vidiviciveni's Content - Malwarebytes Forums

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

vidiviciveni replied to vidiviciveni's topic in Resolved Malware Removal Logs

Update - It's still frozen/stuck and has been for 11 hours now.

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

vidiviciveni replied to vidiviciveni's topic in Resolved Malware Removal Logs

Hi - Maniac I am in the middle of running combo fix as you suggested. It is stuck processing on the line Output folder : C:\32788R22FWJFW , the green bar is at 90% and has been frozen/stuck like this for over 3 hours now. What should I do? Thank you

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

vidiviciveni replied to vidiviciveni's topic in Resolved Malware Removal Logs

I did both the Automatic fix file system errors and Scan for and attempt recovery of bad sectors. There were no problems/errors reported. But when I did 'repair your computer', the same problem as before occurred.

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

vidiviciveni replied to vidiviciveni's topic in Resolved Malware Removal Logs

Hi Maniac - I downloaded Farbar onto my 'good' computer & put Farbar on a flashdrive. - Plugged the flashdrive into the infected PC - Restarted the computer - As soon as the BIOS loaded beain tapping the F8 key until Advanced Boot Options appeared. - Used the arrow keys to select the Repair your computer menu item, I hit ENTER. The screen cleared and I get a green/black striped bar going across the screen (about 6 cm long) above the words Microsoft Corporation This stayed 'loading' for 20 minutes. I shut down and repeated the process 3-4 times but the same happened each time. I was not taken to the steps you mentioned, shown below. Select English as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. I do not have an installation disk, sorry. Can you suggest a work around? Many thanks again.

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

vidiviciveni replied to vidiviciveni's topic in Resolved Malware Removal Logs

Hi - Yes please. i was just advising that I am corresponding through another computer so as to keep the other off line. Thank you...

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

vidiviciveni replied to vidiviciveni's topic in Resolved Malware Removal Logs

UPDATE - Now have use of a safe computer. Will monitor from here in future. Thank you.

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

vidiviciveni replied to vidiviciveni's topic in Resolved Malware Removal Logs

Hi Maniac - Thank you for your last instructions and information. This is the only computer we have so I can't immediately disconnect from internet. Also I needed it connected to download tsskiller etc. I aim to get this computer running so I can retrieve the documents saved there onto usb and then will I will do a reformat and reinstall of the OS. I will try to get to a known clean computer and change all passwords where applicable very soon, and contact financial institutions to apprise them of my situation. Last evening things worsened I'm afraid.... I got a pop-up to load an Adobe upgrade, which I tried to ignore and exit from in case it was infected. It kept popping up, I kept exiting. Then I got a message box.... System Error Hard Disc Failure Detected Windows lost access to the system partition during I/O process. his may also lead to a potential loss of data it is highly recommended to run complete HDD scan to prevent lost of files. applications and documentsstored on your computer. Scan & Repair (recommended) Scan later I decided to do neither option in case this was not a genuine message...... I exited the message Then another message came on... User Account Control An unidentified programme wants to to access your computer chipset_driver_update.exe Cancel Allow Again I decided to do neither option in case this was not a genuine message...... I exited the message I am now unablw to access the Carol partition side of the PC as it is corrupt. I went into safe mode and began to run Malwarebytes, after a few seconds I got the Specialist Crime Dictorate Police Control e-crime Unit screen.... Safe mode has been attacked!! Luckily (?) I am stillable to access the party poker partition, which is still working, but infected with the audio adverts, and I am emailing from there. I ran the adwCleaner, the log is below. I downloaded tsskiller but it would not launch. I have updated Malwarebytes and run the scan, log below. Many thanks for you patience and advice... # AdwCleaner v2.001 - Logfile created 09/14/2012 at 07:48:35 # Updated 09/09/2012 by Xplode # Operating system : Windows Vista Home Basic Service Pack 2 (32 bits) # User : party poker AC - CAROLS-PC # Boot Mode : Normal # Running from : C:\Users\party poker AC\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\CAROL\AppData\Local\Ilivid Player Folder Deleted : C:\Users\CAROL\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\CAROL\AppData\LocalLow\imeshbandmltbpi Folder Deleted : C:\Users\CAROL\AppData\LocalLow\mediabarim Folder Deleted : C:\Users\CAROL\AppData\Roaming\Babylon Folder Deleted : C:\Users\CAROL\AppData\Roaming\Media Finder Folder Deleted : C:\Users\CAROL\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com Folder Deleted : C:\Users\party poker AC\AppData\LocalLow\Search Settings ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6} Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Deleted : HKLM\SOFTWARE\Classes\MF Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2 Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai Key Deleted : HKLM\Software\ilivid Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : HKLM\Software\Tarma Installer Key Deleted : HKLM\Software\Viewpoint Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] ************************* AdwCleaner[R1].txt - [8796 octets] - [13/09/2012 16:15:26] AdwCleaner[s1].txt - [7761 octets] - [14/09/2012 07:48:35] ########## EOF - C:\AdwCleaner[s1].txt - [7821 octets] ########## Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.14.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 party poker AC :: CAROLS-PC [administrator] Protection: Disabled 14/09/2012 08:12:52 mbam-log-2012-09-14 (08-12-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 213459 Time elapsed: 5 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-1445800729-3374758021-1386323499-1004\$9b82c2852086004be0b367d93f24386a\n.) Good: (shell32.dll) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\ProgramData\uQPiuYoYUryntvk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-18\$9b82c2852086004be0b367d93f24386a\n (Trojan.0Access) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-1445800729-3374758021-1386323499-1000\$9b82c2852086004be0b367d93f24386a\n (Trojan.0Access) -> Quarantined and deleted successfully. C:\Users\CAROL\AppData\Local\Temp\5c5afa54.tmp (Trojan.Phex.THAGen9) -> Quarantined and deleted successfully. C:\Users\CAROL\AppData\Local\Temp\Y4LlezGNWxPBSm.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\CAROL\kumopytjfhd.exe (Trojan.Phex.THAGen9) -> Quarantined and deleted successfully. (end)

