Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: brokemomof2 on November 25, 2012, 04:36:34 PM
-
I have ATT secuity suit powered my McAffee, and am using windows Vista on this Toshiba laptop
McAffee has said that the infected files are in windows/installer, i also keep getting pop up messages from McAffee, telling me i need to restart my computer to fix infected files that can't be fixed cus they're in use atm, i have tryed this several times to no avail, and it pops up every few seconds and covers the middle of my screen, more than a lil annoying .... i'm currently following the clean up steps as requested...
[year+ old attachment deleted by admin]
-
here's the Malwarebytes log
[year+ old attachment deleted by admin]
-
DDS LOG
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by mommy at 18:19:19 on 2012-11-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3963.2484 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Windows\system32\ThpSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
-netsvcs
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://www.searchcanvas.com/?ot=6
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mURLSearchHooks: Radio TV 1.3 Toolbar: {ac417ce4-146b-4c18-a1ca-a2f609af2f9e} - C:\Program Files (x86)\Radio_TV_1.3\prxtbRadi.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Shop to Win: {65C3061D-4456-415A-B97C-1C14099AB2FF} - C:\Program Files (x86)\Shop to Win 15\Shop to Win 15.dll
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: CrossRider: {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Radio TV 1.3 Toolbar: {ac417ce4-146b-4c18-a1ca-a2f609af2f9e} - C:\Program Files (x86)\Radio_TV_1.3\prxtbRadi.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO: Shop to Win 8: {DAC028C6-2A41-4730-B91F-DFBCB26C82B3} - C:\Program Files (x86)\Shop to Win 8\ShoppingBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\23.0.1271.64\npchrome_frame.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Radio TV 1.3 Toolbar: {AC417CE4-146B-4C18-A1CA-A2F609AF2F9E} - C:\Program Files (x86)\Radio_TV_1.3\prxtbRadi.dll
TB: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Radio TV 1.3 Toolbar: {ac417ce4-146b-4c18-a1ca-a2f609af2f9e} - C:\Program Files (x86)\Radio_TV_1.3\prxtbRadi.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{51BB33C4-BC96-4C39-9838-0763D3B7C843} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F438E491-54FC-49BC-B94C-01F288683755} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\23.0.1271.64\npchrome_frame.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
x64-Run: [TPCHWMsg] C:\Program Files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - LocalServer32 - <no file>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-23 69672]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2009-5-2 8704]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-9-22 126464]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-23 196440]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WordPad.exe="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-24 06:29:36 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-24 06:29:36 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-31 23:10:00 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2012-10-31 23:10:00 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-10-31 23:10:00 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-10-31 23:10:00 158536 ----a-w- C:\Windows\System32\atl100.dll
2012-10-31 23:10:00 138056 ----a-w- C:\Windows\SysWow64\atl100.dll
2012-10-13 03:09:32 25472 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-10-05 10:02:08 16200 ----a-w- C:\Windows\stinger.sys
2012-10-01 14:24:40 157680 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-10-01 14:24:40 149488 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-10-01 14:24:40 149488 ----a-w- C:\Windows\SysWow64\java.exe
2012-10-01 14:24:39 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-10-01 14:24:39 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-08 04:14:24 42696 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2012-09-08 04:14:24 310728 ----a-w- C:\Windows\System32\drivers\atksgt.sys
.
============= FINISH: 18:23:31.04 ===============
DDS ATTACH
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/19/2010 1:08:29 PM
System Uptime: 11/25/2012 6:07:30 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 195.507 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 11.5
Advanced SystemCare 6
Apple Application Support
Apple Software Update
ArcSoft MediaImpression
ATT-PRT22
ATT-RC Self Support Tool
att.net Toolbar
Bonjour
Canon MP280 series MP Drivers
CCleaner
Compatibility Pack for the 2007 Office system
Conduit Engine
Crossrider Web Apps
CyberLink PowerCinema for TOSHIBA
D3DX10
Direct DiscRecorder
Dolby Control Center
DVD MovieFactory for TOSHIBA
Epson Event Manager
EPSON NX110 Series Printer Uninstall
EPSON Scan
FreeApps
Freemake Video Converter version 3.0.1
GamePlayLabs Plugin
Google Chrome
Google Chrome Frame
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 1.73
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 35
Junk Mail filter update
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
LightScribe 1.4.124.1
Logitech Webcam Software
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Picasa 2
PlayReady PC runtime
PowerCinema
Protected Folder
QuickBooks Financial Center
QuickTime
Radio TV 1.3 Toolbar
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5U230 Media Driver ver.2.02.02.01
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Shared C Run-time for x64
Shop To Win
Shop to Win 8
Skype Launcher
Skype Toolbars
Skype™ 5.3
Smart Defrag 2
StartNow Toolbar
Synaptics Pointing Device Driver
TOSHIBA Agreement Notification Utility
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
VC80CRTRedist - 8.0.50727.6195
Veoh Giraffic Video Accelerator
Veoh Web Player
VLC media player 1.1.5
WeatherBug
WildTangent Games
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid 1.2.1 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yontoo Layers Runtime 1.10.01
.
==== End Of File ===========================
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
*********************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
# AdwCleaner v2.010 - Logfile created 11/30/2012 at 13:02:10
# Updated 29/11/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : mommy - MOMMY-PC
# Boot Mode : Normal
# Running from : C:\Users\mommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2D0F06UO\adwcleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : Updater Service for StartNow Toolbar
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Common Files\FreeCause
Deleted on reboot : C:\Program Files (x86)\ConduitEngine
Deleted on reboot : C:\Program Files (x86)\Radio_TV_1.3
Deleted on reboot : C:\Program Files (x86)\Shop To Win
Deleted on reboot : C:\Program Files (x86)\Yontoo Layers Runtime
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Partner
Deleted on reboot : C:\ProgramData\Premium
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\Users\mommy\AppData\Local\Conduit
Deleted on reboot : C:\Users\mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Deleted on reboot : C:\Users\mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Deleted on reboot : C:\Users\mommy\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\mommy\AppData\LocalLow\ConduitEngine
Deleted on reboot : C:\Users\mommy\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\mommy\AppData\LocalLow\Radio_TV_1.3
File Deleted : C:\user.js
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\bflixtoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Radio_TV_1.3
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AC417CE4-146B-4C18-A1CA-A2F609AF2F9E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AC417CE4-146B-4C18-A1CA-A2F609AF2F9E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\ShopToWin
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062385.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062385.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062385.Shopping
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062385.Shopping.1
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063445.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063445.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063445.Shopping
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063445.Shopping.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2903587
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\FCSB000062385
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BC09B66-C282-4E02-B140-FF96DADE9A8E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Radio_TV_1.3
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2BC09B66-C282-4E02-B140-FF96DADE9A8E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AC417CE4-146B-4C18-A1CA-A2F609AF2F9E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{081BCCF4-3C32-422A-9B5C-D328FC1F903D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{364EE3BC-0645-4380-9E34-4DEA4AC00E5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98A4893D-50EB-4BDE-8778-B9F0634C1605}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC417CE4-146B-4C18-A1CA-A2F609AF2F9E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Crossrider
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GamePlayLabs
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Radio_TV_1.3 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{AC417CE4-146B-4C18-A1CA-A2F609AF2F9E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{AC417CE4-146B-4C18-A1CA-A2F609AF2F9E}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AC417CE4-146B-4C18-A1CA-A2F609AF2F9E}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\mommy\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [7878 octets] - [25/11/2012 13:13:57]
AdwCleaner[R2].txt - [13368 octets] - [30/11/2012 13:01:28]
AdwCleaner[S1].txt - [12212 octets] - [30/11/2012 13:02:10]
########## EOF - C:\AdwCleaner[S1].txt - [12273 octets] ##########
-
Now please post the ComboFix log.
