Jump to content

Lianabanana7

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you very much for all of your help and advice! I really appreciate everything!
  2. Here's the ESET log--it actually did pick up something: C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1 a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application I think that once my subscription to Norton is finished, I'll be purchasing a different program--perhaps Malwarebytes pro. : ) Thanks for the advice!
  3. I have restored all my files and ran a MBAM scan, which came back clean. Thank you so much for all of your help and patience. I have one last question: which anti virus/malware/spyware etc. program do you recommend that would prevent problems like these? I currently have Norton, which doesn't seem to be the most effective.
  4. I have an emergency backup of my files from Dell DataSafe that was made yesterday, but I'm afraid to restore them without asking you first because I don't want to restore anything that was infected.
  5. After the fix, I clicked reboot from the setup repair menu, since a reboot was requested. Upon reboot, windows loaded and sent me through promps to set itself up. I was not given the option to sign into my user name, which is the norm.
  6. Fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-09-2012 Ran by SYSTEM at 2012-09-18 21:46:56 Run:1 Running from F:\ ============================================== HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully. The operation completed successfully. The operation completed successfully. ========= bootrec /FixMbr ========= ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y . ========= End of CMD: ========= ==== End of Fixlog ==== I was able to restore windows. It appears to be back to factory settings and everything is new.
  7. FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2012 Ran by SYSTEM at 18-09-2012 18:16:03 Running from F:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.) HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] () HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel® Corporation) HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10228224 2010-11-03] (Intel Corporation) HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] () HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] () HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2010-09-30] (McAfee, Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-04-29] () ==================== Services (Whitelisted) =================== 2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [897088 2010-11-03] (Intel Corporation) 3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1298496 2010-11-03] (Intel Corporation) 2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [983104 2010-11-03] (Intel Corporation) 2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [148360 2011-03-24] (Dell Products, LP.) 3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.) 2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2010-10-13] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2010-10-13] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2010-10-13] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () ==================== Drivers (Whitelisted) ===================== 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-09-18 18:11 - 2012-09-18 18:12 - 00000000 ____D C:\FRST 2012-09-17 20:59 - 2012-09-17 20:59 - 00000452 ____A C:\Users\Public\Desktop\Emergency Backup.lnk 2012-09-17 20:59 - 2012-09-17 20:59 - 00000452 ____A C:\Users\All Users\Desktop\Emergency Backup.lnk 2012-09-17 20:59 - 2012-09-17 20:59 - 00000000 ____D C:\Emergency 2012-09-17 20:46 - 2012-09-17 20:46 - 00000000 ____D C:\Windows\SMINST ==================== 3 Months Modified Files ================== 2012-09-17 20:59 - 2012-09-17 20:59 - 00000452 ____A C:\Users\Public\Desktop\Emergency Backup.lnk 2012-09-17 20:59 - 2012-09-17 20:59 - 00000452 ____A C:\Users\All Users\Desktop\Emergency Backup.lnk ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-12 10:13:04 Restore point made on: 2012-09-17 17:51:23 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 8099.18 MB Available physical RAM: 6985.41 MB Total Pagefile: 8097.38 MB Available Pagefile: 7023.37 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:683.88 GB) (Free:655.39 GB) NTFS 3 Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.8 GB) NTFS ==>[system with boot components (obtained from reading drive)] ATTENTION: Malware custom entry on BCD on drive e: detected. Check for MBR/Partition infection. 4 Drive f: (PENDRIVE) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 13 MB Disk 1 No Media 0 B 0 B Disk 2 Online 244 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 100 MB 1024 KB Partition 2 Primary 14 GB 101 MB Partition 3 Primary 683 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 E Recovery NTFS Partition 14 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 683 GB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 244 MB 49 KB ================================================================================== Disk: 2 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F PENDRIVE FAT Removable 244 MB Healthy ========================================================= Last Boot: 2011-02-23 08:08 ==================== End Of Log ============================= Search.txt: Farbar Recovery Scan Tool (x64) Version: 17-09-2012 Ran by SYSTEM at 2012-09-18 18:14:07 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  8. FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2012 Ran by SYSTEM at 18-09-2012 18:16:03 Running from F:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.) HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] () HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel® Corporation) HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10228224 2010-11-03] (Intel Corporation) HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] () HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] () HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2010-09-30] (McAfee, Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-04-29] () ==================== Services (Whitelisted) =================== 2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [897088 2010-11-03] (Intel Corporation) 3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1298496 2010-11-03] (Intel Corporation) 2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [983104 2010-11-03] (Intel Corporation) 2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [148360 2011-03-24] (Dell Products, LP.) 3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.) 2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2010-10-13] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2010-10-13] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2010-10-13] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.) 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () ==================== Drivers (Whitelisted) ===================== 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-09-18 18:11 - 2012-09-18 18:12 - 00000000 ____D C:\FRST 2012-09-17 20:59 - 2012-09-17 20:59 - 00000452 ____A C:\Users\Public\Desktop\Emergency Backup.lnk 2012-09-17 20:59 - 2012-09-17 20:59 - 00000452 ____A C:\Users\All Users\Desktop\Emergency Backup.lnk 2012-09-17 20:59 - 2012-09-17 20:59 - 00000000 ____D C:\Emergency 2012-09-17 20:46 - 2012-09-17 20:46 - 00000000 ____D C:\Windows\SMINST ==================== 3 Months Modified Files ================== 2012-09-17 20:59 - 2012-09-17 20:59 - 00000452 ____A C:\Users\Public\Desktop\Emergency Backup.lnk 2012-09-17 20:59 - 2012-09-17 20:59 - 00000452 ____A C:\Users\All Users\Desktop\Emergency Backup.lnk ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-12 10:13:04 Restore point made on: 2012-09-17 17:51:23 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 8099.18 MB Available physical RAM: 6985.41 MB Total Pagefile: 8097.38 MB Available Pagefile: 7023.37 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:683.88 GB) (Free:655.39 GB) NTFS 3 Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.8 GB) NTFS ==>[system with boot components (obtained from reading drive)] ATTENTION: Malware custom entry on BCD on drive e: detected. Check for MBR/Partition infection. 4 Drive f: (PENDRIVE) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 13 MB Disk 1 No Media 0 B 0 B Disk 2 Online 244 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 100 MB 1024 KB Partition 2 Primary 14 GB 101 MB Partition 3 Primary 683 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 E Recovery NTFS Partition 14 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 683 GB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 244 MB 49 KB ================================================================================== Disk: 2 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F PENDRIVE FAT Removable 244 MB Healthy ========================================================= Last Boot: 2011-02-23 08:08 ==================== End Of Log ============================= Search.txt: Farbar Recovery Scan Tool (x64) Version: 17-09-2012 Ran by SYSTEM at 2012-09-18 18:14:07 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  9. I am unable to run fixTDSSKiller. I followed your gparted instructions to a T, and upon restart after I finished in gparted, windows will not start up normally at all. I am able to access startup repair at this point, which can't find the problem and can't fix anything. It gives me the option for system restore, which I decided to try after multiple tries to boot windows. I chose a restore date, and it said it loaded the system restore successfully and to restart. When I restarted, I am still unable to load windows. I am starting to panic at this point...I can't bare to think that all my files are gone! Can I fix this??
  10. I am unable to run fixTDSSKiller. I followed your gparted instructions to a T, and upon restart after I finished in gparted, windows will not start up normally at all. I am able to access startup repair at this point, which can't find the problem and can't fix anything. It gives me the option for system restore, which I decided to try after multiple tries to boot windows. I chose a restore date, and it said it loaded the system restore successfully and to restart. When I restarted, I am still unable to load windows. I am starting to panic at this point...I can't bare to think that all my files are gone! Can I fix this??
  11. Like the original TDSSKiller, the undetectable one won't open either. I'm sorry this is so troublesome!
  12. I am able to boost off my USB, however the puppy desktop will not load for me. For some reason, after putting in my time zone, etc, I'm asked for my monitor specs and such in Xorg setup. Once I enter them it tells me that X has failed, and I cannot get to the puppy desktop. I'm currently searching for a solution to this problem.
  13. I was able to install and run the tool successfully. The scan did not detect any threats. I ran this scan multiple times, because each time, after I would click 'select all' at the results page, the program would freeze when I'd click 'copy'. Here's what it looked like: http://postimage.org/image/nxk0hgsch/ I'm going to try again to get a log for you, if you'd still like to look!
