54 replies to this topic

[ken545]

You have some issues on this computer, lets try running Combofix is Safemode

 

Safemode with Network Support

 

To Enter Safemode

Go to  Start> Shut off your Computer> Restart

As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,

  this will bring up a menu.

Use the  Up and Down Arrow Keys to scroll up to  Safemode with Networking

Then press the  Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

[Ultilee Stupid]

A few problems.

 

After starting Combofix it told me Avast was still running. It wasn't in the tray so searched and disabled until start up. part way through the scan Avast appeared in the tray and seemed to be on and wouldn't disable.

 

During the scan it said access was denied a few times but did complete scanning. i ran combofix as admin but maybe i need to run combofix from the admin account?

 

Do i have serious problems? am i ok to use this pc for the next few hours?

 

Log

 

ComboFix 15-04-09.01 - VJones 12/04/2015  11:34:01.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2036.1522 [GMT 1:00]
Running from: c:\users\Ultimo Lee\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Enabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Caz\AppData\Roaming\vso_ts_preview.xml
c:\users\Ultimo Lee\AppData\Roaming\vso_ts_preview.xml
c:\users\VJones\AppData\Roaming\vso_ts_preview.xml
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-12 to 2015-04-12  )))))))))))))))))))))))))))))))
.
.
2015-04-12 10:55 . 2015-04-12 10:56    --------    d-----w-    c:\users\VJones\AppData\Local\temp
2015-04-12 10:55 . 2015-04-12 10:55    --------    d-----w-    c:\users\UltimoLee\AppData\Local\temp
2015-04-12 10:55 . 2015-04-12 10:55    --------    d-----w-    c:\users\Ultimo Lee\AppData\Local\temp
2015-04-12 10:55 . 2015-04-12 10:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-04-12 10:55 . 2015-04-12 10:55    --------    d-----w-    c:\users\CHughes\AppData\Local\temp
2015-04-12 10:55 . 2015-04-12 10:55    --------    d-----w-    c:\users\Caz\AppData\Local\temp
2015-04-11 15:06 . 2015-04-11 18:58    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-11 15:05 . 2015-04-11 15:05    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-04-11 15:05 . 2015-04-11 15:05    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-04-11 15:05 . 2015-04-11 15:05    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2015-04-11 14:37 . 2015-04-11 14:37    --------    d-----w-    C:\RegBackup
2015-04-11 14:00 . 2015-04-11 14:26    --------    d-----w-    C:\AdwCleaner
2015-04-10 23:40 . 2015-04-11 23:52    --------    d-----w-    C:\FRST
2015-04-10 10:30 . 2015-03-14 10:06    9119072    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D459527D-4622-4052-B233-C42028C10281}\mpengine.dll
2015-03-23 16:40 . 2015-03-23 16:39    291312    ----a-w-    c:\windows\system32\aswBoot.exe
2015-03-23 16:39 . 2015-03-23 16:39    43112    ----a-w-    c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-11 15:05 . 2012-01-17 22:13    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-03-23 16:40 . 2014-05-01 21:43    24144    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-03-23 16:40 . 2013-03-20 16:19    208024    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-03-23 16:40 . 2013-03-20 16:19    49904    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-03-23 16:40 . 2012-01-22 18:14    427736    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2015-03-23 16:40 . 2012-01-22 18:14    57888    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2015-03-23 16:40 . 2012-01-22 18:14    73440    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-03-23 16:40 . 2012-01-22 18:14    55200    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2015-03-23 16:39 . 2012-01-22 18:14    788272    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2015-03-15 18:14 . 2012-06-18 15:15    778928    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-03-15 18:14 . 2011-06-24 15:21    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-12 13:07 . 2015-03-12 13:07    369664    ----a-w-    c:\windows\system32\WMPhoto.dll
2015-03-12 13:06 . 2015-03-12 13:06    975360    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2015-03-12 13:05 . 2015-03-12 13:05    2064384    ----a-w-    c:\windows\system32\win32k.sys
2015-03-12 11:51 . 2015-03-12 11:51    34304    ----a-w-    c:\windows\system32\atmlib.dll
2015-03-12 11:51 . 2015-03-12 11:51    296960    ----a-w-    c:\windows\system32\atmfd.dll
2015-03-12 11:47 . 2015-03-12 11:47    64000    ----a-w-    c:\windows\system32\smss.exe
2015-03-12 11:47 . 2015-03-12 11:47    49152    ----a-w-    c:\windows\system32\csrsrv.dll
2015-03-12 11:47 . 2015-03-12 11:47    3604408    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2015-03-12 11:47 . 2015-03-12 11:47    3552184    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-03-11 12:47 . 2015-03-11 12:47    420864    ----a-w-    c:\windows\system32\vbscript.dll
2015-03-11 12:46 . 2015-03-11 12:46    916992    ----a-w-    c:\windows\system32\wininet.dll
