Jump to content

Needhelpplease1

Members
  • Posts

    17
  • Joined

  • Last visited

Posts posted by Needhelpplease1

  1. I can't thank you enough for you help Mr. Naggar, God bless you for all your help.

    I do have some questions:

    1. Will my computer be safe to do any transactions (I very rarely make transactions on this computer, perhaps 1 a year or less).

    2. Will my computer be safe to log in to websites?

    I guess what I'm asking is "Is the backdoor shut," I understand the trojan is gone, but will it be safe enough to use the computer normally? I will probably not be doing any transactions on this computer at all to be on the safe side, but I would hope to be able to log in to websites safely without getting my information stolen.

  2. Alright, scans are all complete. The only problem I encountered was the TDSSkiller, which worked properly, and found 0 infections, but when I clicked report, I was unable to copy the information, and was unable to find any possible file it could have made, I can say for certain it found 0 threats.

    aswMBR (No, FIX button did not become enabled):

    aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

    Run date: 2013-03-04 15:24:53

    -----------------------------

    15:24:53.110 OS Version: Windows x64 6.1.7601 Service Pack 1

    15:24:53.111 Number of processors: 1 586 0x7F02

    15:24:53.112 ComputerName: JOSEPH-PC UserName: Joseph

    15:24:53.781 Initialize success

    15:24:53.911 AVAST engine defs: 10092001

    15:25:34.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055

    15:25:34.021 Disk 0 Vendor: Hitachi_ ST2O Size: 305245MB BusType: 3

    15:25:34.038 Disk 0 MBR read successfully

    15:25:34.041 Disk 0 MBR scan

    15:25:34.047 Disk 0 unknown MBR code

    15:25:34.053 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

    15:25:34.070 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292917 MB offset 206848

    15:25:34.105 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12226 MB offset 600100864

    15:25:34.148 Disk 0 scanning C:\Windows\system32\drivers

    15:25:42.966 Service scanning

    15:26:07.981 Modules scanning

    15:26:08.403 AVAST engine scan C:\Windows

    15:26:10.002 AVAST engine scan C:\Windows\system32

    15:28:36.598 AVAST engine scan C:\Windows\system32\drivers

    15:28:47.630 AVAST engine scan C:\Users\Joseph

    15:31:57.078 Disk 0 MBR has been saved successfully to "C:\Users\Joseph\Documents\MBR.dat"

    15:31:57.093 The log file has been saved successfully to "C:\Users\Joseph\Documents\aswMBR info.txt"

    Listparts:

    ListParts by Farbar Version: 04-03-2013

    Ran by Joseph (administrator) on 04-03-2013 at 15:41:32

    Windows 7 (X64)

    Running From: C:\Users\Joseph\Downloads

    Language: 0409

    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 43%

    Total physical RAM: 2942.49 MB

    Available physical RAM: 1648.25 MB

    Total Pagefile: 5883.18 MB

    Available Pagefile: 4147.77 MB

    Total Virtual: 4095.88 MB

    Available Virtual: 3991.99 MB

    ======================= Partitions =========================

    1 Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:207.09 GB) NTFS

    2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt

    -------- ------------- ------- ------- --- ---

    Disk 0 Online 298 GB 0 B

    Disk 1 No Media 0 B 0 B

    Disk 2 No Media 0 B 0 B

    Disk 3 No Media 0 B 0 B

    Disk 4 No Media 0 B 0 B

    Partitions of Disk 0:

    ===============

    Disk ID: 1549F232

    Partition ### Type Size Offset

    ------------- ---------------- ------- -------

    Partition 1 Primary 100 MB 1024 KB

    Partition 2 Primary 286 GB 101 MB

    Partition 3 Primary 11 GB 286 GB

    ======================================================================================================

    Disk: 0

    Partition 1

    Type : 07

    Hidden: No

    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0

    Partition 2

    Type : 07

    Hidden: No

    Active: No

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 2 C HP NTFS Partition 286 GB Healthy Boot

    ======================================================================================================

    Disk: 0

    Partition 3

    Type : 07

    Hidden: No

    Active: No

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 3 D FACTORY_IMA NTFS Partition 11 GB Healthy

    ======================================================================================================

    ****** End Of Log ******

  3. Okay Mr. Naggar, here are the results:

    Rkill:

    Rkill 2.4.7 by Lawrence Abrams (Grinler)

    http://www.bleepingcomputer.com/

    Copyright 2008-2013 BleepingComputer.com

    More Information about Rkill can be found at this link:

    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 03/03/2013 05:56:53 PM in x64 mode.

    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

    Backup Registry file created at:

    C:\Users\Joseph\Desktop\rkill\rkill-03-03-2013-05-56-58.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * ALERT: ZEROACCESS rootkit symptoms found!

    * HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]

    * C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\ [ZA Dir]

    * C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\ [ZA Dir]

    * C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\00000004.@ [ZA File]

    * C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\201d3dde [ZA File]

    * C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U\ [ZA Dir]

    * C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]

    * C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

    Checking Windows Service Integrity:

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.

