Jump to content

LisaK2

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

 Content Type 

Everything posted by LisaK2

  1. LisaK2

    Thank you so much MrC. Really really appreciated your help !

  2. LisaK2
    Thanks MrC. All seems to be ok now. I ran mbam again and all is clean.
  3. LisaK2
    Thanks Mr C. Ran the program and received the same msg "The feature you are trying to use is on a network resource that is unavailable." Options to press - "OK / Cancel / Browse." but when I pressed Cancel the Adobe program said it was successful in uninstalling. Restarted my pc and voila -- A?obe Reader X is now off my pc! What is to be done next?
  4. LisaK2
    OK, sorry. When I uninstalled all the Adobe products via Ctrl Manager, this would not uninstall "Addobe Reader x (10.1.7) located in folder C:\Programs\Adobe\Reader10.0\Reader\ with source location c:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\" and it gave me this msg: "The feature you are trying to use is on a network resource that is unavailable." Options to press - "OK / Cancel / Browse." Pressing Ok brings up another msg box : "The path C:\{ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\Acroread.msi cannot be found. Verify that you have access to this location and try again, or try to find the installation package 'AcroRead.msi' in a folder from which you can install the product A?dobe reader X (10.1.7). OK." Press Ok takes me back to previous uninstall msg box. Pressing Cancel, brings up this Windows Installer Msgbox : "The installation source for this product is not available. Verify that the source exists and that you can access it" Ok. THEN I went to Program Files & ProgramData Files and deleted all the Adobe folders. Yet, if I go to Uninstall Programs via Control Panel, this Reader X is still llisted under the programs there, but the name now appears as A?dobe Reader x (10.1.7). If I try to uninstall it, I get same msg : "The feature you are trying to use is on a network resource that is unavailable." Options to press - "OK / Cancel / Browse." Pressing Ok brings up another msg box : "The path C:\{ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\Acroread.msi cannot be found. Verify that you have access to this location and try again, or try to find the installation package 'AcroRead.msi' in a folder from which you can install the product A?dobe reader X (10.1.7). OK." Press Ok takes me back to previous uninstall msg box. Pressing Cancel, brings up this Windows Installer Msgbox : "The installation source for this product is not available. Verify that the source exists and that you can access it" Ok.
  5. LisaK2
    Just to clarify, I uninstalled ALL Adobe products vir CtrlPanel. Got the same msg (as above) from this Reader. THEN I went to the folders and deleted all the Adobe folders as well. Yet this Reader is still there and still giving me the exact same msg!
  6. LisaK2
    MrC, I've already deleted those folders! Opening up the Prog- & ProgData folders shows that there are no such folders any more... thats what is so strange to me. (My folder view has been set to view hidden as well.)
  7. LisaK2
    Even though CPU usage doesnt seem to go above 20-30%, there are 13 svchost.exe running crazily (by user network service x3, system x5, local service x5), plus 3 system search services (filterhoste.exe, indexer.exe & protocolhost.exe). There is also mdm.exe run by user System from C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe. Should this not be running from system32 folder?
  8. LisaK2
    Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! COMODO Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 22.0 Firefox out of Date! Google Chrome 28.0.1500.95 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Comodo Firewall cmdagent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` PS. I have completely uninstalled Adobe, yet this Adobe Reader x is still on my system! It is now listed as A?dobe Reader x (10.1.7) located in folder C:\Programs\Adobe\Reader10.0\Reader\ with source location c:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\ When I try to uninstall it (in CtrlPanel), Windows Installer Msg Box pops up "The feature you are trying to use is on a network resource that is unavailable." OK / Cancel / Browse. Pressing Ok brings up another msg box "The path C:\{ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\Acroread.msi cannot be found. Verify that you have access to this location and try again, or try to find the installation package 'AcroRead.msi' in a folder from which you can install the product A?dobe reader X (10.1.7). OK. Press Ok takes me back to previous uninstall msg box. Pressing Cancel, brings up Windows Installer Msgbox "The installation source for this product is not available. Verify that the source exists and that you can access it" Ok.
  9. LisaK2
