Computer Hope
Software => Computer viruses and spyware => Topic started by: radioflyer91355 on June 11, 2011, 03:22:49 PM
-
Hello Please HELP!
I have been trying to remove this fake virus for days and I'm just spinning my wheels. I cannot download the Spyware Doctor at all *Not enough space* I have 211 gigs free.... Anyway, my boyfriend didn't know that it was a virus because it looked so real. He watched as it said erasing c drive, etc. I've had blue screens non stop for the past 2 days. Whenever I log on to his user on the laptop the computer shuts off. I am on my user and am online. What can I do?
-
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Now all of my icons are gone and not one program shows up on my start menu :-\
I tunes is gone everything. ???
-
Also, anything I try to install says access denied ???
-
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
Here's my log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/11/2011 at 10:10 PM
Application Version : 4.54.1000
Core Rules Database Version : 7254
Trace Rules Database Version: 5066
Scan type : Complete Scan
Total Scan Time : 04:11:43
Memory items scanned : 729
Memory threats detected : 0
Registry items scanned : 11110
Registry threats detected : 1
File items scanned : 193049
File threats detected : 43
Adware.SelectRebates
C:\Program Files\SELECTREBATES\FFToolbar\chrome\sahtoolbar.jar
C:\Program Files\SELECTREBATES\FFToolbar\chrome
C:\Program Files\SELECTREBATES\FFToolbar\install.rdf
C:\Program Files\SELECTREBATES\FFToolbar
C:\Program Files\SELECTREBATES\SahImages\alert.png
C:\Program Files\SELECTREBATES\SahImages\check.png
C:\Program Files\SELECTREBATES\SahImages\close.png
C:\Program Files\SELECTREBATES\SahImages
C:\Program Files\SELECTREBATES\SelectAlerts.dat
C:\Program Files\SELECTREBATES\SelectRebatesA.dat
C:\Program Files\SELECTREBATES\SelectRebatesB.dat
C:\Program Files\SELECTREBATES\SelectRebatesBT.dat
C:\Program Files\SELECTREBATES\SelectRebatesH.dat
C:\Program Files\SELECTREBATES\Toolbar\AddtoList.bmp
C:\Program Files\SELECTREBATES\Toolbar\basis.xml
C:\Program Files\SELECTREBATES\Toolbar\Basis.xml.dym
C:\Program Files\SELECTREBATES\Toolbar\Blank.bmp
C:\Program Files\SELECTREBATES\Toolbar\Cache
C:\Program Files\SELECTREBATES\Toolbar\CashBack.bmp
C:\Program Files\SELECTREBATES\Toolbar\Coupons.bmp
C:\Program Files\SELECTREBATES\Toolbar\GroceryCoupon.bmp
C:\Program Files\SELECTREBATES\Toolbar\icons.bmp
C:\Program Files\SELECTREBATES\Toolbar\ImageCache
C:\Program Files\SELECTREBATES\Toolbar\i_magnifying.bmp
C:\Program Files\SELECTREBATES\Toolbar\logo.bmp
C:\Program Files\SELECTREBATES\Toolbar\logo_24.bmp
C:\Program Files\SELECTREBATES\Toolbar\logo_HotSpots.bmp
C:\Program Files\SELECTREBATES\Toolbar\ReviewSite.bmp
C:\Program Files\SELECTREBATES\Toolbar\RightControls.dym
C:\Program Files\SELECTREBATES\Toolbar\sahtb-alert.bmp
C:\Program Files\SELECTREBATES\Toolbar\sahtb-go.bmp
C:\Program Files\SELECTREBATES\Toolbar\sahtb-grocerycoupons.bmp
C:\Program Files\SELECTREBATES\Toolbar\sahtb-icons.bmp
C:\Program Files\SELECTREBATES\Toolbar\sahtb-restaurant.bmp
C:\Program Files\SELECTREBATES\Toolbar\sahtb-wishlist.bmp
C:\Program Files\SELECTREBATES\Toolbar\Scissors.bmp
C:\Program Files\SELECTREBATES\Toolbar
C:\Program Files\SELECTREBATES
Disabled.TaskManager
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
Adware.Tracking Cookie
.yieldmanager.net [ C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\y94izrjn.default\cookies.sqlite ]
media.mtvnservices.com [ C:\Users\New Itouch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3WMCMAJ3 ]
Trojan.Agent/Gen-FraudAlert
C:\USERS\NEW ITOUCH\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\35\4CE03CA3-5239201C
Trojan.Agent/Gen-FakeAV
C:\USERS\NEW ITOUCH\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\38\7BBB1226-2825F7CD
Trojan.Agent/Gen-Kryptik
C:\USERS\NEW ITOUCH\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\40\54A925A8-3F9BD116
-
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
[recovering disk space - old attachment deleted by admin]
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)
Please uninstall Dealio Toolbar. It has a not so good reputation mainly because it gets install when you install other programs.