    Startup Type set to: Manual

    * BFE [Missing Service]

    * BITS [Missing Service]

    * iphlpsvc [Missing Service]

    * MpsSvc [Missing Service]

    * WinDefend [Missing Service]

    * wscsvc [Missing Service]

    * wuauserv [Missing Service]

    * SharedAccess [Missing ImagePath]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 03/03/2013 05:57:15 PM

    Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)

    Roguekiller:

    RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Joseph [Admin rights]

    Mode : Scan -- Date : 03/03/2013 18:07:46

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤

    [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]

    [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 15 ¤¤¤

    [RUN][sUSP PATH] HKCU\[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND

    [RUN][sUSP PATH] HKCU\[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND

    [RUN][sUSP PATH] HKCU\[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND

    [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND

    [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND

    [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND

    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND

    [TASK][ROGUE ST] 4798 : wscript.exe C:\Users\Joseph\AppData\Local\Temp\launchie.vbs //B -> FOUND

    [TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Joseph\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe" [x] -> FOUND

    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND

    [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND

    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND

    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND

    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND

    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND

    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++

    --- User ---

    [MBR] e53d06fa40611a278ba0d6c3eb674f5e

    [bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo

    User = LL1 ... OK!

    Error reading LL2 MBR!

    Finished : << RKreport[2]_S_03032013_02d1807.txt >>

    RKreport[1]_S_03022013_02d1333.txt ; RKreport[2]_S_03032013_02d1807.txt

    RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Joseph [Admin rights]

    Mode : Remove -- Date : 03/03/2013 18:10:36

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤

    [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]

    [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 11 ¤¤¤

    [RUN][sUSP PATH] HKCU\[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> DELETED

    [RUN][sUSP PATH] HKCU\[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> DELETED

    [RUN][sUSP PATH] HKCU\[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> DELETED

    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED

    [TASK][ROGUE ST] 4798 : wscript.exe C:\Users\Joseph\AppData\Local\Temp\launchie.vbs //B -> DELETED

    [TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Joseph\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe" [x] -> DELETED

    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED

    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U --> REMOVED

    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\U --> REMOVED

    [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\00000004.@ [-] --> REMOVED

    [Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\201d3dde [-] --> REMOVED

    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L --> REMOVED

    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\L --> REMOVED

    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> REMOVED

    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++

    --- User ---

    [MBR] e53d06fa40611a278ba0d6c3eb674f5e

    [bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo

    User = LL1 ... OK!

    Error reading LL2 MBR!

    Finished : << RKreport[3]_D_03032013_02d1810.txt >>

    RKreport[1]_S_03022013_02d1333.txt ; RKreport[2]_S_03032013_02d1807.txt ; RKreport[3]_D_03032013_02d1810.txt

    RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Joseph [Admin rights]

    Mode : Remove -- Date : 03/03/2013 18:12:33

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤

    [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]

    [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++

    --- User ---

    [MBR] e53d06fa40611a278ba0d6c3eb674f5e

    [bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo

    User = LL1 ... OK!

    Error reading LL2 MBR!

    Finished : << RKreport[4]_D_03032013_02d1812.txt >>

    RKreport[1]_S_03022013_02d1333.txt ; RKreport[2]_S_03032013_02d1807.txt ; RKreport[3]_D_03032013_02d1810.txt ; RKreport[4]_D_03032013_02d1812.txt

  4. Okay, so I will begin this tomorrow, as it is late.

    One question I have is do I restore to factory settings before or after we do the scans for the infections. I would assume that would be done after, but I would rather see what you say first.

    And as for the personal files I don't really keep things on my personal computer, which yes is a HP. I prefer to keep what few files I actually do keep on a flash drive.

    Hopefully we'll be able to eliminate these viruses by tomorrow, get my computer reverted to it's original, unchanged self. From the clean computer it will be much easier to make a stronger defense, I also plan on swapping out my default browser to a more secure one, and will be certain to update my defense system more frequently. I never want to go through this stressful process again. This whole issue is scary, and I'll be glad when it is over. I know I've said this several times, but I can't thank you enough for your help.

  5. I have a few more questions, before I make the decision to go through with this process, I'm sure you understand, as I am quite nervous.

    1. The first step I am uncertain of what to do, I am perfectly fine with having to start over with factory settings, such as re-downloading all the current programs I own, anti-viruses, etc. I do not have any personal items saved to this computer other than games that I can simply re-download as I have already purchased them. I have the feeling that after we remove the Trojans, restoring the computer to factory settings and wiping the hard drive, is the safest method. If you know what I mean, I guess my point is that after we've cleaned the PC I'd like to reset it to factory settings and then just re-download the things I need, which would be advantageous as it would ensure any junk I previously had on my PC would be gone.

    2. I am not sure if I have the Windows 7 DVD or not, I will make sure to search, my question is will it or saving data to a flash drive or other DVD be necessary, or will I be able to skip this process and after the virus removal start the computer almost as though it is new.

    3. Can you give me a brief summary of what this process is going to do once we complete it?

    I truly am not trying to be a burden by asking you so many questions, I really appreciate all the help you have given me.

  6. I am unsure what to do from here, I have ensured I logged out of everything, and am changing passwords from a safe place as we speak and will not re-log on to them on this computer.

    I have several questions:

    1. Does this mean I will never be able to use this computer again?

    2. Is there no way to completely wipe the computer of everything and start from square one?

    3. Will I have no other choice but to purchase a new computer?

  7. I ran the Malwarebytes Anti-Rootkit without truly thinking about how it could mess with data, however, I did cancel the scan, I don't recall getting a log from it, however. My apologies for any inconvenience, I will not scan anything without suggestion again, it slipped my mind really.