2015-03-11 12:46 . 2015-03-11 12:46    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2015-03-11 12:46 . 2015-03-11 12:46    71680    ----a-w-    c:\windows\system32\iesetup.dll
2015-03-11 12:46 . 2015-03-11 12:46    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2015-03-11 12:46 . 2015-03-11 12:46    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2015-03-11 12:46 . 2015-03-11 12:46    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2015-03-11 12:46 . 2015-03-11 12:46    19456    ----a-w-    c:\windows\system32\corpol.dll
2015-03-06 04:01 . 2015-03-12 11:37    279040    ----a-w-    c:\windows\system32\schannel.dll
2015-02-24 04:23 . 2009-10-03 00:32    246920    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-12 23:31 . 2015-03-11 12:46    385024    ----a-w-    c:\windows\system32\html.iec
2015-02-12 23:24 . 2015-03-11 12:46    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2015-01-30 12:27 . 2011-12-19 18:59    91200    ----a-w-    c:\windows\system32\drivers\inspect.sys
2015-01-30 12:27 . 2011-12-19 18:59    40736    ----a-w-    c:\windows\system32\drivers\cmdhlp.sys
2015-01-30 12:27 . 2011-12-19 18:59    618584    ----a-w-    c:\windows\system32\drivers\cmdGuard.sys
2015-01-30 12:27 . 2011-12-19 18:59    17088    ----a-w-    c:\windows\system32\drivers\cmderd.sys
2015-01-30 12:27 . 2011-12-19 18:58    33520    ----a-w-    c:\windows\system32\cmdcsr.dll
2015-01-30 12:27 . 2011-12-19 18:58    386768    ----a-w-    c:\windows\system32\guard32.dll
2015-01-30 12:27 . 2014-04-02 15:29    286424    ----a-w-    c:\windows\system32\cmdvrt32.dll
2015-01-30 12:27 . 2014-04-02 15:29    40664    ----a-w-    c:\windows\system32\cmdkbd32.dll
2015-01-21 02:02 . 2015-03-12 11:39    807936    ----a-w-    c:\windows\system32\msctf.dll
2015-01-15 04:13 . 2015-02-11 16:07    440760    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-01-14 13:31 . 2015-01-14 13:31    115200    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2015-01-14 12:09 . 2015-01-14 12:09    93184    ----a-w-    c:\windows\system32\ncsi.dll
2015-01-14 12:09 . 2015-01-14 12:09    174080    ----a-w-    c:\windows\system32\nlasvc.dll
2015-01-14 12:09 . 2015-01-14 12:09    48640    ----a-w-    c:\windows\system32\nlaapi.dll
2015-01-14 12:08 . 2015-01-14 12:08    153600    ----a-w-    c:\windows\system32\profsvc.dll
2006-05-03 09:06    163328    --sh--r-    c:\windows\System32\flvDX.dll
2007-02-21 10:47    31232    --sh--r-    c:\windows\System32\msfDX.dll
2008-03-16 12:30    216064    --sh--r-    c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-23 16:39    644608    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-02-03 1243864]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-14 1021128]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-23 5512912]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-05-20 02:37    450560    ----a-w-    c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37    1263952    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2015-03-10 16:04    2327248    ----a-w-    c:\program files\Common Files\COMODO\GeekBuddyRSP.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-03 22:18    1061704    ----a-w-    c:\program files\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 18:14]
.
2015-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 22:33]
.
2015-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 22:33]
.
2015-04-10 c:\windows\Tasks\Norton Security Scan for VJones.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-22 23:51]
.
2015-04-12 c:\windows\Tasks\ReclaimerUpdateFiles_VJones.job
- c:\users\VJones\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-20 16:34]
.
2015-04-11 c:\windows\Tasks\ReclaimerUpdateXML_VJones.job
- c:\users\VJones\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-20 16:34]
.
2015-04-12 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2013-01-07 14:44]
.
2015-04-12 c:\windows\Tasks\User_Feed_Synchronization-{04F1B430-67A1-4B31-962C-B500816EFE55}.job
- c:\windows\system32\msfeedssync.exe [2015-03-11 12:46]
.
2015-04-11 c:\windows\Tasks\User_Feed_Synchronization-{09CC4FE3-90EB-45E2-9902-ADEE35007982}.job
- c:\windows\system32\msfeedssync.exe [2015-03-11 12:46]
.
2015-04-11 c:\windows\Tasks\User_Feed_Synchronization-{26438954-F43E-45EA-B377-13E87D63FBD8}.job
- c:\windows\system32\msfeedssync.exe [2015-03-11 12:46]
.
2015-04-12 c:\windows\Tasks\User_Feed_Synchronization-{3E4E7D37-EA7D-43AC-8038-284715408613}.job
- c:\windows\system32\msfeedssync.exe [2015-03-11 12:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com?fr=fp-comodo
mStart Page = https://uk.yahoo.com...t&type=avastbcl
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=ytff-comodo&p=
FF - ExtSQL: !HIDDEN! 2011-05-27 12:21; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-12 11:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2015-04-12  11:58:39
ComboFix-quarantined-files.txt  2015-04-12 10:58
.
Pre-Run: 39,806,939,136 bytes free
Post-Run: 41,424,084,992 bytes free
.
- - End Of File - - 6F049BC92B4D6B66B6488F0DEC2C7859
5C616939100B85E558DA92B899A0FC36
 

