Jump to content

Needhelpplease1

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by Needhelpplease1

  1. I can't thank you enough for you help Mr. Naggar, God bless you for all your help. I do have some questions: 1. Will my computer be safe to do any transactions (I very rarely make transactions on this computer, perhaps 1 a year or less). 2. Will my computer be safe to log in to websites? I guess what I'm asking is "Is the backdoor shut," I understand the trojan is gone, but will it be safe enough to use the computer normally? I will probably not be doing any transactions on this computer at all to be on the safe side, but I would hope to be able to log in to websites safely without getting my information stolen.
  2. Alright, scans are all complete. The only problem I encountered was the TDSSkiller, which worked properly, and found 0 infections, but when I clicked report, I was unable to copy the information, and was unable to find any possible file it could have made, I can say for certain it found 0 threats. aswMBR (No, FIX button did not become enabled): aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-03-04 15:24:53 ----------------------------- 15:24:53.110 OS Version: Windows x64 6.1.7601 Service Pack 1 15:24:53.111 Number of processors: 1 586 0x7F02 15:24:53.112 ComputerName: JOSEPH-PC UserName: Joseph 15:24:53.781 Initialize success 15:24:53.911 AVAST engine defs: 10092001 15:25:34.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055 15:25:34.021 Disk 0 Vendor: Hitachi_ ST2O Size: 305245MB BusType: 3 15:25:34.038 Disk 0 MBR read successfully 15:25:34.041 Disk 0 MBR scan 15:25:34.047 Disk 0 unknown MBR code 15:25:34.053 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 15:25:34.070 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292917 MB offset 206848 15:25:34.105 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12226 MB offset 600100864 15:25:34.148 Disk 0 scanning C:\Windows\system32\drivers 15:25:42.966 Service scanning 15:26:07.981 Modules scanning 15:26:08.403 AVAST engine scan C:\Windows 15:26:10.002 AVAST engine scan C:\Windows\system32 15:28:36.598 AVAST engine scan C:\Windows\system32\drivers 15:28:47.630 AVAST engine scan C:\Users\Joseph 15:31:57.078 Disk 0 MBR has been saved successfully to "C:\Users\Joseph\Documents\MBR.dat" 15:31:57.093 The log file has been saved successfully to "C:\Users\Joseph\Documents\aswMBR info.txt" Listparts: ListParts by Farbar Version: 04-03-2013 Ran by Joseph (administrator) on 04-03-2013 at 15:41:32 Windows 7 (X64) Running From: C:\Users\Joseph\Downloads Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 43% Total physical RAM: 2942.49 MB Available physical RAM: 1648.25 MB Total Pagefile: 5883.18 MB Available Pagefile: 4147.77 MB Total Virtual: 4095.88 MB Available Virtual: 3991.99 MB ======================= Partitions ========================= 1 Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:207.09 GB) NTFS 2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Partitions of Disk 0: =============== Disk ID: 1549F232 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 286 GB 101 MB Partition 3 Primary 11 GB 286 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C HP NTFS Partition 286 GB Healthy Boot ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D FACTORY_IMA NTFS Partition 11 GB Healthy ====================================================================================================== ****** End Of Log ******
  3. Okay Mr. Naggar, here are the results: Rkill: Rkill 2.4.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 03/03/2013 05:56:53 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\Joseph\Desktop\rkill\rkill-03-03-2013-05-56-58.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * ALERT: ZEROACCESS rootkit symptoms found! * HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack] * C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\00000004.@ [ZA File] * C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\201d3dde [ZA File] * C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U\ [ZA Dir] * C:\Windows\assembly\GAC_32\Desktop.ini [ZA File] * C:\Windows\assembly\GAC_64\Desktop.ini [ZA File] Checking Windows Service Integrity: * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual * BFE [Missing Service] * BITS [Missing Service] * iphlpsvc [Missing Service] * MpsSvc [Missing Service] * WinDefend [Missing Service] * wscsvc [Missing Service] * wuauserv [Missing Service] * SharedAccess [Missing ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 03/03/2013 05:57:15 PM Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s) Roguekiller: RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joseph [Admin rights] Mode : Scan -- Date : 03/03/2013 18:07:46 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc] [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 15 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND [TASK][ROGUE ST] 4798 : wscript.exe C:\Users\Joseph\AppData\Local\Temp\launchie.vbs //B -> FOUND [TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Joseph\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe" [x] -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++ --- User --- [MBR] e53d06fa40611a278ba0d6c3eb674f5e [bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_S_03032013_02d1807.txt >> RKreport[1]_S_03022013_02d1333.txt ; RKreport[2]_S_03032013_02d1807.txt RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joseph [Admin rights] Mode : Remove -- Date : 03/03/2013 18:10:36 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc] [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 11 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> DELETED [RUN][sUSP PATH] HKCU\[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> DELETED [RUN][sUSP PATH] HKCU\[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> DELETED [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED [TASK][ROGUE ST] 4798 : wscript.exe C:\Users\Joseph\AppData\Local\Temp\launchie.vbs //B -> DELETED [TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Joseph\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe" [x] -> DELETED [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> REPLACED (C:\Windows\system32\wbem\fastprox.dll) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\U --> REMOVED [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\00000004.@ [-] --> REMOVED [Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\201d3dde [-] --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\L --> REMOVED [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> REMOVED [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++ --- User --- [MBR] e53d06fa40611a278ba0d6c3eb674f5e [bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3]_D_03032013_02d1810.txt >> RKreport[1]_S_03022013_02d1333.txt ; RKreport[2]_S_03032013_02d1807.txt ; RKreport[3]_D_03032013_02d1810.txt RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joseph [Admin rights] Mode : Remove -- Date : 03/03/2013 18:12:33 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc] [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++ --- User --- [MBR] e53d06fa40611a278ba0d6c3eb674f5e [bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[4]_D_03032013_02d1812.txt >> RKreport[1]_S_03022013_02d1333.txt ; RKreport[2]_S_03032013_02d1807.txt ; RKreport[3]_D_03032013_02d1810.txt ; RKreport[4]_D_03032013_02d1812.txt
  4. Alright, before I begin I have one question: Do I need to download all these then exit out of my internet browser, or can I download them, exit out of the browser, run the scan, once scan is complete begin next scan. If you understand what I mean?
  5. Okay, so I will begin this tomorrow, as it is late. One question I have is do I restore to factory settings before or after we do the scans for the infections. I would assume that would be done after, but I would rather see what you say first. And as for the personal files I don't really keep things on my personal computer, which yes is a HP. I prefer to keep what few files I actually do keep on a flash drive. Hopefully we'll be able to eliminate these viruses by tomorrow, get my computer reverted to it's original, unchanged self. From the clean computer it will be much easier to make a stronger defense, I also plan on swapping out my default browser to a more secure one, and will be certain to update my defense system more frequently. I never want to go through this stressful process again. This whole issue is scary, and I'll be glad when it is over. I know I've said this several times, but I can't thank you enough for your help.
  6. I have a few more questions, before I make the decision to go through with this process, I'm sure you understand, as I am quite nervous. 1. The first step I am uncertain of what to do, I am perfectly fine with having to start over with factory settings, such as re-downloading all the current programs I own, anti-viruses, etc. I do not have any personal items saved to this computer other than games that I can simply re-download as I have already purchased them. I have the feeling that after we remove the Trojans, restoring the computer to factory settings and wiping the hard drive, is the safest method. If you know what I mean, I guess my point is that after we've cleaned the PC I'd like to reset it to factory settings and then just re-download the things I need, which would be advantageous as it would ensure any junk I previously had on my PC would be gone. 2. I am not sure if I have the Windows 7 DVD or not, I will make sure to search, my question is will it or saving data to a flash drive or other DVD be necessary, or will I be able to skip this process and after the virus removal start the computer almost as though it is new. 3. Can you give me a brief summary of what this process is going to do once we complete it? I truly am not trying to be a burden by asking you so many questions, I really appreciate all the help you have given me.
  7. I am unsure what to do from here, I have ensured I logged out of everything, and am changing passwords from a safe place as we speak and will not re-log on to them on this computer. I have several questions: 1. Does this mean I will never be able to use this computer again? 2. Is there no way to completely wipe the computer of everything and start from square one? 3. Will I have no other choice but to purchase a new computer?