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - (no file)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
***************************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
-
Dig this...i cannot downloads malware bytes...it says "access denied"
-
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_18
Run by Lindsey at 14:15:25 on 2011-06-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1735 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Online Armor\OAcat.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files\Online Armor\OAreg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uURLSearchHooks: H - No File
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mWinlogon: Userinit=userinit.exe
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MFARestart] "c:\programdata\mfadata\pack\avgrunasx.exe" /usereg
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
mRun: [PC Pitstop PC Matic Reminder] c:\program files\pcpitstop\pc matic\Reminder-PCMatic.exe
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [<NO NAME>]
mRunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "c:\program files\malwarebytes' anti-malware\mbamext.dll"
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-IICS7.exe" /REG /REGSVRMODE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DISABLETASKMGR = 1 (0x1)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{75605BEE-FD3E-412D-8707-DAB46499F04B} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{75605BEE-FD3E-412D-8707-DAB46499F04B}\2375942554636303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{75605BEE-FD3E-412D-8707-DAB46499F04B}\25164696F666C69756270343 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{75605BEE-FD3E-412D-8707-DAB46499F04B}\353465F5C456163796E676 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lindsey.lindsey-pc\appdata\roaming\mozilla\firefox\profiles\mlwdx5ou.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=374563&p=
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {71764947-6DD6-40D3-8B4A-BF775BEEAB49} - c:\users\new itouch\appdata\local\{71764947-6DD6-40D3-8B4A-BF775BEEAB49}
FF - Ext: XULRunner: {A567A5F5-7DB7-4A3B-8503-C079B8ED1997} - c:\users\lindsey.lindsey-pc\appdata\local\{A567A5F5-7DB7-4A3B-8503-C079B8ED1997}
FF - Ext: avast! WebRep: [email protected] - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-12 16184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-23 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-23 307928]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-6-11 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-6-11 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-6-11 25192]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-4-19 352656]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-23 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-23 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-24 42184]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-6-11 381512]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\web protection add-on\TmProxy.exe [2010-2-1 685320]
R2 TMWebProtect;Trend Micro Web Protection Add-On Service;c:\program files\trend micro\web protection add-on\TMWebProtect.exe [2010-2-1 591232]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-12-16 66592]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2011-6-11 29312]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-2-1 206608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-18 133104]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-11-12 311568]
S2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-6-11 4326472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 228408]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-18 133104]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-6-11 91304]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-17 166912]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-2-1 206608]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-12 21:14:39 709456 ----a-w- c:\windows\is-IICS7.exe
2011-06-12 21:07:44 709456 ----a-w- c:\windows\isRS-000.tmp
2011-06-12 21:04:32 388096 ----a-r- c:\users\lindsey.lindsey-pc\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-12 20:58:08 -------- d-----w- c:\users\lindsey.lindsey-pc\appdata\local\Adobe
2011-06-12 20:23:31 386048 ---ha-w- c:\programdata\27713272.exe
2011-06-12 20:23:26 487424 ---ha-w- c:\programdata\usoRDPRVVkvyke.exe
2011-06-12 18:01:49 -------- d--h--w- c:\program files\IObit Toolbar
2011-06-12 18:01:18 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-06-12 18:01:18 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-06-12 00:51:22 -------- d--h--w- c:\users\lindsey.lindsey-pc\appdata\roaming\OnlineArmor
2011-06-12 00:51:22 -------- d--h--w- c:\programdata\OnlineArmor
2011-06-12 00:49:33 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-06-12 00:49:33 29312 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-06-12 00:49:33 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-06-12 00:49:33 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-06-12 00:49:28 -------- d--h--w- c:\program files\Online Armor
2011-06-11 21:29:40 405504 ---ha-w- c:\program files\mozilla firefox\0.3439300812766093.exe
2011-06-11 20:50:26 -------- d--h--w- c:\users\lindsey.lindsey-pc\appdata\roaming\SUPERAntiSpyware.com
2011-06-11 20:50:26 -------- d--h--w- c:\programdata\SUPERAntiSpyware.com