    Tigzy's Roguekiller Log:

    RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Joseph [Admin rights]

    Mode : Scan -- Date : 03/02/2013 13:33:44

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤

    [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msplex.dll [x] -> KILLED [TermProc]

    [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msplex.dll [x] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 15 ¤¤¤

    [RUN][sUSP PATH] HKCU\[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND

    [RUN][sUSP PATH] HKCU\[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND

    [RUN][sUSP PATH] HKCU\[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND

    [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND

    [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND

    [RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND

    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND

    [TASK][ROGUE ST] 4798 : wscript.exe C:\Users\Joseph\AppData\Local\Temp\launchie.vbs //B -> FOUND

    [TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Joseph\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe" [x] -> FOUND

    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND

    [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND

    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND

    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND

    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND

    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND

    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++

    --- User ---

    [MBR] e53d06fa40611a278ba0d6c3eb674f5e

    [bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo

    User = LL1 ... OK!

    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_03022013_02d1333.txt >>

    RKreport[1]_S_03022013_02d1333.txt

  8. Hello, I was told by a moderator to follow a pinned thread, which instructed me to post this information here. First, I will give a brief explanation of my problem. Around 1-2 weeks ago my computer contracted a re-direct virus, in which Malwarebytes found 8 malicious items, and Malwarebytes removed them. However, this did not fix the problem, a few days later I noticed Internet Explorer running in the background, but was only visible through task manager, I could not end the process directly, unless I went to the processes tab, after which the Internet Explorer would come back again. I ran an Avast! full scan, as well as another Malwarebytes full scan, but neither came up with anything. I then decided to download Spybot Search & Destroy, which found around 84 malicious items, and it destroyed those. However the problem still did not fix. I finally ended up here, with no other option because I had no idea what else to do but to ask experts. The Internet Explorer (IE) websites that were "running" were websites I had never seen before. The names I have noticed most common were named: www.listonlist.com, Crash Recovery, Blank Page, and Navigation Cancelled. Several other websites would play occasionally that would have ads playing, with various names that I do not remember. I believe I have a rootkit, which I fear is going to take my private information, I have changed my passwords several times to help eliminate the problem, and have not been told by any friends or family on my email that they recieved strange messages or spam from me. I understand this is long, and perhaps some of this information is irrelevant, but I assumed it would be best to provide as much information as possible. Thank you so very much for your time.

    When I posted here I was assisted by a Mr. Maurice Naggar, who kindly helped me, I ran several scans, before he directed me to go to a thread and follow the instructions given there. I will now provide the scans, and their information:

    *MALWAREBYTES FULL SCAN INFORMATION*

    Malwarebytes Anti-Malware 1.70.0.1100

    www.malwarebytes.org

    Database version: v2013.03.01.09

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 8.0.7601.17514

    Joseph :: JOSEPH-PC [administrator]

    3/1/2013 3:30:09 PM

    mbam-log-2013-03-01 (15-30-09).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 559796

    Time elapsed: 1 hour(s), 36 minute(s), 24 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    _________________________

    *JUNKWARE REMOVAL TOOL*

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 4.6.6 (02.27.2013:1)

    OS: Windows 7 Home Premium x64

    Ran by Joseph on Sat 03/02/2013 at 11:01:41.47

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services

    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d}

    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{9d425283-d487-4337-bab6-ab8354a81457}

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{9d425283-d487-4337-bab6-ab8354a81457}

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page

    Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Val Name Type Value Data

    ======== ==== ==========

    msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add

    pocpr REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults

    msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented

    Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Val Name Type Value Data

    ======== ==== ==========

    msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add

    msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented

    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe

    Successfully deleted: [Registry Key] hkey_current_user\software\conduit

    Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

    Successfully deleted: [Registry Key] hkey_local_machine\software\conduitengine

    Successfully deleted: [Registry Key] hkey_current_user\software\softonic

    Successfully deleted: [Registry Key] hkey_current_user\software\sparktrust

    Successfully deleted: [Registry Key] hkey_local_machine\software\sparktrust

    Successfully deleted: [Registry Key] hkey_current_user\software\zugo

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\fun web products

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\&search

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.bho

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.downloadphoto

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs

    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32

    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs

    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1460988

    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2418376

    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2903601

    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2956065

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9d425283-d487-4337-bab6-ab8354a81457}

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{abd3b5e1-b268-407b-a150-2641dab8d898}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{abd3b5e1-b268-407b-a150-2641dab8d898}

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324}

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}

    Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"

    Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"

    Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"

    Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

    Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

    Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"

    ~~~ Files

    Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

    Successfully deleted: [File] C:\eula.1028.txt

    Successfully deleted: [File] C:\eula.1031.txt

    Successfully deleted: [File] C:\eula.1033.txt

    Successfully deleted: [File] C:\eula.1036.txt

    Successfully deleted: [File] C:\eula.1040.txt

    Successfully deleted: [File] C:\eula.1041.txt

    Successfully deleted: [File] C:\eula.1042.txt

    Successfully deleted: [File] C:\eula.2052.txt

    Successfully deleted: [File] C:\install.res.1028.dll

    Successfully deleted: [File] C:\install.res.1031.dll

    Successfully deleted: [File] C:\install.res.1033.dll

    Successfully deleted: [File] C:\install.res.1036.dll

    Successfully deleted: [File] C:\install.res.1040.dll

    Successfully deleted: [File] C:\install.res.1041.dll

    Successfully deleted: [File] C:\install.res.1042.dll

    Successfully deleted: [File] C:\install.res.2052.dll

    Successfully deleted: [File] C:\install.res.3082.dll

    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\sparktrust"

    Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

    Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\drivercure"

    Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\sparktrust"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\local\conduit"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\babylontoolbar"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduit"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduitengine"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\facemoods.com"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\funwebproducts"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\pricegong"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\toolbar4"

    Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"

    Successfully deleted: [Folder] "C:\Program Files (x86)\fbdownloader"

    Successfully deleted: [Folder] "C:\Program Files (x86)\sdiv 2.0"

    Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"

    Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"

    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

    Failed to delete: [Folder] "C:\Users\Joseph\appdata\locallow\asktoolbar"

    Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"

    Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on Sat 03/02/2013 at 11:16:00.56

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    _______________________

    *DDS*

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 12/25/2009 8:26:35 AM

    System Uptime: 3/2/2013 11:51:01 AM (1 hours ago)

    .

