Jump to content

mememy

Honorary Members
  • Posts

    34
  • Joined

  • Last visited

Everything posted by mememy

  1. I can't thank you enough for all your patience and help! It all seems to be running fine now. I've deleted all the programs you had me install and I already have the Revo, MSEssentials, Malwarebytes and I now have the WinPatrol as well. I do see that I have Spybot as well. Will that conflict with anything else I have on here? . I'm now in the process of changing all my passwords. That'll take a while! I gave a donation on the link provided. Sorry it's not much but hope it helps. Thank you again
  2. C:\ProgramData\Microsoft\Windows\DRM\EC34.tmp.dat a variant of Win32/Kryptik.AVRH trojan C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\EC74.tmp.vir a variant of Win32/Kryptik.AVRH trojan C:\TDSSKiller_Quarantine\03.03.2013_09.48.12\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\03.03.2013_09.48.12\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan C:\TDSSKiller_Quarantine\03.03.2013_09.48.12\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.SV trojan C:\TDSSKiller_Quarantine\03.03.2013_09.48.12\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan C:\TDSSKiller_Quarantine\03.03.2013_09.48.12\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\03.03.2013_09.48.12\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan C:\Users\All Users\Microsoft\Windows\DRM\EC34.tmp.dat a variant of Win32/Kryptik.AVRH trojan C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6TKX1JW1\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application C:\Users\Marie\AppData\Local\Updater21804\Updater21804.exe a variant of Win32/Toolbar.CrossRider.C application C:\Users\Marie\Downloads\bubblematch-setup.exe Win32/DownloadAdmin.G application
  3. although it did take quite a while to post this message. perhaps due to it's length.
  4. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.02.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marie :: MARIE-PC [administrator] 3/6/2013 10:24:23 PM mbam-log-2013-03-06 (22-24-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 277676 Time elapsed: 9 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:00:49 PM, on 3/6/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Video Web Camera\traybar.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\QuickTime\QTTask.exe C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe C:\Users\Marie\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freegamepick.com/start-search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273602104525l0314z155a4812v26q R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: KarmaWellBrowserExtension BHO - {833ee35c-91e5-4db8-a23b-2311c0396e79} - C:\Program Files (x86)\KarmaWell Browser Extension\1.0.15\Kango.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {e86e69ac-a2ce-415a-967e-70ded47d72e2} - (no file) O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (file missing) O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~2\ArcSoft\RAWTHU~1\EXIFToolBar.dll O3 - Toolbar: (no name) - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - (no file) O3 - Toolbar: KarmaWell Browser Extension - {714165d9-3155-411e-bc86-93d7e97132fc} - C:\Program Files (x86)\KarmaWell Browser Extension\1.0.15\Kango.dll O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll (file missing) O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE O4 - HKCU\..\Run: [setupWizard] D:\SetupWizard.exe reboot O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [{A0BFF534-8BAB-4A70-BA43-1ABEAD0BEA7D}] rundll32 "C:\Users\Marie\AppData\Local\{CFB8BB4A-A0E8-4C0E-A11D-5181543749A7}\{A0BFF534-8BAB-4A70-BA43-1ABEAD0BEA7D}\tfvvzcn.dll",NVDisplayCoInstallW O4 - Startup: SharePort Utility.lnk = C:\Program Files\D-Link\SharePort Utility\Connect.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.buy.com O15 - Trusted Zone: http://classroom.phoenix.edu O15 - Trusted Zone: *.phoenix.edu O15 - Trusted Zone: http://webmail.nyc.rr.com O15 - Trusted Zone: http://*.sharebuilder.com O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\822\g2aservice.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12581 bytes Things seem to be much better now. Loading faster and not going places where it's not supposd to! Thank you so much for all your patience and help!
  5. It's much better. going to the correct sites now. At least the couple I tried seem to have worked correctly. the computer still takes an awful long time to restart and load my desktop. Is there any way to make that faster? Should I delete any of those programs you've had me download yet?
