31 PM

I ran mawarezbytes, removed 186 virus's... can't start in safe mode... get blue screen of death pertaiting to a virus issue.. Internet connects intermitely.

 

Now malwarez says no virus ,but I know it it still here... I Just don't know what or where... I have a hijack this log... looking for suggestions...will not allow me to run a repair of the os with the disk.  I have ran a check disk, it shows nothing.. The mouse is very jumpy on the screen and while I type it misses letters.  I can start windows normally but the pc runs very hot and will shut down after being on or a short time.

Nothing in google will open up, not google voice, mail search nothing..

 

After a restart I get a box that pops up that says solution center and wants me to inserta disk or pick a location. I am not even sure what this is pertaining to at all.. solutioncenter.msi can't be found.. It could be for my printer maybe? But haven't done anything with the printer for it to have changed. 

Attached Files


Edited by moselbee, 30 October 2013 - 05:04 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,183 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 02 November 2013 - 08:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 moselbee

moselbee
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 02 November 2013 - 07:55 PM

OK I can now get into google sites.. that is a bonus.. It still skips while typing and the mouse is jerky when it moves... but feel like  i am making progress...
 
 
 
# AdwCleaner v3.010 - Report created 02/11/2013 at 19:56:03
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Deen - HPLAPTOP
# Running from : C:\Documents and Settings\Deen\My Documents\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v3.6.16 (en-US)
 
[ File : C:\Documents and Settings\Deen\Application Data\Mozilla\Firefox\Profiles\h5mb0ziv.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Deen\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R3].txt - [953 octets] - [02/11/2013 19:53:57]
AdwCleaner[S3].txt - [875 octets] - [02/11/2013 19:56:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [934 octets] ##########
----------
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Deen on Sat 11/02/2013 at 20:10:07.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{733DDA68-8036-1D37-948D-71CEB6A678DE}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Documents and Settings\Deen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/02/2013 at 20:16:33.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------
 
 
 