    Login is faster now and CPU seems to be back to normal now. There are a whole lot of weird events in eventviewer, after I logged back on now. Will download and do security check now
  10. LisaK2
    Eish!! Not done yet?!
  11. LisaK2
    I have now enabled Comodo AV & Firewall. Should I enable the W7 Firewall too, or will that cause problems? (I have read somewhere that Win Firewall is not as safe as Microsoft claims...!)?
  12. LisaK2
    Attached are the files you requested: # AdwCleaner v3.007 - Report created 13/10/2013 at 18:34:28 # Updated 09/10/2013 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits) # Username : User - RENE-PC # Running from : C:\Users\User\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\ProgramData\AlawarWrapper Folder Deleted : C:\ProgramData\wxDownload Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\DAEMON Tools Toolbar Folder Deleted : C:\Program Files\myfree codec Folder Deleted : C:\Program Files\wxDownload Folder Deleted : C:\Users\User\AppData\Local\Conduit Folder Deleted : C:\Users\User\AppData\Local\iWin Folder Deleted : C:\Users\User\AppData\Local\MyScrapNook_12 Folder Deleted : C:\Users\User\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\User\AppData\LocalLow\Conduit Folder Deleted : C:\Users\User\AppData\LocalLow\Funmoods Folder Deleted : C:\Users\User\AppData\LocalLow\MyScrapNook_12 Folder Deleted : C:\Users\User\AppData\Roaming\Babylon Folder Deleted : C:\Users\User\AppData\Roaming\DriverCure Folder Deleted : C:\Users\User\AppData\Roaming\ExpressFiles Folder Deleted : C:\Users\User\AppData\Roaming\SpeedMaxPc File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{719F56C0-B5FE-45C6-868A-F27B75F657A4} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{719F56C0-B5FE-45C6-868A-F27B75F657A4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedmaxpc_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedmaxpc_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies(1)_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies(1)_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-new-pc-studio_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-new-pc-studio_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\ExpressFiles Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\SpeedMaxPC Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\smartbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BabylonToolbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\ExpressFiles Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SpeedMaxPC Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v22.0 (en-US) [ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t53weeer.default-1378102569937\prefs.js ] -\\ Google Chrome v [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [8310 octets] - [13/10/2013 18:20:33] AdwCleaner[s0].txt - [8409 octets] - [13/10/2013 18:34:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8469 octets] ########## mbam-log-2013-10-13 (18-49-45).txt Will check my pc performance and let you know. Thank you so much! AdwCleanerS0.txt
  13. LisaK2
    Okay, ComboFix attached!ComboFix.txt
  14. LisaK2
    At last scan has finished. Said no cleanup necessary . Log attached.system-log.txt
  15. LisaK2
    Scan stuck (on same place again) for over an hour now - c:\windows\system32\wbem\xsl-mappings.xml
  16. LisaK2
    It was late here in SA, so I switched pc off with power button. Started this morning in safe mode, uninstalled Avast. Windows msg popped up about updates installing, so I allowed that to complete, restarted and am now running mbar scan again.
  17. LisaK2
    I now have a black screen, pc still working though - red light flickering away crazily. Not even alt+ctrl+del works... Its been like this for almost hour now!
  18. LisaK2
    Scan seems to hang for long periods of time before running again. Its been hanging for an hour now. That normal?
  19. LisaK2
    a) 2 virus programs. Avast and a few other icons suddenly disappeared off my desktop. When I created new ones, I checked the properties and there was an "unknown user" listed in all of those! I only downloaded Comodo recently because I discovered what a firewall is and why I needed one {yeah...I know...in this day and age?!} In your personal opinion and from experience, would you say that Comodo av is better than Avast? Unfortunately, I am not in a position to buy any package, :-( so free protection is all I have... I checked some reviews and Comodo was listed as one of the top free firewalls available...that the truth? b) Spybot was installed by a local pc company after they upgraded my pc about 5 years ago - I have no problem uninstalling it. Downloaded, installed, ran mbar.exe, updated and now running scan. Will post result as soon as done.
  20. LisaK2