2011-06-11 20:50:18 -------- d--h--w- c:\program files\SUPERAntiSpyware
2011-06-11 20:49:38 -------- d--h--w- c:\users\lindsey.lindsey-pc\appdata\local\Google
2011-06-11 20:47:02 87608 ---ha-w- c:\users\lindsey.lindsey-pc\appdata\roaming\inst.exe
2011-06-11 20:47:02 47360 ---ha-w- c:\users\lindsey.lindsey-pc\appdata\roaming\pcouffin.sys
2011-06-11 17:42:47 -------- d--h--w- c:\program files\Enigma Software Group
2011-06-11 17:42:47 -------- d-----w- C:\sh4ldr
2011-06-11 17:42:04 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-06-11 17:42:02 -------- d--h--w- c:\program files\common files\Wise Installation Wizard
2011-06-11 17:28:30 -------- d--h--w- c:\programdata\PCPitstop
2011-06-11 17:28:29 -------- d--h--w- c:\program files\PCPitstop
2011-06-11 09:30:26 6962000 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{d58d1037-9dd8-403f-bc1d-aa8de55c11d0}\mpengine.dll
2011-06-11 02:27:55 -------- d-----w- C:\ca6cd44694e96bf4e5bac5
2011-06-11 02:17:09 1152 ----a-w- c:\windows\system32\windrv.sys
2011-06-10 02:10:10 -------- d-----w- C:\_movies
2011-05-26 02:54:52 970752 ---ha-w- c:\program files\mozilla firefox\0.00466055472941862.exe
2011-05-24 23:56:41 26538 ---ha-w- c:\program files\mozilla firefox\0.5964172534304436.exe
2011-05-24 23:52:03 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-21 20:15:57 -------- d--h--w- c:\programdata\PC Tools
2011-05-20 03:11:41 431975 ---ha-w- c:\program files\mozilla firefox\0.35155828031059067.exe
2011-05-19 01:23:40 131196 ---ha-w- c:\program files\mozilla firefox\0.31737244072956794.exe
2011-05-19 01:18:27 957952 ---ha-w- c:\program files\mozilla firefox\0.47764764410750005.exe
2011-05-19 00:04:53 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 19:40:03 -------- d--h--w- c:\program files\Dealio Toolbar
2011-05-17 19:40:03 -------- d--h--w- c:\program files\Application Updater
.
==================== Find3M ====================
.
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-07 21:55:43 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-20 03:47:41 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-20 03:47:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 02:57:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 14:20:54.99 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/17/2009 8:06:54 PM
System Uptime: 6/12/2011 2:10:59 PM (0 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Turion Dual-Core RM-75 | Socket A | 2200/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 109.55 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.821 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslc4c6d44a
Device ID: ROOT\LEGACY_MPKSLC4C6D44A\0000
Manufacturer:
Name: MpKslc4c6d44a
PNP Device ID: ROOT\LEGACY_MPKSLC4C6D44A\0000
Service: MpKslc4c6d44a
.
==== System Restore Points ===================
.
RP565: 6/11/2011 1:47:16 PM - Removed Google Earth.
RP566: 6/11/2011 5:32:41 PM - Windows Update
RP567: 6/11/2011 5:49:37 PM - Online Armor installation
RP568: 6/11/2011 5:50:14 PM - Device Driver Package Install: TLEM Network Service
RP569: 6/11/2011 10:31:10 PM - Installed HiJackThis
RP570: 6/11/2011 10:33:35 PM - Installed HiJackThis
RP571: 6/12/2011 10:32:58 AM - HPSF Restore Point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Adobe Shockwave Player
Advanced PC Tweaker v4.2
Advanced SystemCare 4
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
avast! Free Antivirus
AVG 2011
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 6.0.2
BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone
BlackBerry® Media Sync
Bonjour
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Dealio Toolbar v4.4
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.0.5.0 (18/11/2010)
ESU for Microsoft Vista
Free MP4 to MP3 Converter
FreeApps
Game Booster
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Quick Launch Buttons
HP Support Assistant
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
Info Center 1.0.0.5
Internet TV for Windows Media Center
IObit Security 360
IObit Toolbar v4.4
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 7
Junk Mail filter update
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
mIRC
MobileMe Control Panel
Mozilla Firefox (3.6.17)
MP4 to MP3 Converter 1.2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
Norton Internet Security
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OJOsoft Total Video Converter
Online Armor 5.0
OpenOffice.org 3.1
PC Matic 1.1.0.41
Power2Go
PowerDirector
QLBCASL
QuickTime
Realtek USB 2.0 Card Reader
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Smart Defrag 2
SPORE Creature Creator Trial Edition
SpyNoMore 2.98
SUPERAntiSpyware
Synaptics Pointing Device Driver
The Weather Channel Desktop 6
The Weather Channel Toolbar
Trend Micro Web Protection Add-On
TuxGuitar
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Winamp
Winamp Remote
Winamp Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
6/5/2011 4:47:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
6/12/2011 2:13:00 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
6/12/2011 2:12:58 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
6/12/2011 2:12:58 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
6/12/2011 2:12:58 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
6/12/2011 2:12:23 PM, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: 11 Processor ID: 0 The details view of this entry contains further information.
