Needhelpplease1
-
Posts
17 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Needhelpplease1
-
-
Alright, scans are all complete. The only problem I encountered was the TDSSkiller, which worked properly, and found 0 infections, but when I clicked report, I was unable to copy the information, and was unable to find any possible file it could have made, I can say for certain it found 0 threats.
aswMBR (No, FIX button did not become enabled):
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-04 15:24:53
-----------------------------
15:24:53.110 OS Version: Windows x64 6.1.7601 Service Pack 1
15:24:53.111 Number of processors: 1 586 0x7F02
15:24:53.112 ComputerName: JOSEPH-PC UserName: Joseph
15:24:53.781 Initialize success
15:24:53.911 AVAST engine defs: 10092001
15:25:34.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
15:25:34.021 Disk 0 Vendor: Hitachi_ ST2O Size: 305245MB BusType: 3
15:25:34.038 Disk 0 MBR read successfully
15:25:34.041 Disk 0 MBR scan
15:25:34.047 Disk 0 unknown MBR code
15:25:34.053 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:25:34.070 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292917 MB offset 206848
15:25:34.105 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12226 MB offset 600100864
15:25:34.148 Disk 0 scanning C:\Windows\system32\drivers
15:25:42.966 Service scanning
15:26:07.981 Modules scanning
15:26:08.403 AVAST engine scan C:\Windows
15:26:10.002 AVAST engine scan C:\Windows\system32
15:28:36.598 AVAST engine scan C:\Windows\system32\drivers
15:28:47.630 AVAST engine scan C:\Users\Joseph
15:31:57.078 Disk 0 MBR has been saved successfully to "C:\Users\Joseph\Documents\MBR.dat"
15:31:57.093 The log file has been saved successfully to "C:\Users\Joseph\Documents\aswMBR info.txt"
Listparts:
ListParts by Farbar Version: 04-03-2013
Ran by Joseph (administrator) on 04-03-2013 at 15:41:32
Windows 7 (X64)
Running From: C:\Users\Joseph\Downloads
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 43%
Total physical RAM: 2942.49 MB
Available physical RAM: 1648.25 MB
Total Pagefile: 5883.18 MB
Available Pagefile: 4147.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3991.99 MB
======================= Partitions =========================
1 Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:207.09 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Partitions of Disk 0:
===============
Disk ID: 1549F232
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 286 GB 101 MB
Partition 3 Primary 11 GB 286 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C HP NTFS Partition 286 GB Healthy Boot
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D FACTORY_IMA NTFS Partition 11 GB Healthy
======================================================================================================
****** End Of Log ******
-
Okay Mr. Naggar, here are the results:
Rkill:
Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 03/03/2013 05:56:53 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\Joseph\Desktop\rkill\rkill-03-03-2013-05-56-58.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* ALERT: ZEROACCESS rootkit symptoms found!
* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\00000004.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\201d3dde [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U\ [ZA Dir]
* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]
Checking Windows Service Integrity:
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 03/03/2013 05:57:15 PM
Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)
Roguekiller:
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joseph [Admin rights]
Mode : Scan -- Date : 03/03/2013 18:07:46
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]
¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4798 : wscript.exe C:\Users\Joseph\AppData\Local\Temp\launchie.vbs //B -> FOUND
[TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Joseph\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe" [x] -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++
--- User ---
[MBR] e53d06fa40611a278ba0d6c3eb674f5e
[bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_S_03032013_02d1807.txt >>
RKreport[1]_S_03022013_02d1333.txt ; RKreport[2]_S_03032013_02d1807.txt
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joseph [Admin rights]
Mode : Remove -- Date : 03/03/2013 18:10:36
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> DELETED
[RUN][sUSP PATH] HKCU\[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> DELETED
[RUN][sUSP PATH] HKCU\[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> DELETED
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4798 : wscript.exe C:\Users\Joseph\AppData\Local\Temp\launchie.vbs //B -> DELETED
[TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Joseph\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe" [x] -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L\201d3dde [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> REMOVED
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++
--- User ---
[MBR] e53d06fa40611a278ba0d6c3eb674f5e
[bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[3]_D_03032013_02d1810.txt >>
RKreport[1]_S_03022013_02d1333.txt ; RKreport[2]_S_03032013_02d1807.txt ; RKreport[3]_D_03032013_02d1810.txt
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joseph [Admin rights]
Mode : Remove -- Date : 03/03/2013 18:12:33
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msmges.dll [x] -> KILLED [TermProc]
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++
--- User ---
[MBR] e53d06fa40611a278ba0d6c3eb674f5e
[bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[4]_D_03032013_02d1812.txt >>
RKreport[1]_S_03022013_02d1333.txt ; RKreport[2]_S_03032013_02d1807.txt ; RKreport[3]_D_03032013_02d1810.txt ; RKreport[4]_D_03032013_02d1812.txt
-
Alright, before I begin I have one question: Do I need to download all these then exit out of my internet browser, or can I download them, exit out of the browser, run the scan, once scan is complete begin next scan. If you understand what I mean?
-
Okay, so I will begin this tomorrow, as it is late.
One question I have is do I restore to factory settings before or after we do the scans for the infections. I would assume that would be done after, but I would rather see what you say first.
And as for the personal files I don't really keep things on my personal computer, which yes is a HP. I prefer to keep what few files I actually do keep on a flash drive.
Hopefully we'll be able to eliminate these viruses by tomorrow, get my computer reverted to it's original, unchanged self. From the clean computer it will be much easier to make a stronger defense, I also plan on swapping out my default browser to a more secure one, and will be certain to update my defense system more frequently. I never want to go through this stressful process again. This whole issue is scary, and I'll be glad when it is over. I know I've said this several times, but I can't thank you enough for your help.
-
I have a few more questions, before I make the decision to go through with this process, I'm sure you understand, as I am quite nervous.
1. The first step I am uncertain of what to do, I am perfectly fine with having to start over with factory settings, such as re-downloading all the current programs I own, anti-viruses, etc. I do not have any personal items saved to this computer other than games that I can simply re-download as I have already purchased them. I have the feeling that after we remove the Trojans, restoring the computer to factory settings and wiping the hard drive, is the safest method. If you know what I mean, I guess my point is that after we've cleaned the PC I'd like to reset it to factory settings and then just re-download the things I need, which would be advantageous as it would ensure any junk I previously had on my PC would be gone.
2. I am not sure if I have the Windows 7 DVD or not, I will make sure to search, my question is will it or saving data to a flash drive or other DVD be necessary, or will I be able to skip this process and after the virus removal start the computer almost as though it is new.
3. Can you give me a brief summary of what this process is going to do once we complete it?
I truly am not trying to be a burden by asking you so many questions, I really appreciate all the help you have given me.
-
I am unsure what to do from here, I have ensured I logged out of everything, and am changing passwords from a safe place as we speak and will not re-log on to them on this computer.
I have several questions:
1. Does this mean I will never be able to use this computer again?
2. Is there no way to completely wipe the computer of everything and start from square one?
3. Will I have no other choice but to purchase a new computer?
-
I ran the Malwarebytes Anti-Rootkit without truly thinking about how it could mess with data, however, I did cancel the scan, I don't recall getting a log from it, however. My apologies for any inconvenience, I will not scan anything without suggestion again, it slipped my mind really.