-
ComboFix 12-11-30.02 - mommy 11/30/2012 15:21:40.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3963.2070 [GMT -8:00]
Running from: c:\users\mommy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Shop to Win 15
c:\program files (x86)\Shop to Win 15\patch.bat
c:\program files (x86)\Shop to Win 15\settings.xml
c:\program files (x86)\Shop to Win 15\Shop to Win 15.dll
c:\program files (x86)\Shop to Win 15\ShoppingBHO.dll
c:\program files (x86)\Shop to Win 15\ShopToWin.ico
c:\program files (x86)\Shop to Win 15\Uninst.exe
c:\program files (x86)\Shop to Win 15\version.txt
c:\program files (x86)\Shop to Win 8\ShOPpingbho.dll
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ReactivateIE.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\programdata\ntuser.dat
c:\programdata\Roaming
c:\users\mommy\AppData\Local\Temp\nsr6B61.tmp\System.dll
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Check out Previous Winners.lnk
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Frequently Asked Questions.lnk
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\How can I win $100,000.lnk
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\How can I win $500 Today.lnk
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Shop To Win Privacy Policy.lnk
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Shop to Win Terms and Conditions.lnk
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Sweepstakes Official Rules.lnk
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Uninstall.lnk
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\View My Shop to Win Account.lnk
c:\users\mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 15\Visit the Shop to Win Mall.lnk
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\@
c:\windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\L\00000004.@
c:\windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\L\201d3dde
c:\windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\L\4cce1f70
c:\windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\L\55490ac4
c:\windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\00000004.@
c:\windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\00000008.@
c:\windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\000000cb.@
c:\windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\80000000.@
c:\windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\80000032.@
c:\windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\80000064.@
c:\windows\svchost.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
c:\windows\system32\services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))
.
.
2012-11-26 01:44 . 2012-11-26 01:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-26 01:44 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-25 20:52 . 2012-11-25 20:52 -------- d-----w- c:\program files\CCleaner
2012-11-24 06:53 . 2012-04-21 00:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-11-24 06:52 . 2012-07-17 22:51 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-24 06:52 . 2012-11-24 06:53 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-11-24 06:52 . 2012-07-17 22:55 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-24 06:52 . 2012-07-17 22:51 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-24 06:52 . 2012-07-17 22:49 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-24 06:52 . 2012-07-17 22:48 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-24 06:52 . 2012-11-24 06:53 -------- d-----w- c:\program files\Common Files\McAfee
2012-11-24 06:52 . 2012-11-24 06:54 -------- d-----w- c:\program files\McAfee
2012-11-24 06:52 . 2012-11-24 08:01 -------- d-----w- c:\program files (x86)\McAfee
2012-11-24 06:36 . 2012-07-17 22:52 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-24 06:36 . 2012-11-24 09:53 -------- d-----w- c:\programdata\McAfee
2012-11-24 06:03 . 2012-11-24 06:03 -------- d-----w- C:\mfe
2012-11-12 07:35 . 2012-11-12 07:35 -------- d-----w- c:\users\mommy\AppData\Roaming\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-24 06:29 . 2012-04-05 02:19 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-24 06:29 . 2011-08-05 02:09 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-31 23:10 . 2012-10-31 23:10 829264 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 23:10 . 2012-10-31 23:10 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-10-31 23:10 . 2012-10-31 23:10 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-10-31 23:10 . 2012-10-31 23:10 158536 ----a-w- c:\windows\system32\atl100.dll
2012-10-31 23:10 . 2012-10-31 23:10 138056 ----a-w- c:\windows\SysWow64\atl100.dll
2012-10-13 03:09 . 2011-11-30 07:32 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-05 10:02 . 2012-10-05 10:02 16200 ----a-w- c:\windows\stinger.sys
2012-10-01 14:24 . 2012-10-01 14:25 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-01 14:24 . 2010-05-20 03:47 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 04:14 . 2012-09-08 04:14 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-09-08 04:14 . 2012-09-08 04:14 310728 ----a-w- c:\windows\system32\drivers\atksgt.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . B8844F93D2C5F1DCDB179AAA9AF134B7 . 381952 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrossRiderPlugin"="c:\program files (x86)\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 06:29]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 20:30]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 20:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 200216]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-13 7220768]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-13 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1713448]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1123840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.att.net
mStart Page = hxxp://www.searchcanvas.com/?ot=6
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{65C3061D-4456-415A-B97C-1C14099AB2FF} - c:\program files (x86)\Shop to Win 15\Shop to Win 15.dll
BHO-{DAC028C6-2A41-4730-B91F-DFBCB26C82B3} - c:\program files (x86)\Shop to Win 8\ShoppingBHO.dll
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPCHWMsg - c:\program files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{FE112330-9654-453C-A060-883C854F9613}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-11-30 15:59:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-30 23:59
.
Pre-Run: 202,833,551,360 bytes free
Post-Run: 203,279,003,648 bytes free
.
- - End Of File - - 7A3A347888B2CA95774086E654D6AC6A
-
Ok. We're making progress.
- Download RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
************************************************
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
-
RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : mommy [Admin rights]
Mode : Scan -- Date : 11/30/2012 19:21:02
¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\L --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-26ZCT0 +++++
--- User ---
[MBR] 4bb79f8fd9aee3a45c1915939a41a061
[BSP] 78def5e8cef5f07417ec814e08974d5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293256 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603662336 | Size: 10488 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 1d7a4d0203dcf0ebdbaf3b2881c2f7bc
[BSP] 78def5e8cef5f07417ec814e08974d5d : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293256 Mo
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603662336 | Size: 10488 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 1d7a4d0203dcf0ebdbaf3b2881c2f7bc
[BSP] 78def5e8cef5f07417ec814e08974d5d : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293256 Mo
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603662336 | Size: 10488 Mo
Finished : << RKreport[1]_S_11302012_02d1921.txt >>
RKreport[1]_S_11302012_02d1921.txt
-
i have downloaded rooter, selected run as admin., and clicked scan... it starts to scan and the i get a windows alert telling me that the program has stopped working and windows in closing it and will let me know when a solution has been found, have tried several times, same resault every time... ???
-
How's your computer working now?
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
do i allow the program to fix the threats found or close it without fixing?
-
b4 the clean up proccesses my computer was running like slowest speed dial-up, (i have high-speed DSL) but atm it's running decently from what i can see...