6/12/2011 2:12:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IS360service service to connect.
6/12/2011 2:12:04 PM, Error: Service Control Manager [7000] - The IS360service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/12/2011 2:11:15 PM, Error: volmgr [46] - Crash dump initialization failed!
6/12/2011 1:48:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
6/12/2011 1:48:31 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/12/2011 1:48:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
6/11/2011 2:59:32 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "001F16E91D32" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The WLAN AutoConfig service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Windows Live ID Sign-in Assistant service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Security Accounts Manager service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Print Spooler service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Group Policy Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Extensible Authentication Protocol service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Encrypting File System (EFS) service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Cyberlink RichVideo Service(CRVS) service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The CNG Key Isolation service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The Base Filtering Engine service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7001] - The avast! Antivirus service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Windows Audio Endpoint Builder service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The TCP/IP Registry Compatibility service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Security Driver service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Remote Procedure Call (RPC) service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Recovery Service for Windows service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The PEAUTH service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The NDIS Usermode I/O Protocol service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The NativeWiFi Filter service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The IS360service service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The HsfXAudioService service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The HP Quick Synchronization Service service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Desktop Window Manager Session Manager service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Browser Support Driver service failed to start due to the following error: The media is write protected.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:54:53 AM, Error: Service Control Manager [7000] - The Advanced SystemCare Service service failed to start due to the following error: The system cannot find the path specified.
6/11/2011 12:52:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 12:52:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 12:52:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/11/2011 12:52:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/11/2011 12:52:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/11/2011 12:52:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/11/2011 12:49:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr tmtdi Wanarpv6
6/11/2011 12:22:27 AM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.
6/10/2011 9:39:10 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/10/2011 9:08:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.105.1687.0).
6/10/2011 8:15:03 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
6/10/2011 7:27:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
6/10/2011 6:08:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/10/2011 6:08:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/10/2011 11:42:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Updater service to connect.
6/10/2011 11:41:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Advanced SystemCare Service service to connect.
6/10/2011 11:41:35 PM, Error: Service Control Manager [7000] - The Advanced SystemCare Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/10/2011 11:26:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
6/10/2011 11:26:13 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/10/2011 11:25:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service IDriverT with arguments "-Service" in order to run the server: {064CB054-2518-474E-B2E8-200049528C42}
6/10/2011 11:25:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the InstallDriver Table Manager service to connect.
6/10/2011 11:24:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Apple Mobile Device service.
6/10/2011 11:23:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
6/10/2011 11:23:02 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/10/2011 11:22:16 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
6/10/2011 10:26:55 PM, Error: Service Control Manager [7023] - The WLAN AutoConfig service terminated with the following error: %%-2146368396
6/10/2011 10:26:55 PM, Error: Microsoft-Windows-WLAN-AutoConfig [4002] - WLAN AutoConfig service has failed to start. Error Code: 2148598900
6/10/2011 10:22:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
6/10/2011 10:21:45 PM, Error: Service Control Manager [7023] - The Windows Audio Endpoint Builder service terminated with the following error: %%-2146368396
6/10/2011 10:21:45 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The operation completed successfully.
6/10/2011 10:21:45 PM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The operation completed successfully.
.
==== End Of File ===========================
-
Whew! I went onto the Malwarebytes forum and downloaded the "clean". Now it's running ;D
-
Attached is the malwarebytes log :)
[recovering disk space - old attachment deleted by admin]
-
Here's the malwarebytes report from my other user..