Tigzy's Roguekiller Log:
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joseph [Admin rights]
Mode : Scan -- Date : 03/02/2013 13:33:44
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msplex.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Joseph\AppData\Roaming\msplex.dll [x] -> KILLED [TermProc]
¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msplex ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add) [7] -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : pocpr ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults) [7] -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1448738616-3995532035-3103400055-1000[...]\Run : msmges ("C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented) [7] -> FOUND
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4798 : wscript.exe C:\Users\Joseph\AppData\Local\Temp\launchie.vbs //B -> FOUND
[TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Joseph\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe" [x] -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\n.) [x] -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1448738616-3995532035-3103400055-1000\$71de843f4d9287427dc724a0dcbf5263\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++
--- User ---
[MBR] e53d06fa40611a278ba0d6c3eb674f5e
[bSP] eb02a6d20cebb6df951712f0583d56b0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 292917 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600100864 | Size: 12226 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_03022013_02d1333.txt >>
RKreport[1]_S_03022013_02d1333.txt
-
Okay, thank you again.
-
Hello, I was told by a moderator to follow a pinned thread, which instructed me to post this information here. First, I will give a brief explanation of my problem. Around 1-2 weeks ago my computer contracted a re-direct virus, in which Malwarebytes found 8 malicious items, and Malwarebytes removed them. However, this did not fix the problem, a few days later I noticed Internet Explorer running in the background, but was only visible through task manager, I could not end the process directly, unless I went to the processes tab, after which the Internet Explorer would come back again. I ran an Avast! full scan, as well as another Malwarebytes full scan, but neither came up with anything. I then decided to download Spybot Search & Destroy, which found around 84 malicious items, and it destroyed those. However the problem still did not fix. I finally ended up here, with no other option because I had no idea what else to do but to ask experts. The Internet Explorer (IE) websites that were "running" were websites I had never seen before. The names I have noticed most common were named: www.listonlist.com, Crash Recovery, Blank Page, and Navigation Cancelled. Several other websites would play occasionally that would have ads playing, with various names that I do not remember. I believe I have a rootkit, which I fear is going to take my private information, I have changed my passwords several times to help eliminate the problem, and have not been told by any friends or family on my email that they recieved strange messages or spam from me. I understand this is long, and perhaps some of this information is irrelevant, but I assumed it would be best to provide as much information as possible. Thank you so very much for your time.
When I posted here I was assisted by a Mr. Maurice Naggar, who kindly helped me, I ran several scans, before he directed me to go to a thread and follow the instructions given there. I will now provide the scans, and their information:
*MALWAREBYTES FULL SCAN INFORMATION*
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.01.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Joseph :: JOSEPH-PC [administrator]
3/1/2013 3:30:09 PM
mbam-log-2013-03-01 (15-30-09).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 559796
Time elapsed: 1 hour(s), 36 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
_________________________
*JUNKWARE REMOVAL TOOL*
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Joseph on Sat 03/02/2013 at 11:01:41.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{9d425283-d487-4337-bab6-ab8354a81457}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{9d425283-d487-4337-bab6-ab8354a81457}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Val Name Type Value Data
======== ==== ==========
msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add
pocpr REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults
msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Val Name Type Value Data
======== ==== ==========
msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add
msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sparktrust
Successfully deleted: [Registry Key] hkey_local_machine\software\sparktrust
Successfully deleted: [Registry Key] hkey_current_user\software\zugo
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\fun web products
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\&search
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.bho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.downloadphoto
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1460988
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2418376
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2903601
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2956065
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9d425283-d487-4337-bab6-ab8354a81457}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{abd3b5e1-b268-407b-a150-2641dab8d898}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{abd3b5e1-b268-407b-a150-2641dab8d898}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
~~~ Files
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\facemoods.com"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\fbdownloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\sdiv 2.0"
Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Failed to delete: [Folder] "C:\Users\Joseph\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/02/2013 at 11:16:00.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________
*DDS*
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2009 8:26:35 AM
System Uptime: 3/2/2013 11:51:01 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Sempron™ Processor LE-1200 | Socket AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer
RP478: 2/20/2013 9:47:45 PM - Installed DirectX
RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer
RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar.
RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer
RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
AbiWord 2.8.6
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Device Central CS3
Adobe Download Assistant
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 9.5.4
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Ask Toolbar
avast! Free Antivirus
Bing Rewards Client Installer
Bookworm Deluxe 1.03
BufferChm
CCleaner
Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC
Compatibility Pack for the 2007 Office system
Conduit Engine
Copy
CyberLink DVD Suite Deluxe
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DJ_AIO_06_F2400_SW_Min
F2400
Feedback Tool
FixBee Disk Optimizer
Garry's Mod
GoGear VIBE Device Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Games
HP Imaging Device Functions 13.0
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Print Projects 1.0
HP Remote Solution
HP Setup
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Support Assistant
HP Support Information
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
Insaniquarium Deluxe 1.0
Interlok driver setup x64
Java Auto Updater
Java™ 7 Update 5
Java™ 7 Update 5 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
LabelPrint
LightScribe System Software
LSI PCI-SV92EX Soft Modem
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Media Converter for Philips
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTRS 2.0 1.0
MXDFP 1.0
NVIDIA Control Panel 301.42
NVIDIA Drivers
NVIDIA Graphics Driver 301.42
NVIDIA Install Application
NVIDIA Update 1.8.15
NVIDIA Update Components
PDF Settings
Power2Go
PowerDirector
PowerRecover
RCA Detective™ 3.0.1.1
RCA easyRip 2.5.2.0
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SmartWebPrinting
SolutionCenter
Spiral Knights
Spybot - Search & Destroy
Status
Steam
Team Fortress 2
The Rosetta Stone
The Weather Channel App
Toolbox
TrayApp
Trusted Software Assistant
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WavePad Sound Editor
WebM Media Foundation Components
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================
_____________________________
*ATTACH*
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2009 8:26:35 AM
System Uptime: 3/2/2013 11:51:01 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer
RP478: 2/20/2013 9:47:45 PM - Installed DirectX
RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer
RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar.
RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer
RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
AbiWord 2.8.6
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Device Central CS3
Adobe Download Assistant
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 9.5.4
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Ask Toolbar
avast! Free Antivirus
Bing Rewards Client Installer
Bookworm Deluxe 1.03
BufferChm
CCleaner
Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC
Compatibility Pack for the 2007 Office system
Conduit Engine
Copy
CyberLink DVD Suite Deluxe
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DJ_AIO_06_F2400_SW_Min
F2400
Feedback Tool
FixBee Disk Optimizer
Garry's Mod
GoGear VIBE Device Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Games
HP Imaging Device Functions 13.0
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Print Projects 1.0
HP Remote Solution
HP Setup
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Support Assistant
HP Support Information
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
Insaniquarium Deluxe 1.0
Interlok driver setup x64
Java Auto Updater
Java 7 Update 5
Java 7 Update 5 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
LabelPrint
LightScribe System Software
LSI PCI-SV92EX Soft Modem
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Media Converter for Philips
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTRS 2.0 1.0
MXDFP 1.0
NVIDIA Control Panel 301.42
NVIDIA Drivers
NVIDIA Graphics Driver 301.42
NVIDIA Install Application
NVIDIA Update 1.8.15
NVIDIA Update Components
PDF Settings
Power2Go
PowerDirector
PowerRecover
RCA Detective™ 3.0.1.1
RCA easyRip 2.5.2.0
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SmartWebPrinting
SolutionCenter
Spiral Knights
Spybot - Search & Destroy
Status
Steam
Team Fortress 2
The Rosetta Stone
The Weather Channel App
Toolbox
TrayApp
Trusted Software Assistant
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WavePad Sound Editor
WebM Media Foundation Components
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================
-
Oh and here is the Attach information.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2009 8:26:35 AM
System Uptime: 3/2/2013 11:51:01 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer
RP478: 2/20/2013 9:47:45 PM - Installed DirectX
RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer
RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar.
RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer
RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
AbiWord 2.8.6
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Device Central CS3
Adobe Download Assistant
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 9.5.4
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Ask Toolbar
avast! Free Antivirus
Bing Rewards Client Installer
Bookworm Deluxe 1.03
BufferChm
CCleaner
Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC
Compatibility Pack for the 2007 Office system
Conduit Engine
Copy
CyberLink DVD Suite Deluxe
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DJ_AIO_06_F2400_SW_Min
F2400
Feedback Tool
FixBee Disk Optimizer
Garry's Mod
GoGear VIBE Device Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Games
HP Imaging Device Functions 13.0
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Print Projects 1.0
HP Remote Solution
HP Setup
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Support Assistant
HP Support Information
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
Insaniquarium Deluxe 1.0
Interlok driver setup x64
Java Auto Updater
Java 7 Update 5
Java 7 Update 5 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
LabelPrint
LightScribe System Software
LSI PCI-SV92EX Soft Modem
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Media Converter for Philips
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTRS 2.0 1.0
MXDFP 1.0
NVIDIA Control Panel 301.42
NVIDIA Drivers
NVIDIA Graphics Driver 301.42
NVIDIA Install Application
NVIDIA Update 1.8.15
NVIDIA Update Components
PDF Settings
Power2Go
PowerDirector
PowerRecover
RCA Detective™ 3.0.1.1
RCA easyRip 2.5.2.0
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SmartWebPrinting
SolutionCenter
Spiral Knights
Spybot - Search & Destroy
Status
Steam
Team Fortress 2
The Rosetta Stone
The Weather Channel App
Toolbox
TrayApp
Trusted Software Assistant
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WavePad Sound Editor
WebM Media Foundation Components
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================
-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2009 8:26:35 AM
System Uptime: 3/2/2013 11:51:01 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 208.526 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.173 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP477: 2/16/2013 9:20:35 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer
RP478: 2/20/2013 9:47:45 PM - Installed DirectX
RP479: 2/22/2013 3:46:48 PM - FBDO : Disk Optimizer - FixBee Disk Optimizer
RP480: 2/28/2013 8:54:38 PM - Removed Ask Toolbar.
RP481: 2/28/2013 9:01:37 PM - Windows Modules Installer
RP482: 3/2/2013 12:31:30 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
AbiWord 2.8.6
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Device Central CS3
Adobe Download Assistant
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 9.5.4
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Ask Toolbar
avast! Free Antivirus
Bing Rewards Client Installer
Bookworm Deluxe 1.03
BufferChm
CCleaner
Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC
Compatibility Pack for the 2007 Office system
Conduit Engine
Copy
CyberLink DVD Suite Deluxe
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DJ_AIO_06_F2400_SW_Min
F2400
Feedback Tool
FixBee Disk Optimizer
Garry's Mod
GoGear VIBE Device Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Games
HP Imaging Device Functions 13.0
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Print Projects 1.0
HP Remote Solution
HP Setup
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Support Assistant
HP Support Information
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
Insaniquarium Deluxe 1.0
Interlok driver setup x64
Java Auto Updater
Java 7 Update 5
Java 7 Update 5 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
LabelPrint
LightScribe System Software
LSI PCI-SV92EX Soft Modem
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Media Converter for Philips
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTRS 2.0 1.0
MXDFP 1.0
NVIDIA Control Panel 301.42
NVIDIA Drivers
NVIDIA Graphics Driver 301.42
NVIDIA Install Application
NVIDIA Update 1.8.15
NVIDIA Update Components
PDF Settings
Power2Go
PowerDirector
PowerRecover
RCA Detective™ 3.0.1.1
RCA easyRip 2.5.2.0
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SmartWebPrinting
SolutionCenter
Spiral Knights
Spybot - Search & Destroy
Status
Steam
Team Fortress 2
The Rosetta Stone
The Weather Channel App
Toolbox
TrayApp
Trusted Software Assistant
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WavePad Sound Editor
WebM Media Foundation Components
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
3/2/2013 11:53:57 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/2/2013 11:53:57 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
3/2/2013 11:52:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
3/2/2013 11:52:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
3/2/2013 11:51:28 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/2/2013 11:51:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================
Here are the DDS logs in case you wanted to see them here as well. I thank you so much for your time, Mr. Naggar, hopefully I can eliminate this pesky issue soon.