  8. I ran the Malwarebytes Anti-Rootkit without truly thinking about how it could mess with data, however, I did cancel the scan, I don't recall getting a log from it, however. My apologies for any inconvenience, I will not scan anything without suggestion again, it slipped my mind really. Tigzy's Roguekiller Log: RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joseph [Admin rights] Mode : Scan -- Date : 03/02/2013 13:33:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msplex.dll [x] -> KILLED [TermProc] [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msplex.dll [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 15 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND [TASK][ROGUE ST] 4798 : wscript.exe C:\Users\Joseph\AppData\Local\Temp\launchie.vbs //B -> FOUND [TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Joseph\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe" [x] -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++ --- User --- [MBR] e53d06fa40611a278ba0d6c3eb674f5e [bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_03022013_02d1333.txt >> RKreport[1]_S_03022013_02d1333.txt
  9. Hello, I was told by a moderator to follow a pinned thread, which instructed me to post this information here. First, I will give a brief explanation of my problem. Around 1-2 weeks ago my computer contracted a re-direct virus, in which Malwarebytes found 8 malicious items, and Malwarebytes removed them. However, this did not fix the problem, a few days later I noticed Internet Explorer running in the background, but was only visible through task manager, I could not end the process directly, unless I went to the processes tab, after which the Internet Explorer would come back again. I ran an Avast! full scan, as well as another Malwarebytes full scan, but neither came up with anything. I then decided to download Spybot Search & Destroy, which found around 84 malicious items, and it destroyed those. However the problem still did not fix. I finally ended up here, with no other option because I had no idea what else to do but to ask experts. The Internet Explorer (IE) websites that were "running" were websites I had never seen before. The names I have noticed most common were named: www.listonlist.com, Crash Recovery, Blank Page, and Navigation Cancelled. Several other websites would play occasionally that would have ads playing, with various names that I do not remember. I believe I have a rootkit, which I fear is going to take my private information, I have changed my passwords several times to help eliminate the problem, and have not been told by any friends or family on my email that they recieved strange messages or spam from me. I understand this is long, and perhaps some of this information is irrelevant, but I assumed it would be best to provide as much information as possible. Thank you so very much for your time. When I posted here I was assisted by a Mr. Maurice Naggar, who kindly helped me, I ran several scans, before he directed me to go to a thread and follow the instructions given there. I will now provide the scans, and their information: *MALWAREBYTES FULL SCAN INFORMATION* Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.01.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Joseph :: JOSEPH-PC [administrator] 3/1/2013 3:30:09 PM mbam-log-2013-03-01 (15-30-09).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 559796 Time elapsed: 1 hour(s), 36 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) _________________________ *JUNKWARE REMOVAL TOOL* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.6 (02.27.2013:1) OS: Windows 7 Home Premium x64 Ran by Joseph on Sat 03/02/2013 at 11:01:41.47 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{9d425283-d487-4337-bab6-ab8354a81457} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{9d425283-d487-4337-bab6-ab8354a81457} Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Val Name Type Value Data ======== ==== ========== msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add pocpr REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Val Name Type Value Data ======== ==== ========== msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduitengine Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_current_user\software\sparktrust Successfully deleted: [Registry Key] hkey_local_machine\software\sparktrust Successfully deleted: [Registry Key] hkey_current_user\software\zugo Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\fun web products Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\&search Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.bho Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.downloadphoto Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1460988 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2418376 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2903601 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2956065 Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9d425283-d487-4337-bab6-ab8354a81457} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{abd3b5e1-b268-407b-a150-2641dab8d898} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{abd3b5e1-b268-407b-a150-2641dab8d898} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440} Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd" Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll" ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\sparktrust" Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\sparktrust" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\babylontoolbar" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduitengine" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\facemoods.com" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\funwebproducts" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\toolbar4" Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine" Successfully deleted: [Folder] "C:\Program Files (x86)\fbdownloader" Successfully deleted: [Folder] "C:\Program Files (x86)\sdiv 2.0" Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer" Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Failed to delete: [Folder] "C:\Users\Joseph\appdata\locallow\asktoolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com" Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 03/02/2013 at 11:16:00.56 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________ *DDS* . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2009 8:26:35 AM System Uptime: 3/2/2013 11:51:01 AM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | NARRA5 Processor: AMD Sempron™ Processor LE-1200 | Socket AM2 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free. D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer RP478: 2/20/2013 9:47:45 PM - Installed DirectX RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar. RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer AbiWord 2.8.6 Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Device Central CS3 Adobe Download Assistant Adobe ExtendScript Toolkit 2 Adobe Flash CS3 Adobe Flash CS3 Professional Adobe Flash Player 11 ActiveX Adobe Flash Player Plugin Adobe Flash Video Encoder Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Reader 9.5.4 Adobe Setup Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Ask Toolbar avast! Free Antivirus Bing Rewards Client Installer Bookworm Deluxe 1.03 BufferChm CCleaner Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC Compatibility Pack for the 2007 Office system Conduit Engine Copy CyberLink DVD Suite Deluxe Destinations DeviceDiscovery DirectX for Managed Code Update (Summer 2004) DJ_AIO_06_F2400_SW_Min F2400 Feedback Tool FixBee Disk Optimizer Garry's Mod GoGear VIBE Device Manager Google Chrome Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Hardware Diagnostic Tools Hewlett-Packard ACLM.NET v1.2.1.1 Homepage Protection HP Advisor HP Customer Experience Enhancements HP Customer Participation Program 13.0 HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 HP Games HP Imaging Device Functions 13.0 HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Movie Themes HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP Odometer HP Print Projects 1.0 HP Remote Solution HP Setup HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Support Assistant HP Support Information HP Update HPPhotoGadget hpPrintProjects HPProductAssistant hpWLPGInstaller Insaniquarium Deluxe 1.0 Interlok driver setup x64 Java Auto Updater Java™ 7 Update 5 Java™ 7 Update 5 (64-bit) JavaFX 2.1.1 Junk Mail filter update LabelPrint LightScribe System Software LSI PCI-SV92EX Soft Modem Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Media Converter for Philips Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MTRS 2.0 1.0 MXDFP 1.0 NVIDIA Control Panel 301.42 NVIDIA Drivers NVIDIA Graphics Driver 301.42 NVIDIA Install Application NVIDIA Update 1.8.15 NVIDIA Update Components PDF Settings Power2Go PowerDirector PowerRecover RCA Detective™ 3.0.1.1 RCA easyRip 2.5.2.0 Realtek High Definition Audio Driver Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SmartWebPrinting SolutionCenter Spiral Knights Spybot - Search & Destroy Status Steam Team Fortress 2 The Rosetta Stone The Weather Channel App Toolbox TrayApp Trusted Software Assistant Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) WavePad Sound Editor WebM Media Foundation Components WebReg Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Wizard101 . ==== Event Viewer Messages From Past Week ======== . 3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. . ==== End Of File =========================== _____________________________ *ATTACH* . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2009 8:26:35 AM System Uptime: 3/2/2013 11:51:01 AM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | NARRA5 Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free. D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer RP478: 2/20/2013 9:47:45 PM - Installed DirectX RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar. RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer AbiWord 2.8.6 Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Device Central CS3 Adobe Download Assistant Adobe ExtendScript Toolkit 2 Adobe Flash CS3 Adobe Flash CS3 Professional Adobe Flash Player 11 ActiveX Adobe Flash Player Plugin Adobe Flash Video Encoder Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Reader 9.5.4 Adobe Setup Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Ask Toolbar avast! Free Antivirus Bing Rewards Client Installer Bookworm Deluxe 1.03 BufferChm CCleaner Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC Compatibility Pack for the 2007 Office system Conduit Engine Copy CyberLink DVD Suite Deluxe Destinations DeviceDiscovery DirectX for Managed Code Update (Summer 2004) DJ_AIO_06_F2400_SW_Min F2400 Feedback Tool FixBee Disk Optimizer Garry's Mod GoGear VIBE Device Manager Google Chrome Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Hardware Diagnostic Tools Hewlett-Packard ACLM.NET v1.2.1.1 Homepage Protection HP Advisor HP Customer Experience Enhancements HP Customer Participation Program 13.0 HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 HP Games HP Imaging Device Functions 13.0 HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Movie Themes HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP Odometer HP Print Projects 1.0 HP Remote Solution HP Setup HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Support Assistant HP Support Information HP Update HPPhotoGadget hpPrintProjects HPProductAssistant hpWLPGInstaller Insaniquarium Deluxe 1.0 Interlok driver setup x64 Java Auto Updater Java 7 Update 5 Java 7 Update 5 (64-bit) JavaFX 2.1.1 Junk Mail filter update LabelPrint LightScribe System Software LSI PCI-SV92EX Soft Modem Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Media Converter for Philips Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MTRS 2.0 1.0 MXDFP 1.0 NVIDIA Control Panel 301.42 NVIDIA Drivers NVIDIA Graphics Driver 301.42 NVIDIA Install Application NVIDIA Update 1.8.15 NVIDIA Update Components PDF Settings Power2Go PowerDirector PowerRecover RCA Detective™ 3.0.1.1 RCA easyRip 2.5.2.0 Realtek High Definition Audio Driver Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SmartWebPrinting SolutionCenter Spiral Knights Spybot - Search & Destroy Status Steam Team Fortress 2 The Rosetta Stone The Weather Channel App Toolbox TrayApp Trusted Software Assistant Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) WavePad Sound Editor WebM Media Foundation Components WebReg Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Wizard101 . ==== Event Viewer Messages From Past Week ======== . 3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. . ==== End Of File ===========================