C:\Program Files (x86)\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew application
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ReactivateIE.exe.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] Win64/Conedex.B trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] Win64/Sirefef.AW trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] probably a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] a variant of Win64/Sirefef.AN trojan
C:\Users\mommy\AppData\Local\Google\Chrome\User Data\Default\Default\aadhgfgbggdfdedadedegegcdegbdggc\background.html Win32/BHO.OEI trojan
C:\Users\mommy\AppData\Local\Google\Chrome\User Data\Default\Default\aadhgfgbggdfdedadedegegcdegbdggc\ContentScript.js Win32/BHO.OEI trojan
C:\Users\mommy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\63562ec0-608c36ac a variant of Java/Exploit.Blacole.AB trojan
C:\Users\mommy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6e684651-7441797a multiple threats
C:\Users\mommy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4d809ea6-66f3aa8a multiple threats
C:\Users\mommy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6eba7426-59bed812 multiple threats
C:\Users\mommy\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\mommy\Downloads\GetItFree.exe Win32/Toolbar.CrossRider application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXQBU1UM\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXQBU1UM\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus
-
Please run ESET again and clean the infections.
-
C:\Program Files (x86)\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew application cleaned by deleting - quarantined
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ReactivateIE.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan deleted (after the next restart) - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan deleted (after the next restart) - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] Win64/Sirefef.AW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U\[email protected] a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Users\mommy\AppData\Local\Google\Chrome\User Data\Default\Default\aadhgfgbggdfdedadedegegcdegbdggc\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\mommy\AppData\Local\Google\Chrome\User Data\Default\Default\aadhgfgbggdfdedadedegegcdegbdggc\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\mommy\AppData\Local\temp\NOD2061.tmp Win32/Sirefef.EZ trojan deleted (after the next restart) - quarantined
C:\Users\mommy\AppData\Local\temp\NOD240A.tmp Win64/Sirefef.AD trojan deleted (after the next restart) - quarantined
C:\Users\mommy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\63562ec0-608c36ac a variant of Java/Exploit.Blacole.AB trojan deleted - quarantined
C:\Users\mommy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6e684651-7441797a multiple threats deleted - quarantined
C:\Users\mommy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4d809ea6-66f3aa8a multiple threats deleted - quarantined
C:\Users\mommy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6eba7426-59bed812 multiple threats deleted - quarantined
C:\Users\mommy\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\mommy\Downloads\GetItFree.exe Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXQBU1UM\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
ok that's done, idk if it's relivent to anything we're doing now, but i haven't been able to run windows updater in like a year, i wasn't really worried about it cus i already have the service pack 2... also, my volume and battery level icons are gone from the task bar (i thought the battery icon may be because i need a new battery. my battery no longer holds a charge, prolly cus i used to keep it plugged in too much)... i've already run the fixes from the microsoft site a long time ago and it didn't help... if it's not relivant, i'm not emediately worried about it... also, i have both enternet explorer and google chrome, someone told me haveing multiple browsers, effects the way they work, is this true?
-
idk if it's relivent to anything we're doing now, but i haven't been able to run windows updater in like a year, i wasn't really worried about it cus i already have the service pack 2...
You can try Start, Control Panel, Security Center and click on Windows Update. You should get some information about your updates there or you can download and run MS Fix-it below.
Please download and run MS Fix-it from here. (http://support.microsoft.com/mats/AudioPlayback/en-us?entrypoint=lightbox)
also, my volume and battery level icons are gone from the task bar (i thought the battery icon may be because i need a new battery. my battery no longer holds a charge, prolly cus i used to keep it plugged in too much)...
You could try running Unhide below. A battery should be run down completely before charging. If not, it will develop a memory and will not fully charge. I keep my laptop plugged in all the time but each time I use the battery I make sure that I fully discharge the battery before plugging it back in.
- Please download Unhide by Grinler from here (http://download.bleepingcomputer.com/grinler/unhide.exe) and save it to your desktop.
- Double click unhide.exe to run the tool.
- It will take some time to go through all your files, so please be patient.
- If this tool doesn´t fix the problem, please let me know.
also, i have both enternet explorer and google chrome, someone told me haveing multiple browsers, effects the way they work, is this true?
No, that's not true. I use multiple browsers on all my computers.
Please let me know how the update problem plays out?
-
windows update info:
last checked for updates 2/20/2012
showing 2 important updates
Failed to install
Error code: FFFFFFFE unknown error
ran fix, didn't help
windows could not search for new updates
Error code: 800004002 unknown error
ran unhide... made no visable difference
also, is there more i need to do for my virus problem or should it be all clear now?
-
also, is there more i need to do for my virus problem or should it be all clear now?
The infections left some damage. First of all, you should save all your important data to an external harddrive or DVD's. Then, try to run this.
x64 (64-bit) scan for Vista/7
Code:
Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to a flash drive.
Please make sure to download the 64-bit version.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Choose your language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Choose your language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[/list]
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
- The tool will start to run.
- When the tool opens click Yes to the disclaimer.
- Place a check next to List Drivers MD5 as well as the default check marks that are already there
- Press Scan button.
- type exit and reboot the computer normally
- FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
-
Sorry I took so long to reply, I had to find my flashdrive :-[
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 05-12-2012 21:43:39
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
HKLM-x32\...\Run: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [304496 2009-03-17] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [16384 2009-03-24] (Toshiba Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\mommy\...\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe [478720 2011-05-15] (Crossrider)
HKU\mommy\...\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart [490880 2012-09-24] (IObit)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
==================== Services (Whitelisted) ===================
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit)
3 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
3 Freemake Improver; "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [82944 2012-03-15] (Freemake)
2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)
3 MatSvc; "C:\Program Files\Microsoft Fix it Center\Matsvc.exe" [343856 2011-06-13] (Microsoft Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-05-04] (Alcatel-Lucent)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-07-17] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-07-17] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.)