-
Unfortunately even after that scan, it is still present.
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Joseph on Sat 03/02/2013 at 11:01:41.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{9d425283-d487-4337-bab6-ab8354a81457}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{9d425283-d487-4337-bab6-ab8354a81457}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Val Name Type Value Data
======== ==== ==========
msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add
pocpr REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\pocpr.dll",SetDefaults
msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Val Name Type Value Data
======== ==== ==========
msplex REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msplex.dll",_Add
msmges REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Joseph\AppData\Roaming\msmges.dll",HashNotImplemented
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sparktrust
Successfully deleted: [Registry Key] hkey_local_machine\software\sparktrust
Successfully deleted: [Registry Key] hkey_current_user\software\zugo
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\fun web products
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\&search
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.bho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\fbdownloader.downloadphoto
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1460988
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2418376
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2903601
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2956065
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9d425283-d487-4337-bab6-ab8354a81457}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{abd3b5e1-b268-407b-a150-2641dab8d898}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{abd3b5e1-b268-407b-a150-2641dab8d898}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{a18dc704-6bad-4a58-8e45-842a87cb5324}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
~~~ Files
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Joseph\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\facemoods.com"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\fbdownloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\sdiv 2.0"
Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Failed to delete: [Folder] "C:\Users\Joseph\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/02/2013 at 11:16:00.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Will tell how my computer is running soon.
-
Sorry I forgot to post this earlier, but I did not receive any help prior to my posts on this forum. I am normally capable of getting rid of viruses, malware, etc. but this one I have never experienced. I truly appreciate your help, however.
-
First, I would like to thank you for your help.
And now for the results:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.01.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Joseph :: JOSEPH-PC [administrator]
3/1/2013 3:30:09 PM
mbam-log-2013-03-01 (15-30-09).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 559796
Time elapsed: 1 hour(s), 36 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
________________________________
As you can see, there were no malicious items detected, but the problem is still present.
-
Hello, I have an annoying issue, I recently got rid of an annoying re-direct virus around 1-2 weeks ago. A day or two later I started noticing Internet Explorer (IE) as an active process in Task Manager, even though I did not have it actively pulled up. The name of the website also changed, and sometimes there were 3 or 4 different IE processes pulled up. Occasionally I would encounter audio ads. I was unable to try and end the process like you would normally end any program that was not responding or was slow to exit normally. I had to go to processes in order to exit the ads out, however within only a few minutes the random IE programs were running in the background again. I scanned my computer with Malwarebytes, Avast, and Spybot Search and Destroy. Malwarebytes had previously destroyed the re-direct virus, but found nothing when I tried to remove these audio ads. Avast! also found nothing, so I downloaded Spybot Search and Destroy, and it came up with around 84 problems, and I had them fixed, however this still did not remove the problem. Any further help would be greatly appreciated as soon as possible!
Thank you for your time.
Annoying Audio Ads in background/ Zero Access
in Resolved Malware Removal Logs
Posted
I can't thank you enough for you help Mr. Naggar, God bless you for all your help.
I do have some questions:
1. Will my computer be safe to do any transactions (I very rarely make transactions on this computer, perhaps 1 a year or less).
2. Will my computer be safe to log in to websites?
I guess what I'm asking is "Is the backdoor shut," I understand the trojan is gone, but will it be safe enough to use the computer normally? I will probably not be doing any transactions on this computer at all to be on the safe side, but I would hope to be able to log in to websites safely without getting my information stolen.