    Motherboard: PEGATRON CORPORATION | | NARRA5

    Processor: AMD Sempron™ Processor LE-1200 | Socket AM2 | 2100/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free.

    D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free.

    E: is CDROM ()

    F: is Removable

    G: is Removable

    H: is Removable

    I: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer

    RP478: 2/20/2013 9:47:45 PM - Installed DirectX

    RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer

    RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar.

    RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer

    RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point

    .

    ==== Installed Programs ======================

    .

    64 Bit HP CIO Components Installer

    AbiWord 2.8.6

    Acrobat.com

    Activation Assistant for the 2007 Microsoft Office suites

    Adobe AIR

    Adobe Anchor Service CS3

    Adobe Asset Services CS3

    Adobe Bridge CS3

    Adobe Bridge Start Meeting

    Adobe Camera Raw 4.0

    Adobe CMaps

    Adobe Color Common Settings

    Adobe Color EU Extra Settings

    Adobe Color JA Extra Settings

    Adobe Color NA Recommended Settings

    Adobe Device Central CS3

    Adobe Download Assistant

    Adobe ExtendScript Toolkit 2

    Adobe Flash CS3

    Adobe Flash CS3 Professional

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player Plugin

    Adobe Flash Video Encoder

    Adobe Help Viewer CS3

    Adobe Linguistics CS3

    Adobe PDF Library Files

    Adobe Reader 9.5.4

    Adobe Setup

    Adobe Type Support

    Adobe Update Manager CS3

    Adobe Version Cue CS3 Client

    Adobe WinSoft Linguistics Plugin

    Ask Toolbar

    avast! Free Antivirus

    Bing Rewards Client Installer

    Bookworm Deluxe 1.03

    BufferChm

    CCleaner

    Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC

    Compatibility Pack for the 2007 Office system

    Conduit Engine

    Copy

    CyberLink DVD Suite Deluxe

    Destinations

    DeviceDiscovery

    DirectX for Managed Code Update (Summer 2004)

    DJ_AIO_06_F2400_SW_Min

    F2400

    Feedback Tool

    FixBee Disk Optimizer

    Garry's Mod

    GoGear VIBE Device Manager

    Google Chrome

    Google Toolbar for Internet Explorer

    Google Update Helper

    GPBaseService2

    Hardware Diagnostic Tools

    Hewlett-Packard ACLM.NET v1.2.1.1

    Homepage Protection

    HP Advisor

    HP Customer Experience Enhancements

    HP Customer Participation Program 13.0

    HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6

    HP Games

    HP Imaging Device Functions 13.0

    HP MediaSmart Demo

    HP MediaSmart DVD

    HP MediaSmart Movie Themes

    HP MediaSmart Music/Photo/Video

    HP MediaSmart SmartMenu

    HP Odometer

    HP Print Projects 1.0

    HP Remote Solution

    HP Setup

    HP Smart Web Printing 4.5

    HP Solution Center 13.0

    HP Support Assistant

    HP Support Information

    HP Update

    HPPhotoGadget

    hpPrintProjects

    HPProductAssistant

    hpWLPGInstaller

    Insaniquarium Deluxe 1.0

    Interlok driver setup x64

    Java Auto Updater

    Java™ 7 Update 5

    Java™ 7 Update 5 (64-bit)

    JavaFX 2.1.1

    Junk Mail filter update

    LabelPrint

    LightScribe System Software

    LSI PCI-SV92EX Soft Modem

    Malwarebytes Anti-Malware version 1.70.0.1100

    MarketResearch

    Media Converter for Philips

    Microsoft .NET Framework 4 Client Profile

    Microsoft .NET Framework 4 Extended

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Office File Validation Add-In

    Microsoft Office Live Add-in 1.5

    Microsoft Office PowerPoint Viewer 2007 (English)

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Sync Framework Runtime Native v1.0 (x86)

    Microsoft Sync Framework Services Native v1.0 (x86)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2005 Redistributable (x64)

    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Works

    MSVCRT

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MTRS 2.0 1.0

    MXDFP 1.0

    NVIDIA Control Panel 301.42

    NVIDIA Drivers

    NVIDIA Graphics Driver 301.42

    NVIDIA Install Application

    NVIDIA Update 1.8.15

    NVIDIA Update Components

    PDF Settings

    Power2Go

    PowerDirector

    PowerRecover

    RCA Detective™ 3.0.1.1

    RCA easyRip 2.5.2.0

    Realtek High Definition Audio Driver

    Scan

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

    SmartWebPrinting

    SolutionCenter

    Spiral Knights

    Spybot - Search & Destroy

    Status

    Steam

    Team Fortress 2

    The Rosetta Stone

    The Weather Channel App

    Toolbox

    TrayApp

    Trusted Software Assistant

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft .NET Framework 4 Extended (KB2468871)

    Update for Microsoft .NET Framework 4 Extended (KB2533523)

    Update for Microsoft .NET Framework 4 Extended (KB2600217)

    WavePad Sound Editor

    WebM Media Foundation Components

    WebReg

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Family Safety

    Windows Live Mail

    Windows Live Movie Maker

    Windows Live Photo Gallery

    Windows Live Sign-in Assistant

    Windows Live Sync

    Windows Live Upload Tool

    Windows Live Writer

    Wizard101

    .