2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)
==================== Drivers (Whitelisted) =====================
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [310728 2012-09-07] ()
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [42696 2012-09-07] ()
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
2 PfFilter; \??\C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [36792 2011-03-16] (IObit Information Technology)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
1 Beep;
3 catchme; \??\C:\ComboFix\catchme.sys
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys
3 mfeavfk01;
3 MREMP50a64;
3 MREMPR5;
3 MRENDIS5;
3 MRESP50a64;
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-12-05 21:27 - 2012-12-05 21:27 - 00000000 ____D C:\FRST
2012-12-05 21:23 - 2012-12-05 21:23 - 00000714 ____A C:\Windows\setupact.log
2012-12-05 21:23 - 2012-12-05 21:23 - 00000000 ____A C:\Windows\setuperr.log
2012-12-03 20:58 - 2012-12-03 21:33 - 00002648 ____A C:\Users\mommy\Desktop\unhide.txt
2012-12-03 20:58 - 2012-12-03 20:58 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\mommy\Desktop\unhide.exe
2012-12-03 14:28 - 2012-12-03 14:28 - 00003640 ____A C:\Users\mommy\Desktop\ESET scan.txt cleaned.txt
2012-12-02 21:23 - 2012-12-03 12:36 - 00001838 ____A C:\scu.dat
2012-12-02 15:46 - 2012-12-02 15:46 - 00002843 ____A C:\Users\mommy\Desktop\ESET scan.txt
2012-12-01 07:05 - 2012-12-01 07:05 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-30 19:24 - 2012-11-30 19:24 - 00173119 ____A (Eric_71) C:\Users\mommy\Desktop\Rooter.exe
2012-11-30 19:21 - 2012-11-30 19:21 - 00002840 ____A C:\Users\mommy\Desktop\RKreport[1]_S_11302012_02d1921.txt
2012-11-30 19:18 - 2009-10-09 13:56 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-11-30 19:17 - 2012-11-30 19:20 - 00000000 ____D C:\Users\mommy\Desktop\RK_Quarantine
2012-11-30 19:17 - 2012-11-30 19:17 - 00752128 ____A C:\Users\mommy\Desktop\RogueKiller.exe
2012-11-30 15:59 - 2012-11-30 15:59 - 00022228 ____A C:\ComboFix.txt
2012-11-30 15:46 - 2012-12-05 21:30 - 00564244 ____A C:\Windows\WindowsUpdate.log
2012-11-30 14:45 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-30 14:45 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-30 14:45 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-30 14:45 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-30 14:45 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-30 14:45 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-30 14:45 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-30 14:45 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-30 13:56 - 2012-11-30 16:00 - 00000000 ____D C:\Qoobox
2012-11-30 13:56 - 2012-11-30 15:56 - 00000000 ____D C:\Windows\erdnt
2012-11-30 13:52 - 2012-11-30 13:52 - 05009213 ____R (Swearware) C:\Users\mommy\Desktop\ComboFix.exe
2012-11-30 13:02 - 2012-11-30 13:02 - 00012317 ____A C:\AdwCleaner[S1].txt
2012-11-30 13:01 - 2012-11-30 13:01 - 00013368 ____A C:\AdwCleaner[R2].txt
2012-11-25 20:46 - 2012-11-25 20:46 - 00659504 ____A (FUSENET) C:\Users\mommy\Downloads\GraboidVideoInstaller-3.58.exe
2012-11-25 18:24 - 2012-11-25 18:24 - 00009267 ____A C:\Users\mommy\Desktop\attach.txt
2012-11-25 18:24 - 2012-11-25 18:23 - 00018391 ____A C:\Users\mommy\Desktop\dds.txt
2012-11-25 18:08 - 2012-11-30 15:43 - 00662186 ____A C:\Windows\PFRO.log
2012-11-25 17:44 - 2012-11-25 17:44 - 00000959 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-25 17:44 - 2012-11-25 17:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-25 17:44 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-25 13:13 - 2012-11-25 13:14 - 00007878 ____A C:\AdwCleaner[R1].txt
2012-11-25 12:52 - 2012-11-25 12:52 - 00000781 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-25 12:52 - 2012-11-25 12:52 - 00000000 ____D C:\Program Files\CCleaner
2012-11-23 22:53 - 2012-11-23 22:53 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-11-23 22:53 - 2012-04-20 16:40 - 00196440 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2012-11-23 22:52 - 2012-11-24 00:01 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-11-23 22:52 - 2012-11-23 22:54 - 00000000 ____D C:\Program Files\McAfee
2012-11-23 22:52 - 2012-11-23 22:53 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-11-23 22:52 - 2012-11-23 22:52 - 00000000 ____D C:\Program Files\McAfee.com
2012-11-23 22:52 - 2012-07-17 14:55 - 00069672 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-11-23 22:52 - 2012-07-17 14:51 - 00106112 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-11-23 22:52 - 2012-07-17 14:51 - 00010288 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-11-23 22:52 - 2012-07-17 14:49 - 00513456 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-11-23 22:52 - 2012-07-17 14:48 - 00300392 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-11-23 22:36 - 2012-11-24 01:53 - 00000000 ____D C:\Users\All Users\McAfee
2012-11-23 22:36 - 2012-07-17 14:52 - 00177144 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-11-23 22:16 - 2012-11-23 22:16 - 00000000 ____A C:\asc_rdflag
2012-11-23 22:03 - 2012-11-23 22:03 - 00000000 ____D C:\mfe
2012-11-11 23:35 - 2012-11-11 23:35 - 00000000 ____D C:\Users\mommy\AppData\Roaming\McAfee
2012-11-11 21:42 - 2012-07-17 14:52 - 00177144 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe.0a03.deleteme
==================== One Month Modified Files and Folders =======
2012-12-05 21:30 - 2012-11-30 15:46 - 00564244 ____A C:\Windows\WindowsUpdate.log
2012-12-05 21:30 - 2006-11-02 07:42 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-05 21:30 - 2006-11-02 07:42 - 00000006 ____A C:\Windows\Tasks\SA.DAT
2012-12-05 21:30 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-05 21:30 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-05 21:29 - 2011-11-05 16:53 - 00000000 ____D C:\Program Files (x86)\Giraffic
2012-12-05 21:28 - 2010-05-19 12:31 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-05 21:27 - 2012-12-05 21:27 - 00000000 ____D C:\FRST
2012-12-05 21:26 - 2006-11-02 04:46 - 00703342 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-05 21:23 - 2012-12-05 21:23 - 00000714 ____A C:\Windows\setupact.log
2012-12-05 21:23 - 2012-12-05 21:23 - 00000000 ____A C:\Windows\setuperr.log
2012-12-05 20:49 - 2010-09-24 20:36 - 00028672 ____A C:\Users\mommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-05 20:39 - 2012-07-21 10:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-05 20:36 - 2010-05-19 12:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-03 21:33 - 2012-12-03 20:58 - 00002648 ____A C:\Users\mommy\Desktop\unhide.txt
2012-12-03 20:58 - 2012-12-03 20:58 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\mommy\Desktop\unhide.exe
2012-12-03 14:28 - 2012-12-03 14:28 - 00003640 ____A C:\Users\mommy\Desktop\ESET scan.txt cleaned.txt
2012-12-03 12:36 - 2012-12-02 21:23 - 00001838 ____A C:\scu.dat
2012-12-02 15:46 - 2012-12-02 15:46 - 00002843 ____A C:\Users\mommy\Desktop\ESET scan.txt
2012-12-01 07:05 - 2012-12-01 07:05 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-30 19:24 - 2012-11-30 19:24 - 00173119 ____A (Eric_71) C:\Users\mommy\Desktop\Rooter.exe
2012-11-30 19:21 - 2012-11-30 19:21 - 00002840 ____A C:\Users\mommy\Desktop\RKreport[1]_S_11302012_02d1921.txt
2012-11-30 19:20 - 2012-11-30 19:17 - 00000000 ____D C:\Users\mommy\Desktop\RK_Quarantine
2012-11-30 19:17 - 2012-11-30 19:17 - 00752128 ____A C:\Users\mommy\Desktop\RogueKiller.exe
2012-11-30 16:00 - 2012-11-30 13:56 - 00000000 ____D C:\Qoobox
2012-11-30 15:59 - 2012-11-30 15:59 - 00022228 ____A C:\ComboFix.txt
2012-11-30 15:59 - 2006-11-02 05:33 - 00000000 ___RD C:\users\Default
2012-11-30 15:56 - 2012-11-30 13:56 - 00000000 ____D C:\Windows\erdnt
2012-11-30 15:50 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
2012-11-30 15:43 - 2012-11-25 18:08 - 00662186 ____A C:\Windows\PFRO.log