  6. It seems that Firefox may be having the issues. That's what I use for a browser. It's still taking a long time to load and when I search with it I sometimes go to a completely different site than the one I choose. Could I just uninstall it and ten re-install it? If I did I'd want to save my bookmarks though because I have quite a few of them. Unfortunately I don't know how to save them. Thoughts please
  7. Looks like it worked. they're gone!!! Thank you so much!!! Is this all I have to do? Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.06.11 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Marie :: DANNY-PC [limited] 3/6/2013 1:48:22 PM mbam-log-2013-03-06 (13-48-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 161330 Time elapsed: 3 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.8 (03.04.2013:1) OS: Windows Vista Home Premium x86 Ran by Danny on Wed 03/06/2013 at 13:06:57.72 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{d3d233d5-9f6d-436c-b6c7-e63f77503b30} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Bar Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3811169913-4240757826-3255050689-1000\software\microsoft\internet explorer\main\\Search Bar ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{c04b7d22-5aec-4561-8f49-27f6269208f6} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files\coupons" Successfully deleted: [Folder] "C:\Users\Danny\appdata\locallow\asktoolbar" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 03/06/2013 at 13:09:50.03 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16464 Run by Danny at 13:55:25 on 2013-03-06 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.922 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Windows\system32\AERTSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\atashost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe C:\Windows\system32\lxctcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wlrmdr.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071121 uWindow Title = Internet Explorer provided by Dell uSearch Bar = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071121 BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\danny\appdata\roaming\micros~1\windows\startm~1\programs\startup\sharep~1.lnk - c:\program files\d-link\shareport utility\Connect.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - TCP: NameServer = 192.168.0.1 TCP: Interfaces\{0A8DF759-F20E-47FC-9CD4-3A1CAAB0C66F} : DHCPNameServer = 192.168.0.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824] R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-3-16 20376] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-13 21504] R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-7-24 246792] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-3-16 19968] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-03-06 18:26:02 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-06 18:26:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-03-06 18:06:53 -------- d-----w- c:\windows\ERUNT 2013-03-06 18:06:29 -------- d-----w- C:\JRT 2013-03-06 17:14:17 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1b68e6fe-2c58-414c-ac12-f58e139a17cd}\mpengine.dll 2013-03-05 21:38:55 6954968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-03-03 15:14:16 707728 ----a-w- c:\program files\2pUninstall Coupon Alert.dll 2013-03-03 15:14:16 178112 ----a-w- c:\program files\2pres.dll 2013-02-22 00:15:38 84992 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPB1.DLL 2013-02-22 00:15:38 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDB1.DLL 2013-02-22 00:14:47 311296 ----a-w- c:\windows\system32\CNMLMB1.DLL 2013-02-22 00:12:51 98304 ----a-w- c:\windows\system32\CNC_B1I.dll 2013-02-22 00:12:51 316416 ----a-w- c:\windows\system32\CNC_B1L.dll 2013-02-22 00:12:51 272896 ----a-w- c:\windows\system32\CNC_B1C.dll 2013-02-22 00:12:51 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2013-02-22 00:12:51 102912 ----a-w- c:\windows\system32\CNC_B1U.dll 2013-02-22 00:00:08 -------- d--h--w- c:\programdata\CanonIJFAX 2013-02-21 23:59:17 257536 ----a-w- c:\windows\system32\CNCALB1.DLL 2013-02-16 17:06:56 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2013-02-15 17:26:39 2048512 ----a-w- c:\windows\system32\win32k.sys 2013-02-15 17:26:37 1314816 ----a-w- c:\windows\system32\quartz.dll 2013-02-15 17:26:36 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-15 17:26:35 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2013-02-15 17:26:30 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-15 17:26:29 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe . ==================== Find3M ==================== . 2013-03-03 12:25:34 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-03 12:25:34 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 20:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 20:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 02:58:28 4156889 ----a-w- c:\programdata\SPL9F94.tmp . ============= FINISH: 13:56:12.20 ===============
  8. This is the one that I tried already several times and each time it got to the point where it was scanning Firefox settings it just stopped and said "not responding"
