[I have several virus's, dds wouldn't launch, here's RSIT, thanks!]

Update - It's still frozen/stuck and has been for 11 hours now.

[I have several virus's, dds wouldn't launch, here's RSIT, thanks!]

Hi - Maniac

I am in the middle of running combo fix as you suggested. It is stuck processing on the line Output folder : C:\32788R22FWJFW , the green bar is at 90% and has been frozen/stuck like this for over 3 hours now. What should I do?

Thank you

[I have several virus's, dds wouldn't launch, here's RSIT, thanks!]

I did both the Automatic fix file system errors and Scan for and attempt recovery of bad sectors. There were no problems/errors reported. But when I did 'repair your computer', the same problem as before occurred.

[I have several virus's, dds wouldn't launch, here's RSIT, thanks!]

Hi Maniac

- I downloaded Farbar onto my 'good' computer & put Farbar on a flashdrive.

- Plugged the flashdrive into the infected PC

- Restarted the computer

- As soon as the BIOS loaded beain tapping the F8 key until Advanced Boot Options appeared.

- Used the arrow keys to select the Repair your computer menu item, I hit ENTER.

The screen cleared and I get a green/black striped bar going across the screen (about 6 cm long) above the words Microsoft Corporation

This stayed 'loading' for 20 minutes. I shut down and repeated the process 3-4 times but the same happened each time.

I was not taken to the steps you mentioned, shown below.

• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

I do not have an installation disk, sorry. Can you suggest a work around?

Many thanks again.

[I have several virus's, dds wouldn't launch, here's RSIT, thanks!]

Hi - Yes please. i was just advising that I am corresponding through another computer so as to keep the other off line.

Thank you...

[I have several virus's, dds wouldn't launch, here's RSIT, thanks!]

UPDATE - Now have use of a safe computer. Will monitor from here in future.

Thank you.

[I have several virus's, dds wouldn't launch, here's RSIT, thanks!]

Hi Maniac -

Thank you for your last instructions and information. This is the only computer we have so I can't immediately disconnect from internet. Also I needed it connected to download tsskiller etc.

I aim to get this computer running so I can retrieve the documents saved there onto usb and then will I will do a reformat and reinstall of the OS.

I will try to get to a known clean computer and change all passwords where applicable very soon, and contact financial institutions to apprise them of my situation.

Last evening things worsened I'm afraid....

I got a pop-up to load an Adobe upgrade, which I tried to ignore and exit from in case it was infected. It kept popping up, I kept exiting. Then I got a message box....

System Error Hard Disc Failure Detected

Windows lost access to the system partition during I/O process. his may also lead to a potential loss of data it is highly recommended to run complete HDD scan to prevent lost of files. applications and documentsstored on your computer.

Scan & Repair (recommended)

Scan later

I decided to do neither option in case this was not a genuine message...... I exited the message

Then another message came on...

User Account Control

An unidentified programme wants to to access your computer

chipset_driver_update.exe

Cancel

Allow

Again I decided to do neither option in case this was not a genuine message...... I exited the message

I am now unablw to access the Carol partition side of the PC as it is corrupt.

I went into safe mode and began to run Malwarebytes, after a few seconds I got the Specialist Crime Dictorate Police Control e-crime Unit screen.... Safe mode has been attacked!!

Luckily (?) I am stillable to access the party poker partition, which is still working, but infected with the audio adverts, and I am emailing from there.

I ran the adwCleaner, the log is below.

I downloaded tsskiller but it would not launch.

I have updated Malwarebytes and run the scan, log below.

Many thanks for you patience and advice...

# AdwCleaner v2.001 - Logfile created 09/14/2012 at 07:48:35

# Updated 09/09/2012 by Xplode

# Operating system : Windows Vista Home Basic Service Pack 2 (32 bits)

# User : party poker AC - CAROLS-PC

# Boot Mode : Normal

# Running from : C:\Users\party poker AC\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\CAROL\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\CAROL\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\CAROL\AppData\LocalLow\imeshbandmltbpi

Folder Deleted : C:\Users\CAROL\AppData\LocalLow\mediabarim

Folder Deleted : C:\Users\CAROL\AppData\Roaming\Babylon

Folder Deleted : C:\Users\CAROL\AppData\Roaming\Media Finder

Folder Deleted : C:\Users\CAROL\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Folder Deleted : C:\Users\party poker AC\AppData\LocalLow\Search Settings

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}

Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery

Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1

Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Key Deleted : HKLM\SOFTWARE\Classes\MF

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}

Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO

Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Deleted : HKLM\Software\ilivid

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Key Deleted : HKLM\Software\Tarma Installer

Key Deleted : HKLM\Software\Viewpoint

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[R1].txt - [8796 octets] - [13/09/2012 16:15:26]

AdwCleaner[s1].txt - [7761 octets] - [14/09/2012 07:48:35]

########## EOF - C:\AdwCleaner[s1].txt - [7821 octets] ##########

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.14.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

party poker AC :: CAROLS-PC [administrator]

Protection: Disabled

14/09/2012 08:12:52

mbam-log-2012-09-14 (08-12-52).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 213459

Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-1445800729-3374758021-1386323499-1004\$9b82c2852086004be0b367d93f24386a\n.) Good: (shell32.dll) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\ProgramData\uQPiuYoYUryntvk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-18\$9b82c2852086004be0b367d93f24386a\n (Trojan.0Access) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-1445800729-3374758021-1386323499-1000\$9b82c2852086004be0b367d93f24386a\n (Trojan.0Access) -> Quarantined and deleted successfully.