2012-11-30 15:39 - 2011-02-19 10:42 - 00000000 ____D C:\Program Files (x86)\Shop to Win 8
2012-11-30 13:52 - 2012-11-30 13:52 - 05009213 ____R (Swearware) C:\Users\mommy\Desktop\ComboFix.exe
2012-11-30 13:02 - 2012-11-30 13:02 - 00012317 ____A C:\AdwCleaner[S1].txt
2012-11-30 13:01 - 2012-11-30 13:01 - 00013368 ____A C:\AdwCleaner[R2].txt
2012-11-30 12:21 - 2011-03-07 17:02 - 00002036 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-11-25 20:46 - 2012-11-25 20:46 - 00659504 ____A (FUSENET) C:\Users\mommy\Downloads\GraboidVideoInstaller-3.58.exe
2012-11-25 18:24 - 2012-11-25 18:24 - 00009267 ____A C:\Users\mommy\Desktop\attach.txt
2012-11-25 18:23 - 2012-11-25 18:24 - 00018391 ____A C:\Users\mommy\Desktop\dds.txt
2012-11-25 17:44 - 2012-11-25 17:44 - 00000959 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-25 17:44 - 2012-11-25 17:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-25 13:14 - 2012-11-25 13:13 - 00007878 ____A C:\AdwCleaner[R1].txt
2012-11-25 13:08 - 2009-05-03 13:43 - 00000000 ____D C:\Windows\Panther
2012-11-25 12:52 - 2012-11-25 12:52 - 00000781 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-25 12:52 - 2012-11-25 12:52 - 00000000 ____D C:\Program Files\CCleaner
2012-11-24 01:53 - 2012-11-23 22:36 - 00000000 ____D C:\Users\All Users\McAfee
2012-11-24 00:03 - 2011-10-05 17:21 - 00000000 ____D C:\Users\mommy\AppData\Local\WeatherBug
2012-11-24 00:01 - 2012-11-23 22:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-11-23 22:54 - 2012-11-23 22:52 - 00000000 ____D C:\Program Files\McAfee
2012-11-23 22:53 - 2012-11-23 22:53 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-11-23 22:53 - 2012-11-23 22:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-11-23 22:52 - 2012-11-23 22:52 - 00000000 ____D C:\Program Files\McAfee.com
2012-11-23 22:29 - 2012-04-04 18:19 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-23 22:29 - 2011-08-04 18:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-23 22:27 - 2009-05-02 22:56 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-23 22:16 - 2012-11-23 22:16 - 00000000 ____A C:\asc_rdflag
2012-11-23 22:16 - 2012-10-25 21:50 - 56311808 ____A C:\Windows\System32\config\COMPONENTS.iobit
2012-11-23 22:16 - 2010-05-19 13:28 - 00000000 ____D C:\users\mommy
2012-11-23 22:03 - 2012-11-23 22:03 - 00000000 ____D C:\mfe
2012-11-23 22:03 - 2006-11-02 07:25 - 00000749 ___RA C:\Windows\WindowsShell.Manifest
2012-11-23 22:03 - 2006-11-02 07:25 - 00000174 __ASH C:\Users\Public\desktop.ini
2012-11-23 22:03 - 2006-11-02 07:25 - 00000174 __ASH C:\users\desktop.ini
2012-11-23 22:03 - 2006-11-02 07:25 - 00000174 __ASH C:\Program Files (x86)\desktop.ini
2012-11-23 21:59 - 2010-07-06 23:21 - 00000000 ____D C:\Users\mommy\AppData\Roaming\IObit
2012-11-11 23:35 - 2012-11-11 23:35 - 00000000 ____D C:\Users\mommy\AppData\Roaming\McAfee
2012-11-11 21:58 - 2011-08-21 12:38 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-11-11 21:52 - 2012-03-20 13:13 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-11-11 17:51 - 2011-11-07 20:19 - 00000000 ____D C:\Windows\Minidump
ZeroAccess:
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\L
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U
ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe B8844F93D2C5F1DCDB179AAA9AF134B7 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-10-05 12:29:00
Restore point made on: 2012-10-28 21:26:39
Restore point made on: 2012-11-11 21:51:24
Restore point made on: 2012-11-11 21:54:18
Restore point made on: 2012-11-13 22:21:13
Restore point made on: 2012-11-30 12:22:01
Restore point made on: 2012-12-03 15:43:29
Restore point made on: 2012-12-03 20:30:26
Restore point made on: 2012-12-04 10:00:16
Restore point made on: 2012-12-05 20:31:57
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 3963.04 MB
Available physical RAM: 3416.82 MB
Total Pagefile: 3714.9 MB
Available Pagefile: 3387.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: (TI100343V0F) (Fixed) (Total:286.38 GB) (Free:183.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS
4 Drive f: () (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 492 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 286 GB 1501 MB
Partition 3 Primary 10 GB 288 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI100343V0F NTFS Partition 286 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 492 MB 32 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F FAT Removable 492 MB Healthy
=========================================================
Last Boot: 2012-11-30 15:56
====================
-
Please run the following:
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
start
ZeroAccess:
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\L
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system
Now, please enter System Recovery Options then select Command Prompt.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Now restart, let it boot normally and tell me how it went.
****************************************************
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply.
-
i went fast, don't really know what else to say bout it, but heres the log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2012
Ran by SYSTEM at 2012-12-06 22:02:21 Run:1
Running from F:\
==============================================
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227} moved successfully.
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\L not found.
C:\Windows\Installer\{21d0f836-d7e8-ba68-b795-610bc7975227}\U not found.
==== End of Fixlog ====
-
ok here's the other log :) and i'd like to so say, u just don't know how greatful i am that u take time out to help ppl like me who can't afford to pay a professional, u are a God Send!
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-06 22:15:38
-----------------------------
22:15:38.849 OS Version: Windows x64 6.0.6002 Service Pack 2
22:15:38.849 Number of processors: 2 586 0x170A
22:15:38.849 ComputerName: MOMMY-PC UserName: mommy
22:15:39.910 Initialize success
22:16:29.008 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:16:29.024 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
22:16:29.024 Device \Driver\iaStor -> MajorFunction fffffa80051d95e8
22:16:29.024 Disk 0 MBR read successfully
22:16:29.024 Disk 0 MBR scan
22:16:29.039 Disk 0 Windows VISTA default MBR code
22:16:29.055 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:16:29.070 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 293256 MB offset 3074048
22:16:29.102 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10488 MB offset 603662336
22:16:29.148 Disk 0 scanning C:\Windows\system32\drivers
22:16:36.106 Service scanning
22:16:54.015 Modules scanning
22:16:54.015 Disk 0 trace - called modules:
22:16:54.030 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys >>UNKNOWN [0xfffffa80051d95e8]<<hal.dll
22:16:54.030 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d93790]
22:16:54.046 3 CLASSPNP.SYS[fffffa60012f1c33] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004d91060]
22:16:54.046 5 thpdrv.sys[fffffa6001285c8d] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c6b050]
22:16:54.062 \Driver\iaStor[0xfffffa8005185510] -> IRP_MJ_CREATE -> 0xfffffa80051d95e8
22:16:54.062 Scan finished successfully
22:22:29.649 Disk 0 MBR has been saved successfully to "C:\Users\mommy\Desktop\MBR.dat"
22:22:29.649 The log file has been saved successfully to "C:\Users\mommy\Desktop\aswMBRscanlog.txt"
-
u just don't know how greatful i am that u take time out to help ppl like me who can't afford to pay a professional, u are a God Send!
All the we ask is that you do something similiar for someone else.
Can you please try getting your updates again?
-
still getting error code: 80004002 unknown error
-
I'm going to consult with a colleague about this.