    ==== Event Viewer Messages From Past Week ========

    .

    3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

    3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

    3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

    .

    ==== End Of File ===========================

    _____________________________

    *ATTACH*

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 12/25/2009 8:26:35 AM

    System Uptime: 3/2/2013 11:51:01 AM (1 hours ago)

    .

    Motherboard: PEGATRON CORPORATION | | NARRA5

    Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2100/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free.

    D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free.

    E: is CDROM ()

    F: is Removable

    G: is Removable

    H: is Removable

    I: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer

    RP478: 2/20/2013 9:47:45 PM - Installed DirectX

    RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer

    RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar.

    RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer

    RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point

    .

    ==== Installed Programs ======================

    .

    64 Bit HP CIO Components Installer

    AbiWord 2.8.6

    Acrobat.com

    Activation Assistant for the 2007 Microsoft Office suites

    Adobe AIR

    Adobe Anchor Service CS3

    Adobe Asset Services CS3

    Adobe Bridge CS3

    Adobe Bridge Start Meeting

    Adobe Camera Raw 4.0

    Adobe CMaps

    Adobe Color Common Settings

    Adobe Color EU Extra Settings

    Adobe Color JA Extra Settings

    Adobe Color NA Recommended Settings

    Adobe Device Central CS3

    Adobe Download Assistant

    Adobe ExtendScript Toolkit 2

    Adobe Flash CS3

    Adobe Flash CS3 Professional

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player Plugin

    Adobe Flash Video Encoder

    Adobe Help Viewer CS3

    Adobe Linguistics CS3

    Adobe PDF Library Files

    Adobe Reader 9.5.4

    Adobe Setup

    Adobe Type Support

    Adobe Update Manager CS3

    Adobe Version Cue CS3 Client

    Adobe WinSoft Linguistics Plugin

    Ask Toolbar

    avast! Free Antivirus

    Bing Rewards Client Installer

    Bookworm Deluxe 1.03

    BufferChm

    CCleaner

    Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC

    Compatibility Pack for the 2007 Office system

    Conduit Engine

    Copy

    CyberLink DVD Suite Deluxe

    Destinations

    DeviceDiscovery

    DirectX for Managed Code Update (Summer 2004)

    DJ_AIO_06_F2400_SW_Min

    F2400

    Feedback Tool

    FixBee Disk Optimizer

    Garry's Mod

    GoGear VIBE Device Manager

    Google Chrome

    Google Toolbar for Internet Explorer

    Google Update Helper

    GPBaseService2

    Hardware Diagnostic Tools

    Hewlett-Packard ACLM.NET v1.2.1.1

    Homepage Protection

    HP Advisor

    HP Customer Experience Enhancements

    HP Customer Participation Program 13.0

    HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6

    HP Games

    HP Imaging Device Functions 13.0

    HP MediaSmart Demo

    HP MediaSmart DVD

    HP MediaSmart Movie Themes

    HP MediaSmart Music/Photo/Video

    HP MediaSmart SmartMenu

    HP Odometer

    HP Print Projects 1.0

    HP Remote Solution

    HP Setup

    HP Smart Web Printing 4.5

    HP Solution Center 13.0

    HP Support Assistant

    HP Support Information

    HP Update

    HPPhotoGadget

    hpPrintProjects

    HPProductAssistant

    hpWLPGInstaller

    Insaniquarium Deluxe 1.0

    Interlok driver setup x64

    Java Auto Updater

    Java 7 Update 5

    Java 7 Update 5 (64-bit)

    JavaFX 2.1.1

    Junk Mail filter update

    LabelPrint

    LightScribe System Software

    LSI PCI-SV92EX Soft Modem

    Malwarebytes Anti-Malware version 1.70.0.1100

    MarketResearch

    Media Converter for Philips

    Microsoft .NET Framework 4 Client Profile

    Microsoft .NET Framework 4 Extended

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Office File Validation Add-In

    Microsoft Office Live Add-in 1.5

    Microsoft Office PowerPoint Viewer 2007 (English)

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Sync Framework Runtime Native v1.0 (x86)

    Microsoft Sync Framework Services Native v1.0 (x86)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2005 Redistributable (x64)

    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Works

    MSVCRT

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MTRS 2.0 1.0

    MXDFP 1.0

    NVIDIA Control Panel 301.42

    NVIDIA Drivers

    NVIDIA Graphics Driver 301.42

    NVIDIA Install Application

    NVIDIA Update 1.8.15

    NVIDIA Update Components

    PDF Settings

    Power2Go

    PowerDirector

    PowerRecover

    RCA Detective™ 3.0.1.1

    RCA easyRip 2.5.2.0

    Realtek High Definition Audio Driver

    Scan

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

    SmartWebPrinting

    SolutionCenter

    Spiral Knights

    Spybot - Search & Destroy

    Status

    Steam

    Team Fortress 2

    The Rosetta Stone

    The Weather Channel App

    Toolbox

    TrayApp

    Trusted Software Assistant

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft .NET Framework 4 Extended (KB2468871)

    Update for Microsoft .NET Framework 4 Extended (KB2533523)

    Update for Microsoft .NET Framework 4 Extended (KB2600217)

    WavePad Sound Editor

    WebM Media Foundation Components

    WebReg

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Family Safety

    Windows Live Mail

    Windows Live Movie Maker

    Windows Live Photo Gallery

    Windows Live Sign-in Assistant

    Windows Live Sync

    Windows Live Upload Tool

    Windows Live Writer

    Wizard101

    .