[recovering disk space - old attachment deleted by admin]
-
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)
Please run MBAM again for the "other user" and this time, fix the infections.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
uURLSearchHooks: H - No File
mRun: [<NO NAME>]
c:\users\lindsey.lindsey-pc\appdata\local\{A567A5F5-7DB7-4A3B-8503-C079B8ED1997}
c:\programdata\27713272.exe
c:\programdata\usoRDPRVVkvyke.exe
:folders
Dealio Toolbar
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*************************************************************
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and links posted for each one)
* Copy the file path in the below Code box:
c:\program files\mozilla firefox\0.3439300812766093.exe
c:\windows\is-IICS7.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*************************************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************************
This next scanner, ComboFix will not run with AVG on your computer. You can uninstall it and re-install it after the scan or you can download and install one of the other free scanners from the list below.
Remember to only install one antivirus!
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) Microsoft Security Essentials for Windows Vista\Windows 7 (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html) - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
4-a) Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
***************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
Hey Dave! The steps worked....for a few weeks. Now it is back tenfold. My main user can't even open firefox it's that bad. Following the steps again. Do you suggest anything different?
And more pop ups than ever. No task manager. 1:30 am Win7 Security started to scan
-
Hey Dave! The steps worked....for a few weeks. Now it is back tenfold.
We were not finished with the cleaning. Now, we'll have to start all over again.
Please go back to Reply # 6 and the SAS, MBAM and DDS scans again and post the logs. Once we start cleaning, you need to stick with it to the end.
-
Sorry about that Dave. I thought everything was good to go. Thank you for your patience. :)
[recovering disk space - old attachment deleted by admin]
-
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)
When you run MBAM, you need to "Remove the infections". Please run it again.
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dllO2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - (no file)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll
O4 - HKLM\..\Run: [MFARestart] "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
**************************************************
Now, I need to see the logs for SAS, DDS and MBAM.
-
Here are all of those logs per your request. Thank you very much for your help on this :D
[recovering disk space - old attachment deleted by admin]
-
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)
You still didn't fix the infections in MBAM. Here's the line from the instructions:
Make sure that everything is checked, and click Remove Selected.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
uURLSearchHooks: H - No File
TB: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************************************
The logs show that you have two Anti-Virus programs on your computer. Only one AV should be active on your computer. You should uninstall AVG because it will interfere with one of the scans. If you trouble uninstalling it please use the AVG removal tool below.
AVG Antivirus - AVG Antivirus Remover utility (http://www.avg.com/download-tools)
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*****************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
Here are all of the logs from your last reply.
[recovering disk space - old attachment deleted by admin]
-
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)
Please download SystemLook from one of the links below and save it to your desktop.
Link # 1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link # 2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
Double-click SystemLook.exe to run it.
Copy the contents of the following codebox into the main textfield.
:filefind
userinit.exe
Click the Look button to start the scan.
Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).
When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
-
Here you go :)
[recovering disk space - old attachment deleted by admin]
-
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)
Go to Start > Run > type Notepad.exe and click OK to open Notepad.
Copy all of the text in the below Code box into Notepad.
@echo off
copy C:\Windows\ERDNT\cache\userinit.exe c:\userinit.exe
exit
In Notepad go to File > Save as, choose to save it to your desktop and name it event.bat
Now double click the event.bat file you just created and let it finish.
You will know it's finished when there is a new file on your desktop.
Please run another scan of ComboFix and post the log after doing the above bat file.
-
Combo Fix Log
[recovering disk space - old attachment deleted by admin]
-
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and links posted for each one)
* Copy the file path in the below Code box:
c:\windows\system32\windrv.sys
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
Please update and run another scan with SAS and post the log here.
*****************************************************
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
DirLook::
C:\sh4ldr
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
-
http://virusscan.jotti.org/en/scanresult/ad4daa4b7959dc2a1524d4014e0b65deb1d67b37
-
ComboFix
[recovering disk space - old attachment deleted by admin]
-
Ok. That didn't work. Could you please open this folder and tell me what's in it? C:\sh4ldr
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
C:\sh4ldr
The file says sh4ldr.mbr
If I try to open it, the window pops up "Windows can't open this file"
-
ok that froze. Should I try it again?
-
Here's the log :)
[recovering disk space - old attachment deleted by admin]
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
ESET Log
[recovering disk space - old attachment deleted by admin]
-
Ok. That looks good. If there are no other issues, we can do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
- Click the CleanUp button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
**************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
********************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Well Dave, everything seems to be good on my user. The "New Itouch" user is still corrupt. I can't open iTunes. Any ideas?
-
Well Dave, everything seems to be good on my user. The "New Itouch" user is still corrupt. I can't open iTunes. Any ideas?
You should start a new thread for this one and we can take a look. I will lock this thread. If you need it re-opened, please send me a pm.