[ken545]

Nothing earth shattering removed, if the TDSS rootkit where present Combofix would have found and removed it

Go ahead and re download FRST and lets see if both logs pop up

 

Please download Farbar Recovery Scan Tool and save it to your DESKTOP

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

A simple way to check your system: Start --> Computer (right click) --> Properties

 

 

 

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Please make sure All Users is checked

Just keep the defaults as in the picture checkmarked

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[Ultilee Stupid]

When i went to download Farbar this popped up

 

[ken545]

You need to disable both Comodo and any Anti Virus programs you have running until after you download and run FRST

[Ultilee Stupid]

I didn't disable the first time and everything was fine. is it blocking anything i should be worried about?

 

Just making sure, one time i had a problem and a tech guy told me to disable and i ended up with a bigger problem. plus i'm a worrier

[ken545]

A lot of our tools and scanners are blocked by some Anti Virus programs as well as some firewalls, but as long as you follow the links I post in the forum the program is safe and does not need to be blocked. It maybe the virus definitions inside the Anti Virus programs that are blocking some tools. Remember this forum is for Malware Removal, thats why were here, we not here to cause you other problems. I dont blame you for worrying, lots of bad stuff out there lately 

[Ultilee Stupid]

Ok. same problem with Addition.txt

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
Ran by VJones (administrator) on HOME-PC on 12-04-2015 20:27:07
Running from C:\Users\Ultimo Lee\Desktop
Loaded Profiles: VJones & Ultimo Lee (Available profiles: VJones & UltimoLee & Caz & Ultimo Lee)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
( ) C:\Windows\System32\lxdacoms.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243864 2015-02-03] (COMODO)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-14] (Adobe Systems Incorporated)
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-23] (Avast Software s.r.o.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\...\RunOnce: [Adobe Speed Launcher] => 1428836607
HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!

HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...\RunOnce: [Adobe Speed Launcher] => 1428858622
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...\InprocServer32: [Default-pngfilt]  <==== ATTENTION!

HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com...t&type=avastbcl
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yhs4.searc...p={searchTerms}
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com...ast&type=odc155
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com...ast&type=odc155
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3208327182-2709425978-4292038597-1000 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://uk.search.yah...}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3208327182-2709425978-4292038597-1005 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.searc...p={searchTerms}
Toolbar: HKU\S-1-5-21-3208327182-2709425978-4292038597-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://uk.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2897 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-01-05] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2955 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-01-05] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1675 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-01-05] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2010-10-16] (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-01-05] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-01-05] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-01-05] (RealNetworks, Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-07]
FF Extension: WOT - C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-18]
FF Extension: DownloadHelper - C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-18]
FF Extension: Seekeen - C:\Program Files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA} [2015-04-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-22]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-22]

Chrome:
=======
CHR Profile: C:\Users\VJones\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-03]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-23] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-03] (Avast Software)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70872 2015-03-10] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2015-02-03] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2015-02-03] (COMODO)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-10] (Comodo Security Solutions, Inc.)
S2 gupdate1cc039659a3dd69; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
R2 lxda_device; C:\Windows\system32\lxdacoms.exe [537520 2007-03-21] ( )
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-11] (Malwarebytes Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-23] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-03-23] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-23] ()
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [618584 2015-01-30] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [40736 2015-01-30] (COMODO)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [15400 2014-06-26] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2015-01-30] (COMODO)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-11] (Malwarebytes Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-03] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\VJones\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 ManyCam; system32\DRIVERS\ManyCam.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 20:27 - 2015-04-12 20:29 - 00017560 _____ () C:\Users\Ultimo Lee\Desktop\FRST.txt
2015-04-12 20:26 - 2015-04-12 20:26 - 01135616 _____ (Farbar) C:\Users\Ultimo Lee\Desktop\FRST.exe
2015-04-12 19:30 - 2015-04-12 19:35 - 00000000 ____D () C:\Users\Ultimo Lee\Desktop\Folder (2)
2015-04-12 13:05 - 2015-04-12 18:01 - 00001176 _____ () C:\Users\Caz\AppData\Roaming\vso_ts_preview.xml
2015-04-12 11:58 - 2015-04-12 11:58 - 00014594 _____ () C:\ComboFix.txt
2015-04-12 01:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-12 01:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-12 01:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-12 01:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-12 01:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-12 01:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-12 01:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-12 01:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-12 01:55 - 2015-04-12 11:58 - 00000000 ____D () C:\Qoobox
2015-04-12 01:52 - 2015-04-12 01:52 - 05617275 ____R (Swearware) C:\Users\Ultimo Lee\Desktop\ComboFix.exe
2015-04-11 22:37 - 2015-04-11 22:37 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Ultimo Lee\Desktop\tdsskiller.exe
2015-04-11 17:24 - 2015-04-12 01:51 - 00000000 ____D () C:\Users\Ultimo Lee\Desktop\New Folder
2015-04-11 16:58 - 2015-04-11 16:58 - 00007516 _____ () C:\Users\UltimoLee\Desktop\y.txt
2015-04-11 16:06 - 2015-04-11 19:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 16:05 - 2015-04-11 16:05 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 16:05 - 2015-04-11 16:05 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 16:05 - 2015-04-11 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-11 16:05 - 2015-04-11 16:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-11 15:37 - 2015-04-11 15:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HOME-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
2015-04-11 15:37 - 2015-04-11 15:37 - 00000000 ____D () C:\RegBackup
2015-04-11 15:30 - 2015-04-11 15:30 - 02686959 _____ (Thisisu) C:\Users\Ultimo Lee\Desktop\JRT.exe
2015-04-11 15:00 - 2015-04-11 15:26 - 00000000 ____D () C:\AdwCleaner