    ==== Event Viewer Messages From Past Week ========

    .

    3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

    3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

    3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

    .

    ==== End Of File ===========================

  9. Oh and here is the Attach information.

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 12/25/2009 8:26:35 AM

    System Uptime: 3/2/2013 11:51:01 AM (1 hours ago)

    .

    Motherboard: PEGATRON CORPORATION | | NARRA5

    Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2100/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free.

    D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free.

    E: is CDROM ()

    F: is Removable

    G: is Removable

    H: is Removable

    I: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer

    RP478: 2/20/2013 9:47:45 PM - Installed DirectX

    RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer

    RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar.

    RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer

    RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point

    .

    ==== Installed Programs ======================

    .

    64 Bit HP CIO Components Installer

    AbiWord 2.8.6

    Acrobat.com

    Activation Assistant for the 2007 Microsoft Office suites

    Adobe AIR

    Adobe Anchor Service CS3

    Adobe Asset Services CS3

    Adobe Bridge CS3

    Adobe Bridge Start Meeting

    Adobe Camera Raw 4.0

    Adobe CMaps

    Adobe Color Common Settings

    Adobe Color EU Extra Settings

    Adobe Color JA Extra Settings

    Adobe Color NA Recommended Settings

    Adobe Device Central CS3

    Adobe Download Assistant

    Adobe ExtendScript Toolkit 2

    Adobe Flash CS3

    Adobe Flash CS3 Professional

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player Plugin

    Adobe Flash Video Encoder

    Adobe Help Viewer CS3

    Adobe Linguistics CS3

    Adobe PDF Library Files

    Adobe Reader 9.5.4

    Adobe Setup

    Adobe Type Support

    Adobe Update Manager CS3

    Adobe Version Cue CS3 Client

    Adobe WinSoft Linguistics Plugin

    Ask Toolbar

    avast! Free Antivirus

    Bing Rewards Client Installer

    Bookworm Deluxe 1.03

    BufferChm

    CCleaner

    Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC

    Compatibility Pack for the 2007 Office system

    Conduit Engine

    Copy

    CyberLink DVD Suite Deluxe

    Destinations

    DeviceDiscovery

    DirectX for Managed Code Update (Summer 2004)

    DJ_AIO_06_F2400_SW_Min

    F2400

    Feedback Tool

    FixBee Disk Optimizer

    Garry's Mod

    GoGear VIBE Device Manager

    Google Chrome

    Google Toolbar for Internet Explorer

    Google Update Helper

    GPBaseService2

    Hardware Diagnostic Tools

    Hewlett-Packard ACLM.NET v1.2.1.1

    Homepage Protection

    HP Advisor

    HP Customer Experience Enhancements

    HP Customer Participation Program 13.0

    HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6

    HP Games

    HP Imaging Device Functions 13.0

    HP MediaSmart Demo

    HP MediaSmart DVD

    HP MediaSmart Movie Themes

    HP MediaSmart Music/Photo/Video

    HP MediaSmart SmartMenu

    HP Odometer

    HP Print Projects 1.0

    HP Remote Solution

    HP Setup

    HP Smart Web Printing 4.5

    HP Solution Center 13.0

    HP Support Assistant

    HP Support Information

    HP Update

    HPPhotoGadget

    hpPrintProjects

    HPProductAssistant

    hpWLPGInstaller

    Insaniquarium Deluxe 1.0

    Interlok driver setup x64

    Java Auto Updater

    Java 7 Update 5

    Java 7 Update 5 (64-bit)

    JavaFX 2.1.1

    Junk Mail filter update

    LabelPrint

    LightScribe System Software

    LSI PCI-SV92EX Soft Modem

    Malwarebytes Anti-Malware version 1.70.0.1100

    MarketResearch

    Media Converter for Philips

    Microsoft .NET Framework 4 Client Profile

    Microsoft .NET Framework 4 Extended

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Office File Validation Add-In

    Microsoft Office Live Add-in 1.5

    Microsoft Office PowerPoint Viewer 2007 (English)

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Sync Framework Runtime Native v1.0 (x86)

    Microsoft Sync Framework Services Native v1.0 (x86)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2005 Redistributable (x64)

    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Works

    MSVCRT

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MTRS 2.0 1.0

    MXDFP 1.0

    NVIDIA Control Panel 301.42

    NVIDIA Drivers

    NVIDIA Graphics Driver 301.42

    NVIDIA Install Application

    NVIDIA Update 1.8.15

    NVIDIA Update Components

    PDF Settings

    Power2Go

    PowerDirector

    PowerRecover

    RCA Detective™ 3.0.1.1

    RCA easyRip 2.5.2.0

    Realtek High Definition Audio Driver

    Scan

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

    SmartWebPrinting

    SolutionCenter

    Spiral Knights

    Spybot - Search & Destroy

    Status

    Steam

    Team Fortress 2

    The Rosetta Stone

    The Weather Channel App

    Toolbox

    TrayApp

    Trusted Software Assistant

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft .NET Framework 4 Extended (KB2468871)

    Update for Microsoft .NET Framework 4 Extended (KB2533523)

    Update for Microsoft .NET Framework 4 Extended (KB2600217)

    WavePad Sound Editor

    WebM Media Foundation Components

    WebReg

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Family Safety

    Windows Live Mail

    Windows Live Movie Maker

    Windows Live Photo Gallery

    Windows Live Sign-in Assistant

    Windows Live Sync

    Windows Live Upload Tool

    Windows Live Writer

    Wizard101

    .