  9. Thanks for the help. Here are those logs . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 11/21/2007 8:08:12 AM System Uptime: 3/4/2013 5:11:53 PM (19 hours ago) . Motherboard: Dell Inc. | | 0RY206 Processor: AMD Athlon 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 456 GiB total, 331.151 GiB free. D: is FIXED (NTFS) - 10 GiB total, 6.037 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: NVIDIA nForce Networking Controller Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_020E1028&REV_A2\3&2411E6FE&0&38 Manufacturer: NVIDIA Name: NVIDIA nForce Networking Controller PNP Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_020E1028&REV_A2\3&2411E6FE&0&38 Service: NVENETFD . ==== System Restore Points =================== . RP2391: 2/4/2013 12:00:12 PM - Windows Update RP2392: 2/5/2013 6:04:12 AM - Scheduled Checkpoint RP2393: 2/5/2013 12:00:11 PM - Windows Update RP2394: 2/6/2013 12:00:11 PM - Windows Update RP2395: 2/7/2013 12:00:11 PM - Windows Update RP2396: 2/8/2013 12:00:11 PM - Windows Update RP2397: 2/9/2013 12:00:11 PM - Windows Update RP2398: 2/10/2013 12:00:11 PM - Windows Update RP2399: 2/11/2013 12:00:11 PM - Windows Update RP2400: 2/12/2013 12:05:22 PM - Windows Update RP2401: 2/15/2013 12:16:54 PM - Windows Update RP2402: 2/16/2013 12:00:32 PM - Windows Update RP2403: 2/17/2013 12:00:11 PM - Windows Update RP2404: 2/18/2013 11:16:03 AM - Scheduled Checkpoint RP2405: 2/18/2013 12:00:11 PM - Windows Update RP2406: 2/19/2013 12:00:11 PM - Windows Update RP2407: 2/20/2013 12:00:11 PM - Windows Update RP2408: 2/21/2013 12:00:11 PM - Windows Update RP2409: 2/21/2013 6:59:20 PM - Device Driver Package Install: Canon Printers RP2410: 2/21/2013 7:13:00 PM - Device Driver Package Install: Canon Imaging devices RP2411: 2/21/2013 7:15:02 PM - Device Driver Package Install: Canon Printers RP2412: 2/23/2013 12:00:04 AM - Scheduled Checkpoint RP2413: 2/23/2013 12:00:10 PM - Windows Update RP2414: 2/24/2013 12:00:11 PM - Windows Update RP2415: 2/25/2013 12:00:10 PM - Windows Update RP2416: 2/26/2013 12:00:10 PM - Windows Update RP2417: 2/27/2013 12:00:10 PM - Windows Update RP2418: 2/28/2013 12:00:10 PM - Windows Update RP2419: 3/1/2013 12:00:10 PM - Windows Update RP2420: 3/2/2013 12:00:10 PM - Windows Update RP2421: 3/3/2013 11:19:14 AM - Scheduled Checkpoint RP2422: 3/3/2013 12:00:10 PM - Windows Update RP2423: 3/4/2013 12:00:10 PM - Windows Update RP2424: 3/5/2013 12:00:10 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ABBYY FineReader 6.0 Sprint Adobe Flash Player 11 ActiveX Adobe Reader 8.3.1 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft MediaImpression for Kodak Ask Toolbar Avery Toolbar Updater Avery Wizard 4.0 Bing Bar Bonjour Browser Address Error Redirector Canon MX430 series MP Drivers Conexant D850 PCI V.92 Modem Coupon Printer for Windows D3DX10 Dell Getting Started Guide Dell Support Center DellSupport Facebook Plug-In Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) iTunes Java Auto Updater Java 6 Update 30 Junk Mail filter update Lexmark 5400 Series Lexmark Toolbar LiveUpdate LiveUpdate Notice (Symantec Corporation) Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Automated Troubleshooting Services Shim Microsoft Fix it Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Modem Diagnostic Tool MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music, Photos & Videos Launcher NVIDIA Drivers NVIDIANetworkDiagnostic OGA Notifier 2.0.0048.0 Product Documentation Launcher Quicken 2011 QuickTime Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler Roxio MyDVD DE Roxio Update Manager Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Segoe UI SharePort Utility SmartSound Quicktracks Plugin Sonic Activation Module The CD/Key Edition of the LogixPro Simulator Ulead DVD DiskRecorder 2.1.1 Ulead Straight-to-Disc SDK Ulead VideoStudio 9.0 SE DVD Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) User's Guides WebEx Support Manager for Internet Explorer Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 3/5/2013 12:01:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597). 3/4/2013 5:13:53 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified. 3/4/2013 5:13:53 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/4/2013 5:13:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 3/4/2013 5:13:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 3/4/2013 1:53:42 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16464 Run by Danny at 12:34:14 on 2013-03-05 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.958 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Windows\system32\AERTSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\atashost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe C:\Windows\system32\lxctcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\rundll32.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071121 uWindow Title = Internet Explorer provided by Dell uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071121 uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned> BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [CouponAlert_2pbar Uninstall] rundll32 c:\progra~1\2PUNIN~1.DLL,O -3 StartupFolder: c:\users\danny\appdata\roaming\micros~1\windows\startm~1\programs\startup\sharep~1.lnk - c:\program files\d-link\shareport utility\Connect.