  10. Oh and here is the Attach information. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2009 8:26:35 AM System Uptime: 3/2/2013 11:51:01 AM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | NARRA5 Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free. D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer RP478: 2/20/2013 9:47:45 PM - Installed DirectX RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar. RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer AbiWord 2.8.6 Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Device Central CS3 Adobe Download Assistant Adobe ExtendScript Toolkit 2 Adobe Flash CS3 Adobe Flash CS3 Professional Adobe Flash Player 11 ActiveX Adobe Flash Player Plugin Adobe Flash Video Encoder Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Reader 9.5.4 Adobe Setup Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Ask Toolbar avast! Free Antivirus Bing Rewards Client Installer Bookworm Deluxe 1.03 BufferChm CCleaner Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC Compatibility Pack for the 2007 Office system Conduit Engine Copy CyberLink DVD Suite Deluxe Destinations DeviceDiscovery DirectX for Managed Code Update (Summer 2004) DJ_AIO_06_F2400_SW_Min F2400 Feedback Tool FixBee Disk Optimizer Garry's Mod GoGear VIBE Device Manager Google Chrome Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Hardware Diagnostic Tools Hewlett-Packard ACLM.NET v1.2.1.1 Homepage Protection HP Advisor HP Customer Experience Enhancements HP Customer Participation Program 13.0 HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 HP Games HP Imaging Device Functions 13.0 HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Movie Themes HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP Odometer HP Print Projects 1.0 HP Remote Solution HP Setup HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Support Assistant HP Support Information HP Update HPPhotoGadget hpPrintProjects HPProductAssistant hpWLPGInstaller Insaniquarium Deluxe 1.0 Interlok driver setup x64 Java Auto Updater Java 7 Update 5 Java 7 Update 5 (64-bit) JavaFX 2.1.1 Junk Mail filter update LabelPrint LightScribe System Software LSI PCI-SV92EX Soft Modem Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Media Converter for Philips Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MTRS 2.0 1.0 MXDFP 1.0 NVIDIA Control Panel 301.42 NVIDIA Drivers NVIDIA Graphics Driver 301.42 NVIDIA Install Application NVIDIA Update 1.8.15 NVIDIA Update Components PDF Settings Power2Go PowerDirector PowerRecover RCA Detective™ 3.0.1.1 RCA easyRip 2.5.2.0 Realtek High Definition Audio Driver Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SmartWebPrinting SolutionCenter Spiral Knights Spybot - Search & Destroy Status Steam Team Fortress 2 The Rosetta Stone The Weather Channel App Toolbox TrayApp Trusted Software Assistant Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) WavePad Sound Editor WebM Media Foundation Components WebReg Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Wizard101 . ==== Event Viewer Messages From Past Week ======== . 3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. . ==== End Of File ===========================
  11. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2009 8:26:35 AM System Uptime: 3/2/2013 11:51:01 AM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | NARRA5 Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free. D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer RP478: 2/20/2013 9:47:45 PM - Installed DirectX RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar. RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer AbiWord 2.8.6 Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Device Central CS3 Adobe Download Assistant Adobe ExtendScript Toolkit 2 Adobe Flash CS3 Adobe Flash CS3 Professional Adobe Flash Player 11 ActiveX Adobe Flash Player Plugin Adobe Flash Video Encoder Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Reader 9.5.4 Adobe Setup Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Ask Toolbar avast! Free Antivirus Bing Rewards Client Installer Bookworm Deluxe 1.03 BufferChm CCleaner Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC Compatibility Pack for the 2007 Office system Conduit Engine Copy CyberLink DVD Suite Deluxe Destinations DeviceDiscovery DirectX for Managed Code Update (Summer 2004) DJ_AIO_06_F2400_SW_Min F2400 Feedback Tool FixBee Disk Optimizer Garry's Mod GoGear VIBE Device Manager Google Chrome Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Hardware Diagnostic Tools Hewlett-Packard ACLM.NET v1.2.1.1 Homepage Protection HP Advisor HP Customer Experience Enhancements HP Customer Participation Program 13.0 HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 HP Games HP Imaging Device Functions 13.0 HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Movie Themes HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP Odometer HP Print Projects 1.0 HP Remote Solution HP Setup HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Support Assistant HP Support Information HP Update HPPhotoGadget hpPrintProjects HPProductAssistant hpWLPGInstaller Insaniquarium Deluxe 1.0 Interlok driver setup x64 Java Auto Updater Java 7 Update 5 Java 7 Update 5 (64-bit) JavaFX 2.1.1 Junk Mail filter update LabelPrint LightScribe System Software LSI PCI-SV92EX Soft Modem Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Media Converter for Philips Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MTRS 2.0 1.0 MXDFP 1.0 NVIDIA Control Panel 301.42 NVIDIA Drivers NVIDIA Graphics Driver 301.42 NVIDIA Install Application NVIDIA Update 1.8.15 NVIDIA Update Components PDF Settings Power2Go PowerDirector PowerRecover RCA Detective™ 3.0.1.1 RCA easyRip 2.5.2.0 Realtek High Definition Audio Driver Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SmartWebPrinting SolutionCenter Spiral Knights Spybot - Search & Destroy Status Steam Team Fortress 2 The Rosetta Stone The Weather Channel App Toolbox TrayApp Trusted Software Assistant Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) WavePad Sound Editor WebM Media Foundation Components WebReg Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Wizard101 . ==== Event Viewer Messages From Past Week ======== . 