-
ok i'll be keeping my eyes open for your next post, ty
-
Malwarebytes' Anti-Rootkit
Please download Malwarebytes' Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
- Be sure to print out and follow the instructions provided on that same page for performing a scan.
- Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
- When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
- Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
- Copy and paste the contents of these two log files in your next reply.
******************************************************
Please try your Windows update to see if it works. If it doesn't, please try this bat file below.
Copy and paste the text in the code box below into Notepad.
In Notepad go to File > Save as, choose to save it to your desktop and name it event.bat
Now double click the event.bat file you just created and let it finish.
(Note: Your computer will re-boot after you run this bat file.)
Sc config bits binpath=”%systemroot%\system32\svchost.exe –k netsvcs“ Sc config bits depend = RpcSs EventSystem
Sc config bits start=delayed-auto
Sc config bits type=interact
Sc config bits error=normal
Sc config bits obj=LocalSystem
Sc privs bits privileges=SeCreateGlobalPrivilege/SeImpersonatePrivilege/SeTcbPrivilege/SeAssignPrimaryTokenPrivilege/SeIncreateQuotaPrivilege
Sc sidtype bits type= unrestricted
Sc failure bits reset= 86400 actions=restart/60000/restart/120000
pause
Sc stop bits
pause
Sc start bits
pause
shutdown /t 120 /r /c "finish resetting BITS"
-
there are two of these (one from the first scan and one from the second wich came out clean) i will post both for u...
first scan
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.13.11
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
mommy :: MOMMY-PC [administrator]
12/13/2012 8:48:55 PM
mbar-log-2012-12-13 (20-48-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30055
Time elapsed: 11 minute(s), 33 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2592 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_42_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_625142076_user.mbam (Forged physical sector) -> Delete on reboot.
C:\Windows\System32\services.exe (Rootkit.0Access.S) -> Delete on reboot.
C:\Windows\assembly\GAC_32\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
second scan
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.13.11
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
mommy :: MOMMY-PC [administrator]
12/13/2012 9:29:07 PM
mbar-log-2012-12-13 (21-29-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32025
Time elapsed: 11 minute(s), 42 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
system log
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_35
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4155551744, free: 2752372736
------------ Kernel report ------------
12/13/2012 20:33:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh64.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\rixdpe64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\??\C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\LVPr2M64.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\drivers\mferkdet.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80058e9060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004c4d050
Lower Device Driver Name: Unknown
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.13.11
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80058e9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80058e9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80058e9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80058e8060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8004c4d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: Unknown
------------ End ----------
Upper DeviceData: 0xfffff880130f03f0, 0xfffffa80058e9060, 0xfffffa8004520790
Lower DeviceData: 0xfffff880111df0e0, 0xfffffa8004c4d050, 0xfffffa80044fb6e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
MBR buffers are not equal
MBR is forged! [4333f673a96dbe57f4d0023e55e5303d]
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3664E4A
Partition information:
Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 42 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR]
Changing partition to empty and not active. New active partition is 1 on drive 0 ...
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 600588288
Partition file system is NTFS
Partition is bootable
Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 603662336 Numsec = 21479424
Partition is not bootable
Hidden partition VBR is not infected.
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
MBR infection found on drive 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-41-625122448-625142448)...
Sector 625142076 --> [Forged physical sector]
Sector 625142077 --> [Forged physical sector]
Sector 625142078 --> [Forged physical sector]
Sector 625142079 --> [Forged physical sector]
Sector 625142080 --> [Forged physical sector]
Sector 625142081 --> [Forged physical sector]
Sector 625142082 --> [Forged physical sector]
Sector 625142083 --> [Forged physical sector]
Sector 625142084 --> [Forged physical sector]
Sector 625142085 --> [Forged physical sector]
Sector 625142086 --> [Forged physical sector]
Sector 625142087 --> [Forged physical sector]
Sector 625142088 --> [Forged physical sector]
Sector 625142089 --> [Forged physical sector]
Sector 625142090 --> [Forged physical sector]
Sector 625142091 --> [Forged physical sector]
Sector 625142092 --> [Forged physical sector]
Sector 625142093 --> [Forged physical sector]
Sector 625142094 --> [Forged physical sector]
Sector 625142095 --> [Forged physical sector]
Sector 625142096 --> [Forged physical sector]
Sector 625142097 --> [Forged physical sector]
Sector 625142098 --> [Forged physical sector]
Sector 625142099 --> [Forged physical sector]
Sector 625142100 --> [Forged physical sector]
Sector 625142101 --> [Forged physical sector]
Sector 625142102 --> [Forged physical sector]
Sector 625142103 --> [Forged physical sector]
Sector 625142104 --> [Forged physical sector]
Sector 625142105 --> [Forged physical sector]
Sector 625142106 --> [Forged physical sector]
Sector 625142107 --> [Forged physical sector]
Sector 625142108 --> [Forged physical sector]
Sector 625142109 --> [Forged physical sector]
Sector 625142110 --> [Forged physical sector]
Sector 625142111 --> [Forged physical sector]
Sector 625142112 --> [Forged physical sector]
Sector 625142113 --> [Forged physical sector]
Sector 625142114 --> [Forged physical sector]
Sector 625142115 --> [Forged physical sector]
Sector 625142116 --> [Forged physical sector]
Sector 625142117 --> [Forged physical sector]
Sector 625142118 --> [Forged physical sector]
Sector 625142119 --> [Forged physical sector]
Sector 625142120 --> [Forged physical sector]
Sector 625142121 --> [Forged physical sector]
Sector 625142122 --> [Forged physical sector]
Sector 625142123 --> [Forged physical sector]
Sector 625142124 --> [Forged physical sector]
Sector 625142125 --> [Forged physical sector]
Sector 625142126 --> [Forged physical sector]
Sector 625142127 --> [Forged physical sector]
Sector 625142128 --> [Forged physical sector]
Sector 625142129 --> [Forged physical sector]
Sector 625142130 --> [Forged physical sector]
Sector 625142131 --> [Forged physical sector]
Sector 625142132 --> [Forged physical sector]
Sector 625142133 --> [Forged physical sector]
Sector 625142134 --> [Forged physical sector]
Sector 625142135 --> [Forged physical sector]
Sector 625142136 --> [Forged physical sector]