2015-04-11 14:58 - 2015-04-11 14:58 - 02217984 _____ () C:\Users\Ultimo Lee\Desktop\adwcleaner_4.201.exe
2015-04-11 00:40 - 2015-04-12 20:27 - 00000000 ____D () C:\FRST
2015-04-08 13:10 - 2015-04-08 13:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-23 17:40 - 2015-03-23 17:39 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-23 17:39 - 2015-03-23 17:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 20:27 - 2010-11-17 01:03 - 00000414 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{09CC4FE3-90EB-45E2-9902-ADEE35007982}.job
2015-04-12 20:27 - 2009-01-04 13:35 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{04F1B430-67A1-4B31-962C-B500816EFE55}.job
2015-04-12 20:26 - 2010-07-22 16:21 - 00000424 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{26438954-F43E-45EA-B377-13E87D63FBD8}.job
2015-04-12 20:26 - 2009-09-15 20:47 - 00000400 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3E4E7D37-EA7D-43AC-8038-284715408613}.job
2015-04-12 20:06 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 20:06 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:56 - 2010-06-17 00:57 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 19:38 - 2012-06-18 16:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 19:35 - 2011-04-04 16:20 - 00000000 ____D () C:\Users\Ultimo Lee\Desktop\DL Bin
2015-04-12 19:24 - 2011-04-03 22:11 - 00000000 ____D () C:\Users\Ultimo Lee\Desktop\Lee
2015-04-12 18:11 - 2008-01-21 02:35 - 01849519 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 18:09 - 2013-01-07 19:53 - 00000274 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2015-04-12 18:09 - 2013-01-07 19:52 - 00000000 ____D () C:\Program Files\PC Tools Registry Mechanic
2015-04-12 18:09 - 2010-06-17 00:57 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 18:09 - 2009-09-13 00:25 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-12 18:06 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 18:03 - 2006-11-02 14:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-12 18:01 - 2010-12-01 15:42 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\Vso
2015-04-12 17:59 - 2010-12-01 15:45 - 00000000 ____D () C:\Users\Caz\Documents\ConvertXtoDVD
2015-04-12 15:44 - 2010-11-21 02:05 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\vlc
2015-04-12 13:57 - 2010-11-17 01:01 - 00242688 _____ () C:\Users\Caz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-12 13:31 - 2012-06-13 12:38 - 00000000 ____D () C:\Users\Caz\AppData\Roaming\SanDisk
2015-04-12 12:50 - 2006-11-02 11:33 - 00870096 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 12:15 - 2013-08-16 12:14 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_VJones.job
2015-04-12 12:01 - 2006-11-02 13:47 - 03632544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-12 12:00 - 2008-01-21 03:47 - 00439906 _____ () C:\Windows\PFRO.log
2015-04-12 11:56 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 11:27 - 2014-07-17 17:25 - 00001356 _____ () C:\Users\Ultimo Lee\AppData\Local\d3d9caps.dat
2015-04-12 11:25 - 2011-04-02 20:48 - 00000000 ____D () C:\Windows\ERDNT
2015-04-12 11:15 - 2013-08-16 12:14 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_VJones.job
2015-04-12 02:14 - 2010-06-17 00:56 - 00000000 ____D () C:\Users\VJones\AppData\Local\Google
2015-04-11 17:28 - 2011-04-04 16:54 - 00000000 ____D () C:\Users\Ultimo Lee\AppData\Roaming\vlc
2015-04-11 17:27 - 2011-04-04 16:37 - 00086016 _____ () C:\Users\Ultimo Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-11 16:05 - 2012-01-17 23:13 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 16:05 - 2009-09-14 01:07 - 00000000 ____D () C:\Users\VJones\AppData\Roaming\Malwarebytes
2015-04-11 16:05 - 2009-09-14 01:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 16:00 - 2009-01-06 18:40 - 00000000 ____D () C:\Users\VJones\AppData\Roaming\Vso
2015-04-11 15:47 - 2014-08-04 02:29 - 00000148 _____ () C:\lxda.log
2015-04-11 01:34 - 2011-04-04 18:21 - 00007524 _____ () C:\Users\Ultimo Lee\AppData\Roaming\wklnhst.dat
2015-04-10 22:52 - 2011-04-04 16:21 - 00000000 ____D () C:\Users\Ultimo Lee\AppData\Roaming\Vso
2015-04-10 21:51 - 2011-04-04 16:44 - 00000000 ____D () C:\Users\Ultimo Lee\Documents\ConvertXToDVD
2015-04-10 20:08 - 2010-07-22 16:17 - 00000476 ____H () C:\Windows\Tasks\Norton Security Scan for VJones.job
2015-04-10 15:23 - 2010-11-17 16:16 - 00026672 _____ () C:\Users\Caz\AppData\Roaming\wklnhst.dat
2015-04-10 12:31 - 2014-11-18 15:23 - 00000000 ____D () C:\Users\Caz\Downloads\Misc
2015-04-09 16:10 - 2012-06-07 23:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-23 17:40 - 2014-05-01 22:43 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-23 17:40 - 2013-03-20 17:19 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-23 17:40 - 2013-03-20 17:19 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-23 17:40 - 2012-01-22 19:14 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-23 17:40 - 2012-01-22 19:14 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-23 17:40 - 2012-01-22 19:14 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-03-23 17:40 - 2012-01-22 19:14 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-03-23 17:39 - 2012-01-22 19:14 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-22 14:13 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-17 00:49 - 2011-04-04 16:42 - 00000000 ____D () C:\Users\Ultimo Lee\dwhelper
2015-03-15 19:15 - 2010-02-22 02:18 - 00000000 ____D () C:\Users\VJones\AppData\Local\Adobe
2015-03-15 19:14 - 2012-06-18 16:15 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-15 19:14 - 2011-06-24 16:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-15 13:13 - 2010-12-02 13:37 - 00000000 ____D () C:\Users\Caz\dwhelper