    ==== Event Viewer Messages From Past Week ========

    .

    3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

    3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

    3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

    .

    ==== End Of File ===========================

  10. .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 12/25/2009 8:26:35 AM

    System Uptime: 3/2/2013 11:51:01 AM (1 hours ago)

    .

    Motherboard: PEGATRON CORPORATION | | NARRA5

    Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2100/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free.

    D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free.

    E: is CDROM ()

    F: is Removable

    G: is Removable

    H: is Removable

    I: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer

    RP478: 2/20/2013 9:47:45 PM - Installed DirectX

    RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer

    RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar.

    RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer

    RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point

    .

    ==== Installed Programs ======================

    .

    64 Bit HP CIO Components Installer

    AbiWord 2.8.6

    Acrobat.com

    Activation Assistant for the 2007 Microsoft Office suites

    Adobe AIR

    Adobe Anchor Service CS3

    Adobe Asset Services CS3

    Adobe Bridge CS3

    Adobe Bridge Start Meeting

    Adobe Camera Raw 4.0

    Adobe CMaps

    Adobe Color Common Settings

    Adobe Color EU Extra Settings

    Adobe Color JA Extra Settings

    Adobe Color NA Recommended Settings

    Adobe Device Central CS3

    Adobe Download Assistant

    Adobe ExtendScript Toolkit 2

    Adobe Flash CS3

    Adobe Flash CS3 Professional

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player Plugin

    Adobe Flash Video Encoder

    Adobe Help Viewer CS3

    Adobe Linguistics CS3

    Adobe PDF Library Files

    Adobe Reader 9.5.4

    Adobe Setup

    Adobe Type Support

    Adobe Update Manager CS3

    Adobe Version Cue CS3 Client

    Adobe WinSoft Linguistics Plugin

    Ask Toolbar

    avast! Free Antivirus

    Bing Rewards Client Installer

    Bookworm Deluxe 1.03

    BufferChm

    CCleaner

    Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC

    Compatibility Pack for the 2007 Office system

    Conduit Engine

    Copy

    CyberLink DVD Suite Deluxe

    Destinations

    DeviceDiscovery

    DirectX for Managed Code Update (Summer 2004)

    DJ_AIO_06_F2400_SW_Min

    F2400

    Feedback Tool

    FixBee Disk Optimizer

    Garry's Mod

    GoGear VIBE Device Manager

    Google Chrome

    Google Toolbar for Internet Explorer

    Google Update Helper

    GPBaseService2

    Hardware Diagnostic Tools

    Hewlett-Packard ACLM.NET v1.2.1.1

    Homepage Protection

    HP Advisor

    HP Customer Experience Enhancements

    HP Customer Participation Program 13.0

    HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6

    HP Games

    HP Imaging Device Functions 13.0

    HP MediaSmart Demo

    HP MediaSmart DVD

    HP MediaSmart Movie Themes

    HP MediaSmart Music/Photo/Video

    HP MediaSmart SmartMenu

    HP Odometer

    HP Print Projects 1.0

    HP Remote Solution

    HP Setup

    HP Smart Web Printing 4.5

    HP Solution Center 13.0

    HP Support Assistant

    HP Support Information

    HP Update

    HPPhotoGadget

    hpPrintProjects

    HPProductAssistant

    hpWLPGInstaller

    Insaniquarium Deluxe 1.0

    Interlok driver setup x64

    Java Auto Updater

    Java 7 Update 5

    Java 7 Update 5 (64-bit)

    JavaFX 2.1.1

    Junk Mail filter update

    LabelPrint

    LightScribe System Software

    LSI PCI-SV92EX Soft Modem

    Malwarebytes Anti-Malware version 1.70.0.1100

    MarketResearch

    Media Converter for Philips

    Microsoft .NET Framework 4 Client Profile

    Microsoft .NET Framework 4 Extended

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Office File Validation Add-In

    Microsoft Office Live Add-in 1.5

    Microsoft Office PowerPoint Viewer 2007 (English)

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Sync Framework Runtime Native v1.0 (x86)

    Microsoft Sync Framework Services Native v1.0 (x86)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2005 Redistributable (x64)

    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Works

    MSVCRT

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MTRS 2.0 1.0

    MXDFP 1.0

    NVIDIA Control Panel 301.42

    NVIDIA Drivers

    NVIDIA Graphics Driver 301.42

    NVIDIA Install Application

    NVIDIA Update 1.8.15

    NVIDIA Update Components

    PDF Settings

    Power2Go

    PowerDirector

    PowerRecover

    RCA Detective™ 3.0.1.1

    RCA easyRip 2.5.2.0

    Realtek High Definition Audio Driver

    Scan

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

    SmartWebPrinting

    SolutionCenter

    Spiral Knights

    Spybot - Search & Destroy

    Status

    Steam

    Team Fortress 2

    The Rosetta Stone

    The Weather Channel App

    Toolbox

    TrayApp

    Trusted Software Assistant

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft .NET Framework 4 Extended (KB2468871)

    Update for Microsoft .NET Framework 4 Extended (KB2533523)

    Update for Microsoft .NET Framework 4 Extended (KB2600217)

    WavePad Sound Editor

    WebM Media Foundation Components

    WebReg

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Family Safety

    Windows Live Mail

    Windows Live Movie Maker

    Windows Live Photo Gallery

    Windows Live Sign-in Assistant

    Windows Live Sync

    Windows Live Upload Tool

    Windows Live Writer

    Wizard101

    .