Sector 625142137 --> [Forged physical sector]
Sector 625142138 --> [Forged physical sector]
Sector 625142139 --> [Forged physical sector]
Sector 625142140 --> [Forged physical sector]
Sector 625142141 --> [Forged physical sector]
Sector 625142142 --> [Forged physical sector]
Sector 625142143 --> [Forged physical sector]
Sector 625142144 --> [Forged physical sector]
Sector 625142145 --> [Forged physical sector]
Sector 625142146 --> [Forged physical sector]
Sector 625142147 --> [Forged physical sector]
Sector 625142148 --> [Forged physical sector]
Sector 625142149 --> [Forged physical sector]
Sector 625142150 --> [Forged physical sector]
Sector 625142151 --> [Forged physical sector]
Sector 625142152 --> [Forged physical sector]
Sector 625142153 --> [Forged physical sector]
Sector 625142154 --> [Forged physical sector]
Sector 625142155 --> [Forged physical sector]
Sector 625142156 --> [Forged physical sector]
Sector 625142157 --> [Forged physical sector]
Sector 625142158 --> [Forged physical sector]
Sector 625142159 --> [Forged physical sector]
Sector 625142160 --> [Forged physical sector]
Sector 625142161 --> [Forged physical sector]
Sector 625142162 --> [Forged physical sector]
Sector 625142163 --> [Forged physical sector]
Sector 625142164 --> [Forged physical sector]
Sector 625142165 --> [Forged physical sector]
Sector 625142166 --> [Forged physical sector]
Sector 625142167 --> [Forged physical sector]
Sector 625142168 --> [Forged physical sector]
Sector 625142169 --> [Forged physical sector]
Sector 625142170 --> [Forged physical sector]
Sector 625142171 --> [Forged physical sector]
Sector 625142172 --> [Forged physical sector]
Sector 625142173 --> [Forged physical sector]
Sector 625142174 --> [Forged physical sector]
Sector 625142175 --> [Forged physical sector]
Sector 625142176 --> [Forged physical sector]
Sector 625142177 --> [Forged physical sector]
Sector 625142178 --> [Forged physical sector]
Sector 625142179 --> [Forged physical sector]
Sector 625142180 --> [Forged physical sector]
Sector 625142181 --> [Forged physical sector]
Sector 625142182 --> [Forged physical sector]
Sector 625142183 --> [Forged physical sector]
Sector 625142184 --> [Forged physical sector]
Sector 625142185 --> [Forged physical sector]
Sector 625142186 --> [Forged physical sector]
Sector 625142187 --> [Forged physical sector]
Sector 625142188 --> [Forged physical sector]
Sector 625142189 --> [Forged physical sector]
Sector 625142190 --> [Forged physical sector]
Sector 625142191 --> [Forged physical sector]
Sector 625142192 --> [Forged physical sector]
Sector 625142193 --> [Forged physical sector]
Sector 625142194 --> [Forged physical sector]
Sector 625142195 --> [Forged physical sector]
Sector 625142196 --> [Forged physical sector]
Sector 625142197 --> [Forged physical sector]
Sector 625142198 --> [Forged physical sector]
Sector 625142199 --> [Forged physical sector]
Sector 625142200 --> [Forged physical sector]
Sector 625142201 --> [Forged physical sector]
Sector 625142202 --> [Forged physical sector]
Sector 625142203 --> [Forged physical sector]
Sector 625142204 --> [Forged physical sector]
Sector 625142205 --> [Forged physical sector]
Sector 625142206 --> [Forged physical sector]
Sector 625142207 --> [Forged physical sector]
Sector 625142208 --> [Forged physical sector]
Sector 625142209 --> [Forged physical sector]
Sector 625142210 --> [Forged physical sector]
Sector 625142211 --> [Forged physical sector]
Sector 625142212 --> [Forged physical sector]
Sector 625142213 --> [Forged physical sector]
Sector 625142214 --> [Forged physical sector]
Sector 625142215 --> [Forged physical sector]
Sector 625142216 --> [Forged physical sector]
Sector 625142217 --> [Forged physical sector]
Sector 625142218 --> [Forged physical sector]
Sector 625142219 --> [Forged physical sector]
Sector 625142220 --> [Forged physical sector]
Sector 625142221 --> [Forged physical sector]
Sector 625142222 --> [Forged physical sector]
Sector 625142223 --> [Forged physical sector]
Sector 625142224 --> [Forged physical sector]
Sector 625142225 --> [Forged physical sector]
Sector 625142226 --> [Forged physical sector]
Sector 625142227 --> [Forged physical sector]
Sector 625142228 --> [Forged physical sector]
Sector 625142229 --> [Forged physical sector]
Sector 625142230 --> [Forged physical sector]
Sector 625142231 --> [Forged physical sector]
Sector 625142232 --> [Forged physical sector]
Sector 625142233 --> [Forged physical sector]
Sector 625142234 --> [Forged physical sector]
Sector 625142235 --> [Forged physical sector]
Sector 625142236 --> [Forged physical sector]
Sector 625142237 --> [Forged physical sector]
Sector 625142238 --> [Forged physical sector]
Sector 625142239 --> [Forged physical sector]
Sector 625142240 --> [Forged physical sector]
Sector 625142241 --> [Forged physical sector]
Sector 625142242 --> [Forged physical sector]
Sector 625142243 --> [Forged physical sector]
Sector 625142244 --> [Forged physical sector]
Sector 625142245 --> [Forged physical sector]
Sector 625142246 --> [Forged physical sector]
Sector 625142247 --> [Forged physical sector]
Sector 625142248 --> [Forged physical sector]
Sector 625142249 --> [Forged physical sector]
Sector 625142250 --> [Forged physical sector]
Sector 625142251 --> [Forged physical sector]
Sector 625142252 --> [Forged physical sector]
Sector 625142253 --> [Forged physical sector]
Sector 625142254 --> [Forged physical sector]
Sector 625142255 --> [Forged physical sector]
Sector 625142256 --> [Forged physical sector]
Sector 625142257 --> [Forged physical sector]
Sector 625142258 --> [Forged physical sector]
Sector 625142259 --> [Forged physical sector]
Sector 625142260 --> [Forged physical sector]
Sector 625142261 --> [Forged physical sector]
Sector 625142262 --> [Forged physical sector]
Sector 625142263 --> [Forged physical sector]
Sector 625142264 --> [Forged physical sector]
Sector 625142265 --> [Forged physical sector]
Sector 625142266 --> [Forged physical sector]
Sector 625142267 --> [Forged physical sector]
Sector 625142268 --> [Forged physical sector]
Sector 625142269 --> [Forged physical sector]
Sector 625142270 --> [Forged physical sector]
Sector 625142271 --> [Forged physical sector]
Sector 625142272 --> [Forged physical sector]
Sector 625142273 --> [Forged physical sector]
Sector 625142274 --> [Forged physical sector]
Sector 625142275 --> [Forged physical sector]
Sector 625142276 --> [Forged physical sector]
Sector 625142277 --> [Forged physical sector]
Sector 625142278 --> [Forged physical sector]
Sector 625142279 --> [Forged physical sector]
Sector 625142280 --> [Forged physical sector]
Sector 625142281 --> [Forged physical sector]
Sector 625142282 --> [Forged physical sector]
Sector 625142283 --> [Forged physical sector]
Sector 625142284 --> [Forged physical sector]
Sector 625142285 --> [Forged physical sector]
Sector 625142286 --> [Forged physical sector]
Sector 625142287 --> [Forged physical sector]
Sector 625142288 --> [Forged physical sector]
Sector 625142289 --> [Forged physical sector]
Sector 625142290 --> [Forged physical sector]
Sector 625142291 --> [Forged physical sector]
Sector 625142292 --> [Forged physical sector]
Sector 625142293 --> [Forged physical sector]
Sector 625142294 --> [Forged physical sector]
Sector 625142295 --> [Forged physical sector]
Sector 625142296 --> [Forged physical sector]
Sector 625142297 --> [Forged physical sector]
Sector 625142298 --> [Forged physical sector]
Sector 625142299 --> [Forged physical sector]
Sector 625142300 --> [Forged physical sector]
Sector 625142301 --> [Forged physical sector]