3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. . ==== End Of File =========================== Here are the DDS logs in case you wanted to see them here as well. I thank you so much for your time, Mr. Naggar, hopefully I can eliminate this pesky issue soon.
  12. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.6 (02.27.2013:1) OS: Windows 7 Home Premium x64 Ran by Joseph on Sat 03/02/2013 at 11:01:41.47 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{9d425283-d487-4337-bab6-ab8354a81457} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{9d425283-d487-4337-bab6-ab8354a81457} Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Val Name Type Value Data ======== ==== ========== msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add pocpr REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Val Name Type Value Data ======== ==== ========== msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduitengine Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_current_user\software\sparktrust Successfully deleted: [Registry Key] hkey_local_machine\software\sparktrust Successfully deleted: [Registry Key] hkey_current_user\software\zugo Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\fun web products Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\&search Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.bho Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.downloadphoto Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1460988 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2418376 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2903601 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2956065 Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9d425283-d487-4337-bab6-ab8354a81457} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{abd3b5e1-b268-407b-a150-2641dab8d898} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{abd3b5e1-b268-407b-a150-2641dab8d898} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440} Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd" Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll" ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\sparktrust" Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\sparktrust" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\babylontoolbar" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduitengine" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\facemoods.com" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\funwebproducts" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\toolbar4" Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine" Successfully deleted: [Folder] "C:\Program Files (x86)\fbdownloader" Successfully deleted: [Folder] "C:\Program Files (x86)\sdiv 2.0" Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer" Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Failed to delete: [Folder] "C:\Users\Joseph\appdata\locallow\asktoolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com" Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 03/02/2013 at 11:16:00.56 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Will tell how my computer is running soon.
  13. Sorry I forgot to post this earlier, but I did not receive any help prior to my posts on this forum. I am normally capable of getting rid of viruses, malware, etc. but this one I have never experienced. I truly appreciate your help, however.
  14. First, I would like to thank you for your help. And now for the results: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.01.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Joseph :: JOSEPH-PC [administrator] 3/1/2013 3:30:09 PM mbam-log-2013-03-01 (15-30-09).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 559796 Time elapsed: 1 hour(s), 36 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ________________________________ As you can see, there were no malicious items detected, but the problem is still present.
  15. Hello, I have an annoying issue, I recently got rid of an annoying re-direct virus around 1-2 weeks ago. A day or two later I started noticing Internet Explorer (IE) as an active process in Task Manager, even though I did not have it actively pulled up. The name of the website also changed, and sometimes there were 3 or 4 different IE processes pulled up. Occasionally I would encounter audio ads. I was unable to try and end the process like you would normally end any program that was not responding or was slow to exit normally. I had to go to processes in order to exit the ads out, however within only a few minutes the random IE programs were running in the background again. I scanned my computer with Malwarebytes, Avast, and Spybot Search and Destroy. Malwarebytes had previously destroyed the re-direct virus, but found nothing when I tried to remove these audio ads. Avast! also found nothing, so I downloaded Spybot Search and Destroy, and it came up with around 84 problems, and I had them fixed, however this still did not remove the problem. Any further help would be greatly appreciated as soon as possible! Thank you for your time.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.