==================== Files in the root of some directories =======

2009-01-06 18:40 - 2009-07-15 16:50 - 0007887 _____ () C:\Users\VJones\AppData\Roaming\pcouffin.cat
2009-01-06 18:40 - 2009-07-15 16:50 - 0001144 _____ () C:\Users\VJones\AppData\Roaming\pcouffin.inf
2009-01-06 18:41 - 2009-07-15 16:50 - 0000034 _____ () C:\Users\VJones\AppData\Roaming\pcouffin.log
2009-01-06 18:40 - 2009-07-15 16:50 - 0047360 _____ (VSO Software) C:\Users\VJones\AppData\Roaming\pcouffin.sys
2009-09-14 00:34 - 2009-09-14 00:35 - 0000088 _____ () C:\Users\VJones\AppData\Roaming\wklnhst.dat
2009-01-02 20:31 - 2009-01-02 20:31 - 0000552 _____ () C:\Users\VJones\AppData\Local\d3d8caps.dat
2009-01-02 19:03 - 2009-01-02 20:31 - 0000680 _____ () C:\Users\VJones\AppData\Local\d3d9caps.dat
2009-01-21 21:31 - 2013-01-07 19:49 - 0016896 _____ () C:\Users\VJones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-31 21:54 - 2011-03-31 21:54 - 0000036 _____ () C:\Users\VJones\AppData\Local\housecall.guid.cache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-12 18:14

==================== End Of Log ============================

 

[ken545]

I am attaching a FIXLIST file, you need to download it to your desktop where you now have FRST or the fix wont work, use your mouse to drag FIXLIST right next to FRST, either above or below it but not right on top of it, after its downloaded open up FRST and click on FIX (Not Scan) it wont take long, after your computer reboots you will find a FIXLOG file on your desktop, post it please and let me know if there has been any improvement with your system.

 

Attached Files

•  Fixlist.txt   1.19KB   305 downloads

[Ultilee Stupid]

The computer has been quicker on start up and seems to be running a lot smoother. the only problem i can think of is the lack of free space on the Hard drive, i'm at around 25GB and it should be around 40GB. there seems to have been a lack of space for a week or more.

 

This is all the log had

 

 

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
 

[ken545]

I cant remember the formula but when you lets say buy a 40GB hard drive, the way windows reads it is that you actually only have maybe 33GB of actual space.