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - TCP: NameServer = 192.168.0.1 TCP: Interfaces\{0A8DF759-F20E-47FC-9CD4-3A1CAAB0C66F} : DHCPNameServer = 192.168.0.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824] R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-3-16 20376] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-13 21504] R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-7-24 246792] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-5-12 21744] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-3-16 19968] . =============== Created Last 30 ================ . 2013-03-05 17:14:52 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{caaa4b09-a9ff-4fd8-bc5e-e0e01e1b88b6}\mpengine.dll 2013-03-04 15:44:20 6954968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-03-03 15:14:16 707728 ----a-w- c:\program files\2pUninstall Coupon Alert.dll 2013-03-03 15:14:16 178112 ----a-w- c:\program files\2pres.dll 2013-02-22 00:15:38 84992 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPB1.DLL 2013-02-22 00:15:38 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDB1.DLL 2013-02-22 00:14:47 311296 ----a-w- c:\windows\system32\CNMLMB1.DLL 2013-02-22 00:12:51 98304 ----a-w- c:\windows\system32\CNC_B1I.dll 2013-02-22 00:12:51 316416 ----a-w- c:\windows\system32\CNC_B1L.dll 2013-02-22 00:12:51 272896 ----a-w- c:\windows\system32\CNC_B1C.dll 2013-02-22 00:12:51 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2013-02-22 00:12:51 102912 ----a-w- c:\windows\system32\CNC_B1U.dll 2013-02-22 00:00:08 -------- d--h--w- c:\programdata\CanonIJFAX 2013-02-21 23:59:17 257536 ----a-w- c:\windows\system32\CNCALB1.DLL 2013-02-16 17:06:56 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2013-02-15 17:26:39 2048512 ----a-w- c:\windows\system32\win32k.sys 2013-02-15 17:26:37 1314816 ----a-w- c:\windows\system32\quartz.dll 2013-02-15 17:26:36 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-15 17:26:35 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2013-02-15 17:26:30 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-15 17:26:29 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe . ==================== Find3M ==================== . 2013-03-03 12:25:34 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-03 12:25:34 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 20:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 20:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 02:58:28 4156889 ----a-w- c:\programdata\SPL9F94.tmp . ============= FINISH: 12:34:41.83 ===============
  10. I found 171 threats and Malwarebytes got rid of all but 4 of them. It says it'll delete upon reboot but it doesn't. I'm not great with a computer so need help walking me through getting rid of these. Any help would be greatly appreciated. I have my log listed below. thanks!! Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.20.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Marie :: DANNY-PC [limited] 3/4/2013 4:56:08 PM mbam-log-2013-03-04 (16-56-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 158510 Time elapsed: 5 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Delete on reboot. HKLM\SOFTWARE\CouponAlert_2p (PUP.MyWebSearch) -> Delete on reboot. Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|CouponAlert_2pbar Uninstall (PUP.MyWebSearch) -> Data: rundll32 C:\PROGRA~1\2PUNIN~1.DLL,O -3 -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files\2pUninstall Coupon Alert.dll (PUP.MyWebSearch) -> Delete on reboot. (end)
  11. I deleted that download from the flash drive and used my work computer (God help me) to download the Farbar recovery tool to the flash drive again. Put it in the infected computer and again followed your instructions and when I got to the point where I'm supposed to put in the name (frst.exe) I can't close notepad without opening the file first and when I do all it does it put a lot of gibberish and symbols on the notepad document. I don't know what I'm doing wrong here. I'm followin all your instructions but nothing seems to work. Is it the virus that's causing this? I'm so frustrated because you've been so patient in trying to fix this.
  12. Ok so I'm feeling very inadequate here. I've tried to run the farbar recovery scan tool. I tried to download it to the flash drive from this computer but it said this OS isn't compatible (Vista) so I did it using the infected computer. So then I open the computer by using F8 and repair computer, then follow your instructions right up until I have to type in the name of the file. then it tells me it's an invalid file name. I can see the app in the list of what's on that flash drive. Could I just click on it?
  13. It seems to stop when it starts scanning Firefox settings. I'm trying it one more time.
  14. i've tried to run this twice and it gets in the middle of running and then it says "not responding". What should I do? Sorry this is being such a pain.