ComboFix 13-11-01.03 - Deen 11/02/2013  20:28:31.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.510.90 [GMT -4:00]
Running from: c:\documents and settings\Deen\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-03 to 2013-11-03  )))))))))))))))))))))))))))))))
.
.
2013-11-03 00:09 . 2013-11-03 00:09 -------- d-----w- c:\windows\ERUNT
2013-11-02 23:53 . 2013-11-02 23:53 -------- d-----w- c:\documents and settings\Deen\Local Settings\Application Data\WMTools Downloaded Files
2013-10-31 23:13 . 2013-10-31 23:13 -------- d-----w- c:\documents and settings\Deen\Local Settings\Application Data\Google
2013-10-30 22:40 . 2013-10-30 22:40 -------- d-----w- c:\documents and settings\Deen\Local Settings\Application Data\AVG SafeGuard toolbar
2013-10-30 22:31 . 2013-10-30 22:31 -------- d-----w- c:\documents and settings\Deen\Application Data\AVG SafeGuard toolbar
2013-10-30 22:31 . 2013-10-30 22:28 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-30 22:30 . 2013-10-30 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-10-30 22:29 . 2013-11-01 16:36 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-10-30 22:28 . 2013-10-30 22:28 -------- d-----w- C:\8b19e6b964027a1ed090dc40
2013-10-30 22:27 . 2013-10-30 22:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-10-30 20:55 . 2013-10-30 20:57 -------- d-----w- c:\documents and settings\Deen\Application Data\HpUpdate
2013-10-30 20:55 . 2013-10-30 20:55 -------- d-----w- c:\windows\Hewlett-Packard
2013-10-30 18:37 . 2013-10-30 18:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-30 18:37 . 2013-10-30 18:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-26 07:00 . 2013-11-02 23:56 -------- d-----w- C:\AdwCleaner
2013-10-25 22:18 . 2013-10-25 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-10-25 02:40 . 2013-10-25 02:40 -------- d-----w- C:\Malwarebytes
2013-10-24 23:04 . 2013-10-24 23:04 -------- d-----w- c:\documents and settings\Deen\Application Data\Malwarebytes
2013-10-24 23:04 . 2013-10-24 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-10-24 23:04 . 2013-10-24 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-24 23:04 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-24 22:18 . 2013-10-24 22:18 -------- d-----w- c:\program files\CCleaner
2013-10-24 20:32 . 2013-10-24 20:32 0 ----a-w- c:\windows\system32\drivers\TA.tmp
2013-10-24 20:32 . 2013-10-24 20:01 187776 ----a-w- c:\windows\system32\drivers\TA.sys
2013-10-24 20:13 . 2013-10-24 20:13 0 ----a-w- c:\windows\system32\drivers\T9.tmp
2013-10-24 20:13 . 2013-10-24 20:01 187776 ----a-w- c:\windows\system32\drivers\T9.sys
2013-10-24 20:02 . 2013-06-12 18:10 31848 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2013-10-24 20:01 . 2013-10-04 19:23 93152 ----a-w- c:\windows\system32\PCloudCleanerService.EXE
2013-10-24 19:35 . 2013-04-08 20:30 18656 ----a-w- c:\windows\system32\PCloudBroom.exe
2013-10-24 19:35 . 2013-10-24 19:35 0 ----a-w- c:\windows\system32\drivers\T8.tmp
2013-10-24 19:35 . 2008-04-14 05:06 187776 ----a-w- c:\windows\system32\drivers\T8.sys
2013-10-24 19:12 . 2013-10-24 19:12 0 ----a-w- c:\windows\system32\drivers\T7.tmp
2013-10-24 19:12 . 2008-04-14 05:06 187776 ----a-w- c:\windows\system32\drivers\T7.sys
2013-10-24 17:51 . 2013-10-24 17:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-10-24 17:34 . 2013-10-24 17:59 -------- d-----w- c:\windows\system32\MpEngineStore
2013-10-24 17:28 . 2013-10-24 17:28 -------- d-----w- c:\windows\system32\MRT
2013-10-24 17:24 . 2013-10-24 17:45 -------- d-----w- C:\d67b3e15cd3c230972c4554d87ebf3
2013-10-24 06:32 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-24 06:19 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-10-24 06:17 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-10-24 06:17 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-10-24 06:17 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-10-24 06:17 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-24 06:17 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-24 06:03 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-10-24 05:54 . 2013-09-23 18:33 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-10-24 05:48 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-24 05:35 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-10-24 05:34 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-10-24 05:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-10-23 05:00 . 2013-10-23 07:54 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-23 18:33 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 01:31 . 2006-02-28 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2006-02-28 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2006-02-28 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2009-01-21 18:03 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2006-02-28 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2006-02-28 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_671F205FE2510B8A19879AFFBEDDBBB8"="c:\documents and settings\Deen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013-10-09 844752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-07-26 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 ACPIz;Microsoft ACPI Driver;c:\windows\system32\drivers\T9.sys [10/24/2013 4:13 PM 187776]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [10/30/2013 6:31 PM 37664]
S0 DasBoot;Panda AntiMalware Support;\SystemRoot\\SystemRoot\system32\drivers\DasBoot.SYS --> \SystemRoot\\SystemRoot\system32\drivers\DasBoot.SYS [?]
S0 DasBootF;Panda AntiMalware Support MF;\SystemRoot\\SystemRoot\system32\drivers\DasBootF.SYS --> \SystemRoot\\SystemRoot\system32\drivers\DasBootF.SYS [?]
S0 PRSBDRVR;Nemesis Link;\SystemRoot\\SystemRoot\system32\drivers\PRSBDRVR.SYS --> \SystemRoot\\SystemRoot\system32\drivers\PRSBDRVR.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-30 18:37]
.
2013-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1123561945-682003330-1003Core.job
- c:\documents and settings\Deen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-10-31 23:12]
.
2013-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1123561945-682003330-1003UA.job
- c:\documents and settings\Deen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-10-31 23:12]
.
2013-11-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Deen\Application Data\Mozilla\Firefox\Profiles\h5mb0ziv.default\
FF - prefs.js: keyword.URL - 
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-02 20:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2013-11-02  20:38:28
ComboFix-quarantined-files.txt  2013-11-03 00:38
.
Pre-Run: 65,014,857,728 bytes free
Post-Run: 65,013,854,208 bytes free
.
- - End Of File - - 09D8148CEE67C195FB4304D154D66BB7
8F558EB6672622401DA993E1E865C861


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,183 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 AM

Posted 03 November 2013 - 08:06 AM

What Panda service did your remove?
===

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.list]
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

    Post back with the Malwarebytes Anti-Malware log once it's complete.
    ===

    Please run this security check for my review.

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ===


#5 moselbee

moselbee
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 08 November 2013 - 02:59 PM

Panda Cloud antivirus...

 

And I do have malwarez already downloaded.. It scans and finds no virus

 

I will scan and post log as well as the security check and get back to you soon. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users