 

Your running Vista, it was one of the worst Operating Systems that Microsoft ever came out with, if your system is not to old you may want to think about upgrading to Windows 7.

 

As far as malware, with out seeing full logs this is about as far as we can go, lets hope things continue to run good for you

 

How did I get infected in the first place ?    

Read these links and find out how to prevent getting infected again.

Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.

WhattheTech

Grinler BleepingComputer 

GeeksTo Go

Dslreports

 

 

Safe Surfn

Ken

[Ultilee Stupid]

On the Hard drive: the hard drive is 149GB. the problem is with the free space available, usually it would be between 40GB-50GB free but it's currently between 25-35GB. this has only happened in the last week or two.

 

Do you know of any reason why we can't get full logs? and am i safe or will i being doing this again in a few weeks?

 

I've had no problems in around 4 years, i thought Avast/Comodo was keeping me protected. Are they still working and compatible?

 

Should i search regularly with MalwareBytes Anti Malware and is it ok to delete what is found?

 

Also do i need to start a new thread to have the netbook looked at?

 

Thanks for all your help on this, much appreciated

 

EDIT: should i delete tall the programs we've used?

Edited by Ultilee Stupid, 12 April 2015 - 05:47 PM.

[ken545]

If your hard drive is pretty old it could be developing problems, not sure, you can post here in our hardware forum and ask them to run a health test

http://forums.whatth...p?showforum=126

 

Dont know why we are not getting full logs. There is malware that will prevent security tools from running, but thats not the case here, the tools are running but we just cant get all the logs, again an upgrade to Windows 7 maybe in order

 

Comodo and Avast are just fine, but for me there a bit to much in your face, I am on a Win 8.1 system with Microsoft Security Essentials, Malwarebytes Pro and so far its been fine for me

 

Malwarebytes is a safe program, run regular scans and remove what it finds, the Pro Version has a protection module that prevents known bad sites from loading, the cost is minimal but this of cause is up to you

 

Yes, please start a new thread for your netbook

 

As far as if your safe right now with a clean computer, I think you are but cant be 100%  sure unless I saw the logs, for example the Additions shows system tasks and if a bad task was running we could have stopped it but with no log I have no idea whats running

 

Disable your AV and Firewall and run both these programs to remove all the tools we have run

 

Double click on AdwCleaner.exe to run the tool again.

•  

• Click on the Uninstall button.

• Click Yes when asked are you sure you want to uninstall.

• Both AdwCleaner.exe, its folder and all logs will be removed.

 

 

 

==========================================================

 

 

Please download DelFix and save the file to your Desktop.

 

 

•  

• Windows XP Double Click DelFix.exe to run the program. 

• Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 

• Checkmark " Remove Disinfection Tools"

• Click the Run button

 

 

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually

 

 

Lets do this, lets run a free online virus scanner and see if it picks anything up, you need internet access and also need to disable your AV and Firewall to make sure it updates itself and runs a scan

 

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

 

 

•  

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• Click the button.

• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  •  

• Click on to download the ESET Smart Installer. Save it to your desktop.

• Double click on the icon on your desktop.

 

• Check

• Click the button.

• Accept any security warnings from your browser.

• Check

• Make sure that the option "Remove found threats" is Unchecked

• Push the Start button.

• ESET will then download updates for itself, install itself, and begin

scanning your computer. Please be patient as this can take some time.

• When the scan completes, push

• Push , and save the file to your desktop using a unique name, such as

ESETScan. Include the contents of this report in your next reply.

• Push the button.

• Push

Please make sure you include the following items in your next post:

The log that was produced after running ESET Online Scanner.

 

[Ultilee Stupid]

AdwCleaner.exe is gone but problem with DelFix

 

Clicked to run as admin after downloading and this appeared

 

 

clicked ok and then this appeared

 

[ken545]

You have something going on with your operating system, thats not malware causing that its something in your system is not right, you can just drag FRST to the trash

 

Go ahead and run ESET and lets see if it finds anything