    ==== Event Viewer Messages From Past Week ========

    .

    3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

    3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

    3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

    3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

    .

    ==== End Of File ===========================

    Here are the DDS logs in case you wanted to see them here as well. I thank you so much for your time, Mr. Naggar, hopefully I can eliminate this pesky issue soon.

  11. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 4.6.6 (02.27.2013:1)

    OS: Windows 7 Home Premium x64

    Ran by Joseph on Sat 03/02/2013 at 11:01:41.47

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services

    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d}

    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{9d425283-d487-4337-bab6-ab8354a81457}

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{9d425283-d487-4337-bab6-ab8354a81457}

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page

    Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Val Name Type Value Data

    ======== ==== ==========

    msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add

    pocpr REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults

    msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented

    Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Val Name Type Value Data

    ======== ==== ==========

    msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add

    msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented

    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe

    Successfully deleted: [Registry Key] hkey_current_user\software\conduit

    Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

    Successfully deleted: [Registry Key] hkey_local_machine\software\conduitengine

    Successfully deleted: [Registry Key] hkey_current_user\software\softonic

    Successfully deleted: [Registry Key] hkey_current_user\software\sparktrust

    Successfully deleted: [Registry Key] hkey_local_machine\software\sparktrust

    Successfully deleted: [Registry Key] hkey_current_user\software\zugo

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\fun web products

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\&search

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.bho

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.downloadphoto

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs

    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32

    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs

    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1460988

    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2418376

    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2903601

    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2956065

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9d425283-d487-4337-bab6-ab8354a81457}

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{abd3b5e1-b268-407b-a150-2641dab8d898}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{abd3b5e1-b268-407b-a150-2641dab8d898}

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324}

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}

    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}

    Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"

    Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"

    Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"

    Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

    Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

    Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"

    ~~~ Files

    Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

    Successfully deleted: [File] C:\eula.1028.txt

    Successfully deleted: [File] C:\eula.1031.txt

    Successfully deleted: [File] C:\eula.1033.txt

    Successfully deleted: [File] C:\eula.1036.txt

    Successfully deleted: [File] C:\eula.1040.txt

    Successfully deleted: [File] C:\eula.1041.txt

    Successfully deleted: [File] C:\eula.1042.txt

    Successfully deleted: [File] C:\eula.2052.txt

    Successfully deleted: [File] C:\install.res.1028.dll

    Successfully deleted: [File] C:\install.res.1031.dll

    Successfully deleted: [File] C:\install.res.1033.dll

    Successfully deleted: [File] C:\install.res.1036.dll

    Successfully deleted: [File] C:\install.res.1040.dll

    Successfully deleted: [File] C:\install.res.1041.dll

    Successfully deleted: [File] C:\install.res.1042.dll

    Successfully deleted: [File] C:\install.res.2052.dll

    Successfully deleted: [File] C:\install.res.3082.dll

    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\sparktrust"

    Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

    Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\drivercure"

    Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\sparktrust"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\local\conduit"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\babylontoolbar"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduit"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduitengine"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\facemoods.com"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\funwebproducts"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\pricegong"

    Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\toolbar4"

    Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"

    Successfully deleted: [Folder] "C:\Program Files (x86)\fbdownloader"

    Successfully deleted: [Folder] "C:\Program Files (x86)\sdiv 2.0"

    Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"

    Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"

    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

    Failed to delete: [Folder] "C:\Users\Joseph\appdata\locallow\asktoolbar"

    Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"

    Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on Sat 03/02/2013 at 11:16:00.56

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Will tell how my computer is running soon.

  12. First, I would like to thank you for your help.

    And now for the results:

    Malwarebytes Anti-Malware 1.70.0.1100

    www.malwarebytes.org

    Database version: v2013.03.01.09

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 8.0.7601.17514

    Joseph :: JOSEPH-PC [administrator]

    3/1/2013 3:30:09 PM

    mbam-log-2013-03-01 (15-30-09).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 559796

    Time elapsed: 1 hour(s), 36 minute(s), 24 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    ________________________________

    As you can see, there were no malicious items detected, but the problem is still present.

  13. Hello, I have an annoying issue, I recently got rid of an annoying re-direct virus around 1-2 weeks ago. A day or two later I started noticing Internet Explorer (IE) as an active process in Task Manager, even though I did not have it actively pulled up. The name of the website also changed, and sometimes there were 3 or 4 different IE processes pulled up. Occasionally I would encounter audio ads. I was unable to try and end the process like you would normally end any program that was not responding or was slow to exit normally. I had to go to processes in order to exit the ads out, however within only a few minutes the random IE programs were running in the background again. I scanned my computer with Malwarebytes, Avast, and Spybot Search and Destroy. Malwarebytes had previously destroyed the re-direct virus, but found nothing when I tried to remove these audio ads. Avast! also found nothing, so I downloaded Spybot Search and Destroy, and it came up with around 84 problems, and I had them fixed, however this still did not remove the problem. Any further help would be greatly appreciated as soon as possible!

    Thank you for your time.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.