Sector 625142302 --> [Forged physical sector]
Sector 625142303 --> [Forged physical sector]
Sector 625142304 --> [Forged physical sector]
Sector 625142305 --> [Forged physical sector]
Sector 625142306 --> [Forged physical sector]
Sector 625142307 --> [Forged physical sector]
Sector 625142308 --> [Forged physical sector]
Sector 625142309 --> [Forged physical sector]
Sector 625142310 --> [Forged physical sector]
Sector 625142311 --> [Forged physical sector]
Sector 625142312 --> [Forged physical sector]
Sector 625142313 --> [Forged physical sector]
Sector 625142314 --> [Forged physical sector]
Sector 625142315 --> [Forged physical sector]
Sector 625142316 --> [Forged physical sector]
Sector 625142317 --> [Forged physical sector]
Sector 625142318 --> [Forged physical sector]
Sector 625142319 --> [Forged physical sector]
Sector 625142320 --> [Forged physical sector]
Sector 625142321 --> [Forged physical sector]
Sector 625142322 --> [Forged physical sector]
Sector 625142323 --> [Forged physical sector]
Sector 625142324 --> [Forged physical sector]
Sector 625142325 --> [Forged physical sector]
Sector 625142326 --> [Forged physical sector]
Sector 625142327 --> [Forged physical sector]
Sector 625142328 --> [Forged physical sector]
Sector 625142329 --> [Forged physical sector]
Sector 625142330 --> [Forged physical sector]
Sector 625142331 --> [Forged physical sector]
Sector 625142332 --> [Forged physical sector]
Sector 625142333 --> [Forged physical sector]
Sector 625142334 --> [Forged physical sector]
Sector 625142335 --> [Forged physical sector]
Sector 625142336 --> [Forged physical sector]
Sector 625142337 --> [Forged physical sector]
Sector 625142338 --> [Forged physical sector]
Sector 625142339 --> [Forged physical sector]
Sector 625142340 --> [Forged physical sector]
Sector 625142341 --> [Forged physical sector]
Sector 625142342 --> [Forged physical sector]
Sector 625142343 --> [Forged physical sector]
Sector 625142344 --> [Forged physical sector]
Sector 625142345 --> [Forged physical sector]
Sector 625142346 --> [Forged physical sector]
Sector 625142347 --> [Forged physical sector]
Sector 625142348 --> [Forged physical sector]
Sector 625142349 --> [Forged physical sector]
Sector 625142350 --> [Forged physical sector]
Sector 625142351 --> [Forged physical sector]
Sector 625142352 --> [Forged physical sector]
Sector 625142353 --> [Forged physical sector]
Sector 625142354 --> [Forged physical sector]
Sector 625142355 --> [Forged physical sector]
Sector 625142356 --> [Forged physical sector]
Sector 625142357 --> [Forged physical sector]
Sector 625142358 --> [Forged physical sector]
Sector 625142359 --> [Forged physical sector]
Sector 625142360 --> [Forged physical sector]
Sector 625142361 --> [Forged physical sector]
Sector 625142362 --> [Forged physical sector]
Sector 625142363 --> [Forged physical sector]
Sector 625142364 --> [Forged physical sector]
Sector 625142365 --> [Forged physical sector]
Sector 625142366 --> [Forged physical sector]
Sector 625142367 --> [Forged physical sector]
Sector 625142368 --> [Forged physical sector]
Sector 625142369 --> [Forged physical sector]
Sector 625142370 --> [Forged physical sector]
Sector 625142371 --> [Forged physical sector]
Sector 625142372 --> [Forged physical sector]
Sector 625142373 --> [Forged physical sector]
Sector 625142374 --> [Forged physical sector]
Sector 625142375 --> [Forged physical sector]
Sector 625142376 --> [Forged physical sector]
Sector 625142377 --> [Forged physical sector]
Sector 625142378 --> [Forged physical sector]
Sector 625142379 --> [Forged physical sector]
Sector 625142380 --> [Forged physical sector]
Sector 625142381 --> [Forged physical sector]
Sector 625142382 --> [Forged physical sector]
Sector 625142383 --> [Forged physical sector]
Sector 625142384 --> [Forged physical sector]
Sector 625142385 --> [Forged physical sector]
Sector 625142386 --> [Forged physical sector]
Sector 625142387 --> [Forged physical sector]
Sector 625142388 --> [Forged physical sector]
Sector 625142389 --> [Forged physical sector]
Sector 625142390 --> [Forged physical sector]
Sector 625142391 --> [Forged physical sector]
Sector 625142392 --> [Forged physical sector]
Sector 625142393 --> [Forged physical sector]
Sector 625142394 --> [Forged physical sector]
Sector 625142395 --> [Forged physical sector]
Sector 625142396 --> [Forged physical sector]
Sector 625142397 --> [Forged physical sector]
Sector 625142398 --> [Forged physical sector]
Sector 625142399 --> [Forged physical sector]
Sector 625142400 --> [Forged physical sector]
Sector 625142401 --> [Forged physical sector]
Sector 625142402 --> [Forged physical sector]
Sector 625142403 --> [Forged physical sector]
Sector 625142404 --> [Forged physical sector]
Sector 625142405 --> [Forged physical sector]
Sector 625142406 --> [Forged physical sector]
Sector 625142407 --> [Forged physical sector]
Sector 625142408 --> [Forged physical sector]
Sector 625142409 --> [Forged physical sector]
Sector 625142410 --> [Forged physical sector]
Sector 625142411 --> [Forged physical sector]
Sector 625142412 --> [Forged physical sector]
Sector 625142413 --> [Forged physical sector]
Sector 625142414 --> [Forged physical sector]
Sector 625142415 --> [Forged physical sector]
Sector 625142416 --> [Forged physical sector]
Sector 625142417 --> [Forged physical sector]
Sector 625142418 --> [Forged physical sector]
Sector 625142419 --> [Forged physical sector]
Sector 625142420 --> [Forged physical sector]
Sector 625142421 --> [Forged physical sector]
Sector 625142422 --> [Forged physical sector]
Sector 625142423 --> [Forged physical sector]
-
update still didn't work right after first the fix, then ran the notepad thing and still not working... alse keep getting message every time i restart saying "ArcSoft Connect Daemon has stopped working" this has been happening for a couple months now, forgot to mention that part til now cus my other issues overshadowed it especially since i haven't noticed it effecting me and i don't even know what that is for... ???
-
ArcSoft Connect Daemon has stopped working
Arcsoft is a photp editing program. Check to see if you can uninstall it.
I'll be back with some more information about the update problem.
-
Tried the uninstall ArcSoft MediaImpression... got a pop-up message
--------------------------------------------------------------------------------------------------------------
MediaImpression
The InstallSheild Engine (iKernel.exe) could not be launched.
Class not registered
-
Tried the uninstall ArcSoft MediaImpression... got a pop-up message
--------------------------------------------------------------------------------------------------------------
MediaImpression
The InstallSheild Engine (iKernel.exe) could not be launched.
Class not registered
Please look in C:\Program Files to see if there's any such folder.
-
Nothing in program files but under programs, there are "Start ArcSoft Connect" & "View My ArcSoft Info"
-
Nothing in program files but under programs, there are "Start ArcSoft Connect" & "View My ArcSoft Info"
If you're not using it please try going to Control Panel, Programs and Features and see if you can uninstall it from there.
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber1.png)
- If an infected file is detected, the default action will be Cure, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber2.png)
- If a suspicious file is detected, the default action will be Skip, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber3.png)
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillerlastone3.png)
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..