  15. It's still at the same point and saying the same thing. Still in safe mode as well.
  16. How long should it take to do the combofix in safe mode? It's been at the same point for almost an hour now. Says it's preparing log report and not to run any programs till it's finished. I"m pretty sure it's stuck since the light on the hard drive isn't doing anything
  17. Is it ok to re-enable what it was that Defogger disabled?
  18. Here are the two logs you asked for. I rescanned and it said no threats were found! You're a lifesaver! Thank you. I have scanned my other computer with malwarebytes and it found 171 "PUP" files. I got rid of all but 4 of them. Can you help me with that as well or do I need to start a new post? --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_24 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.194000 GHz Memory total: 4221546496, free: 2878857216 ------------ Kernel report ------------ 03/03/2013 10:29:36 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETw5s64.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\SysWOW64\Drivers\DKbFltr.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\SysWOW64\drivers\Afc.sys \??\C:\Windows\system32\drivers\UBHelper.sys \??\C:\Windows\system32\drivers\NTIDrvr.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\sxuptp.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\CAXHWAZL.sys \SystemRoot\system32\DRIVERS\CAX_DPV.sys \SystemRoot\system32\DRIVERS\CAX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\IntcHdmi.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\pnarp.sys \SystemRoot\system32\DRIVERS\purendis.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\XAudio64.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\wininet.dll \Windows\System32\imagehlp.dll \Windows\System32\imm32.dll \Windows\System32\ole32.dll \Windows\System32\gdi32.dll \Windows\System32\comdlg32.dll \Windows\System32\lpk.dll \Windows\System32\psapi.dll \Windows\System32\urlmon.dll \Windows\System32\oleaut32.dll \Windows\System32\normaliz.dll \Windows\System32\msctf.dll \Windows\System32\rpcrt4.dll \Windows\System32\shlwapi.dll \Windows\System32\msvcrt.dll \Windows\System32\iertutil.dll \Windows\System32\difxapi.dll \Windows\System32\sechost.dll \Windows\System32\usp10.dll \Windows\System32\Wldap32.dll \Windows\System32\nsi.dll \Windows\System32\clbcatq.dll \Windows\System32\shell32.dll \Windows\System32\user32.dll \Windows\System32\setupapi.dll \Windows\System32\ws2_32.dll \Windows\System32\advapi32.dll \Windows\System32\kernel32.dll \Windows\System32\comctl32.dll \Windows\System32\KernelBase.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004c29060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8004755680 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.03.03.06 Initializing... Done! <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004c29060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004c29ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004c29060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80047181e0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004755680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a002611a60, 0xfffffa8004c29060, 0xfffffa8003e8d790 Lower DeviceData: 0xfffff8a003310f20, 0xfffffa8004755680, 0xfffffa800743a5e0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 91D34DCF Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 25173792 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 25173855 Numsec = 208845 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 25382700 Numsec = 951388420 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)... Done! Performing system, memory and registry scan... Done! Scan finished ======================================= 09:45:49.0773 6608 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 09:45:50.0369 6608 ============================================================ 09:45:50.0369 6608 Current date / time: 2013/03/03 09:45:50.0369 09:45:50.0369 6608 SystemInfo: 09:45:50.0369 6608 09:45:50.0369 6608 OS Version: 6.1.7601 ServicePack: 1.0 09:45:50.0369 6608 Product type: Workstation 09:45:50.0369 6608 ComputerName: MARIE-PC 09:45:50.0379 6608 UserName: Marie 09:45:50.0379 6608 Windows directory: C:\Windows 09:45:50.0379 6608 System windows directory: C:\Windows 09:45:50.0379 6608 Running under WOW64 09:45:50.0379 6608 Processor architecture: Intel x64 09:45:50.0379 6608 Number of processors: 2 09:45:50.0379 6608 Page size: 0x1000 09:45:50.0379 6608 Boot type: Normal boot 09:45:50.0379 6608 ============================================================ 09:45:52.0382 6608 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:45:52.0392 6608 ============================================================ 09:45:52.0392 6608 \Device\Harddisk0\DR0: 09:45:52.0392 6608 MBR partitions: 09:45:52.0392 6608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD 09:45:52.0392 6608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x38B50904 09:45:52.0392 6608 ============================================================ 09:45:52.0452 6608 C: <-> \Device\Harddisk0\DR0\Partition2 09:45:52.0452 6608 ============================================================ 09:45:52.0452 6608 Initialize success 09:45:52.0452 6608 ============================================================ 09:46:21.0495 1620 Deinitialize success
  19. Do you have a different link to the TDSSkiller? the one above takes me to a page that's selling "The New Kaspersky software"
  20. Sorry, I thought that since it hadn't finished last night I needed to do it. I'll run the TDSSkiller thing now.
  21. Well it finally went beyond that point and is now on just a blank black screen with no curser or anything. Been here for about 8 minutes now.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.