  14. Hello, Sorry for the delay! I still cannot boot from the CD, even though I'm given the option to do so at startup. When I press the appropriate key, I don't hear the CD starting up and the computer just starts up normally. When trying to enter repair mode, I've waited for about three hours with no progress at all with the progress bar. I wonder if this has something to do with the Malware? I'm still trying to get TDSS Killer to run, but have had no luck. So I I ran RKIll, then I scanned with Super AntiSpyware twice, here are the logs: RKill: Rkill 2.3.11 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/10/2012 08:14:05 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * COM+ Event System (EventSystem) is not Running. Startup Type set to: Automatic * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual * Security Center (wscsvc) is not Running. Startup Type set to: Automatic (Delayed Start) * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) Searching for Missing Digital Signatures: * No issues found. Program finished at: 09/10/2012 08:14:06 PM Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s) Super AntiSpyware Scan 1: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/10/2012 at 09:13 PM Application Version : 5.5.1016 Core Rules Database Version : 9203 Trace Rules Database Version: 7015 Scan type : Complete Scan Total Scan Time : 00:49:29 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 430 Memory threats detected : 0 Registry items scanned : 66055 Registry threats detected : 0 File items scanned : 132344 File threats detected : 119 Adware.Tracking Cookie C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\ZQTQ9RS3.txt [ /questionmarket.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\J9PC8Y6L.txt [ /interclick.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\BGW9DDY1.txt [ /adxpose.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\Z6IPBD34.txt [ /collective-media.net ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\LSY96Z7Y.txt [ /ads.pointroll.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\6D1K2Q6Q.txt [ /marchex.bafind.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\80VRXBJH.txt [ /media6degrees.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\609ELLGE.txt [ /at.atwola.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\1YJBRLVH.txt [ /atdmt.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\VG8HT3JV.txt [ /burstnet.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\7RP818K1.txt [ /mediaservices-d.openxenterprise.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\X5S5SHP7.txt [ /enhance.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\KEIMAJR9.txt [ /1sadx.net ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\SO2T3JF6.txt [ /bizzclick.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\7H9L4JUP.txt [ /adbrite.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\TW8TDKPJ.txt [ /serving-sys.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\IK66TN0Y.txt [ /bs.serving-sys.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\RV39GIJE.txt [ /ru4.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\87I6JBE4.txt [ /statcounter.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\47LUZB6Y.txt [ /findology.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\3P7YXK3R.txt [ /gsimedia.net ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\2G8UEJHU.txt [ /pro-market.net ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\5HC29GP1.txt [ /ads.pubmatic.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\LP2B9COW.txt [ /apmebf.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\I9NPDTUP.txt [ /media.adfrontiers.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\SW506NPA.txt [ /dc.tremormedia.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\XTRGAXS7.txt [ /adup.rotator.hadj7.adjuggler.net ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\13EJINAN.txt [ /www.burstnet.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\BY8XLHRI.txt [ /mediaplex.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\18LPOBBK.txt [ /advertising.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\1ELIX6PG.txt [ /casalemedia.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\BY43B5V5.txt [ /revsci.net ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\FCAW6QGT.txt [ /fastclick.net ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\7LIRBOUJ.txt [ /tribalfusion.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\FXN7ZMB8.txt [ /ad.mlnadvertising.