C:\Users\CAROL\AppData\Local\Temp\5c5afa54.tmp (Trojan.Phex.THAGen9) -> Quarantined and deleted successfully.

C:\Users\CAROL\AppData\Local\Temp\Y4LlezGNWxPBSm.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\CAROL\kumopytjfhd.exe (Trojan.Phex.THAGen9) -> Quarantined and deleted successfully.

(end)

[I have several virus's, dds wouldn't launch, here's RSIT, thanks!]

Hi - Many thanks for your help - I successfully completed steps 1, 2 & 3 but after downloading aswMBR to desktop, when I tried to run it, it wouldn't.

I double clicked it, which opened the User Account control screen asking for 'An unidentified programme wants access to your computer'.

When I clicked to Allow aswMBR.exe connection to the computer nothing happened. I also tried Run as Administrator but same result.

Below are

• AdwCleaner
  
• Malwarebytes' Anti-Malware log
  

Thank you again...

# AdwCleaner v2.001 - Logfile created 09/13/2012 at 16:15:26

# Updated 09/09/2012 by Xplode

# Operating system : Windows Vista Home Basic Service Pack 2 (32 bits)

# User : CAROL - CAROLS-PC

# Boot Mode : Normal

# Running from : C:\Users\CAROL\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\user.js

Folder Found : C:\Program Files\Common Files\spigot

Folder Found : C:\ProgramData\Anti-phishing Domain Advisor

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\CAROL\AppData\Local\Ilivid Player

Folder Found : C:\Users\CAROL\AppData\LocalLow\boost_interprocess

Folder Found : C:\Users\CAROL\AppData\LocalLow\imeshbandmltbpi

Folder Found : C:\Users\CAROL\AppData\LocalLow\mediabarim

Folder Found : C:\Users\CAROL\AppData\Roaming\Babylon

Folder Found : C:\Users\CAROL\AppData\Roaming\Media Finder

Folder Found : C:\Users\CAROL\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Folder Found : C:\Users\party poker AC\AppData\LocalLow\Search Settings

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

Key Found : HKCU\Software\BrowserCompanion

Key Found : HKCU\Software\ilivid

Key Found : HKCU\Software\MediaFinder

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh 1 MediaBar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Softonic

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\BabylonToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}

Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}

Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}

Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}

Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}

Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}

Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}

Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery

Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1

Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol

Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Key Found : HKLM\SOFTWARE\Classes\MF

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}

Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO

Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Found : HKLM\Software\ilivid

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Key Found : HKLM\Software\Tarma Installer

Key Found : HKLM\Software\Viewpoint

Key Found : HKU\S-1-5-21-1445800729-3374758021-1386323499-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-1445800729-3374758021-1386323499-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.claro-search.com/?affID=115131&tt=3412_3&babsrc=HP_iclro&mntrId=5aac690200000000000000234daba003

*************************

AdwCleaner[R1].txt - [8667 octets] - [13/09/2012 16:15:26]

########## EOF - C:\AdwCleaner[R1].txt - [8727 octets] ##########

************************************************************************************************************************************************

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.13.07

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

CAROL :: CAROLS-PC [administrator]

Protection: Disabled

13/09/2012 17:17:28

mbam-log-2012-09-13 (17-17-28).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 212062

Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|6F63A5DB0043E549C158EA8C2F3B707C (Trojan.LameShield) -> Data: C:\ProgramData\6F63A5DB0043E549C158EA8C2F3B707C\6F63A5DB0043E549C158EA8C2F3B707C.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2

HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$9b82c2852086004be0b367d93f24386a\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.

HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-1445800729-3374758021-1386323499-1000\$9b82c2852086004be0b367d93f24386a\n.) Good: (shell32.dll) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\ProgramData\6F63A5DB0043E549C158EA8C2F3B707C\6F63A5DB0043E549C158EA8C2F3B707C.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-18\$9b82c2852086004be0b367d93f24386a\n (Trojan.0Access) -> Delete on reboot.

C:\$Recycle.Bin\S-1-5-21-1445800729-3374758021-1386323499-1000\$9b82c2852086004be0b367d93f24386a\n (Trojan.0Access) -> Delete on reboot.

(end)

[I have several virus's, dds wouldn't launch, here's RSIT, thanks!]

Hi - I have a Metropolitan Police Virus , a Security Shield virus and a very annoying audio advert virus. My Windows Defender & Firewall wont open. I have run Malwarebytes (Pro) but the virus's keep returning in the syshost.exe

I tried dds but it wouldn't run as it said my C:\windows\system32\cdm.exe wasn't there. So I have included a Check Results attachment and RSIT log and info attachment.

Many thanks in anticipation of your help... There goes that damn music again..... grrrrrrr!

CheckResults.txt

log.txt

info.txt