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

vidiviciveni replied to vidiviciveni's topic in Resolved Malware Removal Logs

Hi - Many thanks for your help - I successfully completed steps 1, 2 & 3 but after downloading aswMBR to desktop, when I tried to run it, it wouldn't. I double clicked it, which opened the User Account control screen asking for 'An unidentified programme wants access to your computer'. When I clicked to Allow aswMBR.exe connection to the computer nothing happened. I also tried Run as Administrator but same result. Below are AdwCleaner Malwarebytes' Anti-Malware log Thank you again... # AdwCleaner v2.001 - Logfile created 09/13/2012 at 16:15:26 # Updated 09/09/2012 by Xplode # Operating system : Windows Vista Home Basic Service Pack 2 (32 bits) # User : CAROL - CAROLS-PC # Boot Mode : Normal # Running from : C:\Users\CAROL\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\user.js Folder Found : C:\Program Files\Common Files\spigot Folder Found : C:\ProgramData\Anti-phishing Domain Advisor Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\CAROL\AppData\Local\Ilivid Player Folder Found : C:\Users\CAROL\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\CAROL\AppData\LocalLow\imeshbandmltbpi Folder Found : C:\Users\CAROL\AppData\LocalLow\mediabarim Folder Found : C:\Users\CAROL\AppData\Roaming\Babylon Folder Found : C:\Users\CAROL\AppData\Roaming\Media Finder Folder Found : C:\Users\CAROL\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com Folder Found : C:\Users\party poker AC\AppData\LocalLow\Search Settings ***** [Registry] ***** Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL Key Found : HKCU\Software\BrowserCompanion Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\MediaFinder Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh 1 MediaBar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Softonic Key Found : HKLM\Software\Babylon Key Found : HKLM\Software\BabylonToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4} Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Found : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Found : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key Found : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287} Key Found : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6} Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Found : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF} Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Found : HKLM\SOFTWARE\Classes\MF Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2 Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai Key Found : HKLM\Software\ilivid Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Found : HKLM\Software\Tarma Installer Key Found : HKLM\Software\Viewpoint Key Found : HKU\S-1-5-21-1445800729-3374758021-1386323499-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-1445800729-3374758021-1386323499-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.claro-search.com/?affID=115131&tt=3412_3&babsrc=HP_iclro&mntrId=5aac690200000000000000234daba003 ************************* AdwCleaner[R1].txt - [8667 octets] - [13/09/2012 16:15:26] ########## EOF - C:\AdwCleaner[R1].txt - [8727 octets] ########## ************************************************************************************************************************************************ Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.13.07 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 CAROL :: CAROLS-PC [administrator] Protection: Disabled 13/09/2012 17:17:28 mbam-log-2012-09-13 (17-17-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 212062 Time elapsed: 4 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|6F63A5DB0043E549C158EA8C2F3B707C (Trojan.LameShield) -> Data: C:\ProgramData\6F63A5DB0043E549C158EA8C2F3B707C\6F63A5DB0043E549C158EA8C2F3B707C.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$9b82c2852086004be0b367d93f24386a\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully. HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-1445800729-3374758021-1386323499-1000\$9b82c2852086004be0b367d93f24386a\n.) Good: (shell32.dll) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\ProgramData\6F63A5DB0043E549C158EA8C2F3B707C\6F63A5DB0043E549C158EA8C2F3B707C.exe (Trojan.LameShield) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-18\$9b82c2852086004be0b367d93f24386a\n (Trojan.0Access) -> Delete on reboot. C:\$Recycle.Bin\S-1-5-21-1445800729-3374758021-1386323499-1000\$9b82c2852086004be0b367d93f24386a\n (Trojan.0Access) -> Delete on reboot. (end)

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

vidiviciveni posted a topic in Resolved Malware Removal Logs

Hi - I have a Metropolitan Police Virus , a Security Shield virus and a very annoying audio advert virus. My Windows Defender & Firewall wont open. I have run Malwarebytes (Pro) but the virus's keep returning in the syshost.exe I tried dds but it wouldn't run as it said my C:\windows\system32\cdm.exe wasn't there. So I have included a Check Results attachment and RSIT log and info attachment. Many thanks in anticipation of your help... There goes that damn music again..... grrrrrrr! CheckResults.txt log.txt info.txt

Sign In

vidiviciveni

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by vidiviciveni

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

I have several virus's, dds wouldn't launch, here's RSIT, thanks!

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information