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\XA2E89CZ.txt [ /micklemedia.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\LNGMQJYN.txt [ /zedo.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\7Y6UJHGY.txt [ /ads.financialcontent.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\H3YYZQJ2.txt [ /tradedoubler.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\VFVSWQ4S.txt [ /imrworldwide.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\TMWVCJME.txt [ /uiadserver.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\1NIRAVP4.txt [ /pointroll.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\MJWNH8HH.txt [ /ad.cratenetwork.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\J0JPHNJ6.txt [ /lucidmedia.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\I22ZYS5R.txt [ /miva.cinomedia.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\ATFEMAIQ.txt [ /specificclick.net ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\9UVVJM18.txt [ /ads.footar.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\8A2EIAZ2.txt [ /invitemedia.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\P9P0O4HQ.txt [ /ad.yieldmanager.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\R07DTYEF.txt [ /doubleclick.net ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\J2KFRQC9.txt [ /ads.undertone.com ] C:\USERS\LIANA\AppData\Roaming\Microsoft\Windows\Cookies\FSIWHZAK.txt [ Cookie:liana@greatestsearchresults.com/click/ ] C:\USERS\LIANA\AppData\Roaming\Microsoft\Windows\Cookies\O64RMU26.txt [ Cookie:liana@adsonar.com/adserving ] C:\USERS\LIANA\Cookies\ZQTQ9RS3.txt [ Cookie:liana@questionmarket.com/ ] C:\USERS\LIANA\Cookies\J9PC8Y6L.txt [ Cookie:liana@interclick.com/ ] C:\USERS\LIANA\Cookies\Z6IPBD34.txt [ Cookie:liana@collective-media.net/ ] C:\USERS\LIANA\Cookies\6D1K2Q6Q.txt [ Cookie:liana@marchex.bafind.com/ ] C:\USERS\LIANA\Cookies\609ELLGE.txt [ Cookie:liana@at.atwola.com/ ] C:\USERS\LIANA\Cookies\1YJBRLVH.txt [ Cookie:liana@atdmt.com/ ] C:\USERS\LIANA\Cookies\7RP818K1.txt [ Cookie:liana@mediaservices-d.openxenterprise.com/ ] C:\USERS\LIANA\Cookies\X5S5SHP7.txt [ Cookie:liana@enhance.com/ ] C:\USERS\LIANA\Cookies\KEIMAJR9.txt [ Cookie:liana@1sadx.net/ ] C:\USERS\LIANA\Cookies\SO2T3JF6.txt [ Cookie:liana@bizzclick.com/ ] C:\USERS\LIANA\Cookies\TW8TDKPJ.txt [ Cookie:liana@serving-sys.com/ ] C:\USERS\LIANA\Cookies\IK66TN0Y.txt [ Cookie:liana@bs.serving-sys.com/ ] C:\USERS\LIANA\Cookies\RV39GIJE.txt [ Cookie:liana@ru4.com/ ] C:\USERS\LIANA\Cookies\87I6JBE4.txt [ Cookie:liana@statcounter.com/ ] C:\USERS\LIANA\Cookies\LP2B9COW.txt [ Cookie:liana@apmebf.com/ ] C:\USERS\LIANA\Cookies\I9NPDTUP.txt [ Cookie:liana@media.adfrontiers.com/ ] C:\USERS\LIANA\Cookies\SW506NPA.txt [ Cookie:liana@dc.tremormedia.com/ ] C:\USERS\LIANA\Cookies\FSIWHZAK.txt [ Cookie:liana@greatestsearchresults.com/click/ ] C:\USERS\LIANA\Cookies\XTRGAXS7.txt [ Cookie:liana@adup.rotator.hadj7.adjuggler.net/ ] C:\USERS\LIANA\Cookies\13EJINAN.txt [ Cookie:liana@www.burstnet.com/ ] C:\USERS\LIANA\Cookies\BY8XLHRI.txt [ Cookie:liana@mediaplex.com/ ] C:\USERS\LIANA\Cookies\18LPOBBK.txt [ Cookie:liana@advertising.com/ ] C:\USERS\LIANA\Cookies\BY43B5V5.txt [ Cookie:liana@revsci.net/ ] C:\USERS\LIANA\Cookies\7LIRBOUJ.txt [ Cookie:liana@tribalfusion.com/ ] C:\USERS\LIANA\Cookies\FXN7ZMB8.txt [ Cookie:liana@ad.mlnadvertising.com/ ] C:\USERS\LIANA\Cookies\LNGMQJYN.txt [ Cookie:liana@zedo.com/ ] C:\USERS\LIANA\Cookies\H3YYZQJ2.txt [ Cookie:liana@tradedoubler.com/ ] C:\USERS\LIANA\Cookies\VFVSWQ4S.txt [ Cookie:liana@imrworldwide.com/cgi-bin ] C:\USERS\LIANA\Cookies\TMWVCJME.txt [ Cookie:liana@uiadserver.com/ ] C:\USERS\LIANA\Cookies\1NIRAVP4.txt [ Cookie:liana@pointroll.com/ ] C:\USERS\LIANA\Cookies\J0JPHNJ6.txt [ Cookie:liana@lucidmedia.com/ ] C:\USERS\LIANA\Cookies\O64RMU26.txt [ Cookie:liana@adsonar.com/adserving ] C:\USERS\LIANA\Cookies\ATFEMAIQ.txt [ Cookie:liana@specificclick.net/ ] C:\USERS\LIANA\Cookies\8A2EIAZ2.txt [ Cookie:liana@invitemedia.com/ ] C:\USERS\LIANA\Cookies\P9P0O4HQ.txt [ Cookie:liana@ad.yieldmanager.com/ ] C:\USERS\LIANA\Cookies\R07DTYEF.txt [ Cookie:liana@doubleclick.net/ ] media.heavy.com [ C:\USERS\LIANA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3L5KD758 ] media.scanscout.com [ C:\USERS\LIANA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3L5KD758 ] .thefind.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .thefind.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .thefind.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .thefind.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .thefind.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .thefind.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .thefind.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .caloriecount.about.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .caloriecount.about.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .caloriecount.about.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .caloriecount.about.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] click.get-amazing-results.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] click.get-amazing-results.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] bridge.sf.admarketplace.net [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .admarketplace.net [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .apmebf.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] click.gethotresults.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .mediacollege.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .mediacollege.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] .mediacollege.com [ C:\USERS\LIANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLRX3IC8.DEFAULT\COOKIES.SQLITE ] Trace.Known Threat Sources C:\USERS\LIANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNRNDWH1\59b8caa9266b8_2174314[1].flv [ cache:wista ] C:\USERS\LIANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUTIMUCJ\crossdomainCAZKNYHQ.xml [ cache:wista ] C:\USERS\LIANA\Local Settings\Temporary Internet Files\Content.IE5\TNRNDWH1\59b8caa9266b8_2174314[1].flv [ cache:wista ] C:\USERS\LIANA\Local Settings\Temporary Internet Files\Content.IE5\ZUTIMUCJ\crossdomainCAZKNYHQ.xml [ cache:wista ] Second Super AntiSpyware log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/11/2012 at 09:24 PM Application Version : 5.5.1016 Core Rules Database Version : 9203 Trace Rules Database Version: 7015 Scan type : Complete Scan Total Scan Time : 15:59:33 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 622 Memory threats detected : 0 Registry items scanned : 65968 Registry threats detected : 0 File items scanned : 131830 File threats detected : 18 Adware.Tracking Cookie C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\YWSPAHWI.txt [ /atdmt.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\RUMAFJXN.txt [ /imrworldwide.com ] C:\USERS\LIANA\Cookies\YWSPAHWI.txt [ Cookie:liana@atdmt.com/ ] C:\USERS\LIANA\Cookies\RUMAFJXN.txt [ Cookie:liana@imrworldwide.com/cgi-bin ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\3NUW3Z2D.txt [ /media6degrees.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\DFBJL0VE.txt [ /at.atwola.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\BHOQMCIZ.txt [ /adbrite.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\6QG2XE8G.txt [ /advertising.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\JONCLJQY.txt [ /tribalfusion.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\FHH07QYX.txt [ /ad.yieldmanager.com ] C:\Users\Liana\AppData\Roaming\Microsoft\Windows\Cookies\N6MPJHSG.txt [ /doubleclick.net ] C:\USERS\LIANA\Cookies\DFBJL0VE.txt [ Cookie:liana@at.atwola.com/ ] C:\USERS\LIANA\Cookies\6QG2XE8G.txt [ Cookie:liana@advertising.com/ ] C:\USERS\LIANA\Cookies\JONCLJQY.txt [ Cookie:liana@tribalfusion.com/ ] C:\USERS\LIANA\Cookies\FHH07QYX.txt [ Cookie:liana@ad.yieldmanager.com/ ] C:\USERS\LIANA\Cookies\N6MPJHSG.txt [ Cookie:liana@doubleclick.net/ ] Trace.Known Threat Sources C:\USERS\LIANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZLW9AAR\crossdomain[1].xml [ cache:wista ] C:\USERS\LIANA\Local Settings\Temporary Internet Files\Content.IE5\UZLW9AAR\crossdomain[1].xml [ cache:wista ] After all this I still cannot get TDSS Killer to run, nor can I boot from CD/enter repair mode
  15. This is on my laptop, but I do have access to a USB keyboard if you think it'd be a good idea to give that one a try! The machine seems to be recognizing my key strokes, because I'm able to access advanced startup options when I tap F8 and was able to access BIOS options in order to put request it to boot from the CD. If this worked correctly, I should see the program on the CD appear and windows would not start like normal, right? Sheesh! I'm sorry everything has turned into a problem--thank you for sticking with me through this! I really appreciate it!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.