    Thank you MrC. Downloaded and installed RK. Ran scan. RogueKiller V8.7.2 [Oct 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : User [Admin rights] Mode : Scan -- Date : 10/12/2013 09:28:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} : C:\Users\User\AppData\Local\Temp\cis76F0.exe - --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} [x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] IRP[iRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85A641E8) [Address] IRP[iRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85A641E8) [Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85A641E8) [Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85A641E8) [Address] IRP[iRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85A641E8) [Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85A641E8) [Address] IRP[iRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x85A641E8) [inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4) [inline] EAT @explorer.exe (@Classes@TFiler@) : rtl150.bpl -> HOOKED (Unknown @ 0x3059296C) [inline] EAT @explorer.exe (@Classes@TReader@) : rtl150.bpl -> HOOKED (Unknown @ 0xB45933BC) [inline] EAT @explorer.exe (@Classes@TStreamWriter@) : rtl150.bpl -> HOOKED (Unknown @ 0x54599FB5) [inline] EAT @explorer.exe (@Comobj@TAutoObjectEvent@) : rtl150.bpl -> HOOKED (Unknown @ 0xDC5BB8A4) [inline] EAT @explorer.exe (@Msxml@IID_ISAXEntityResolver) : rtl150.bpl -> HOOKED (Unknown @ 0x1FB8BAB5) [inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl150.bpl -> HOOKED (Unknown @ 0x43E12FD7) [inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl150.bpl -> HOOKED (Unknown @ 0x43E12FC7) [inline] EAT @explorer.exe (@System@ExceptionClass) : rtl150.bpl -> HOOKED (Unknown @ 0xDD6A1039) [inline] EAT @explorer.exe (@Wincodec@CATID_WICFormatConverters) : rtl150.bpl -> HOOKED (Unknown @ 0x6490FC7F) [inline] EAT @explorer.exe (@Controls@TCustomTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772A44) [inline] EAT @explorer.exe (@Controls@TDockTree@) : vcl150.bpl -> HOOKED (Unknown @ 0xC0779121) [inline] EAT @explorer.exe (@Controls@TTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772FF8) [inline] EAT @explorer.exe (@Jclmath@Catalan) : Jcl150.bpl -> HOOKED (Unknown @ 0x00BF2040) [inline] EAT @explorer.exe (@Jclmath@Cbrt3) : Jcl150.bpl -> HOOKED (Unknown @ 0x90B1D717) [inline] EAT @explorer.exe (@Jclmath@LnPi) : Jcl150.bpl -> HOOKED (Unknown @ 0xCA671DA3) [inline] EAT @explorer.exe (@Jclmath@Log3) : Jcl150.bpl -> HOOKED (Unknown @ 0x84D25F65) [inline] EAT @explorer.exe (@Jclsimplexml@TJclSimpleXMLProps@) : Jcl150.bpl -> HOOKED (Unknown @ 0x4858BACA) [inline] EAT @explorer.exe (@Jclstructstorage@UnitVersioning) : Jcl150.bpl -> HOOKED (Unknown @ 0xF469DFA7) [inline] EAT @explorer.exe (@Jclwin32@RtdlNetGroupAdd) : Jcl150.bpl -> HOOKED (Unknown @ 0x3467D32D) [inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_AsymmetricSignatureDeformatter) : Jcl150.bpl -> HOOKED (Unknown @ 0x269C6902) [inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_Buffer) : Jcl150.bpl -> HOOKED (Unknown @ 0x8313E316) [inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_CaseInsensitiveComparer) : Jcl150.bpl -> HOOKED (C:\Windows\System32\wscui.cpl @ 0x6C9E7D34) [inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_FileNotFoundException) : Jcl150.bpl -> HOOKED (Unknown @ 0xEB14FC04) [inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_JulianCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0x607DE6A9) [inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_PKCS1MaskGenerationMethod) : Jcl150.bpl -> HOOKED (Unknown @ 0x5E0E5459) [inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_ProgIdAttribute) : Jcl150.bpl -> HOOKED (Unknown @ 0x64693527) [inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SHA384) : Jcl150.bpl -> HOOKED (Unknown @ 0x062DADDF) [inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SoapDateTime) : Jcl150.bpl -> HOOKED (Unknown @ 0x886A688F) [inline] EAT @explorer.exe (@Mscorlib_tlb@IID_IChannel) : Jcl150.bpl -> HOOKED (Unknown @ 0xB577C87E) [inline] EAT @explorer.exe (@Mscorlib_tlb@IID__BitConverter) : Jcl150.bpl -> HOOKED (Unknown @ 0xD97E4C5E) [inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CryptographicException) : Jcl150.bpl -> HOOKED (Unknown @ 0xFA6AC5AF) [inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CustomAttributeBuilder) : Jcl150.bpl -> HOOKED (Unknown @ 0x47E035A9) [inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ExternalException) : Jcl150.bpl -> HOOKED (C:\Windows\system32\PortableDeviceApi.dll @ 0x70C9C911) [inline] EAT @explorer.exe (@Mscorlib_tlb@IID__IsolatedStorageFilePermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x292E9B90) [inline] EAT @explorer.exe (@Mscorlib_tlb@IID__Pointer) : Jcl150.bpl -> HOOKED (Unknown @ 0x03125CDC) [inline] EAT @explorer.exe (@Mscorlib_tlb@IID__RegionInfo) : Jcl150.bpl -> HOOKED (Unknown @ 0xD76F9F58) [inline] EAT @explorer.exe (@Mscorlib_tlb@IID__SiteIdentityPermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x4E9A9BCB) [inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ThaiBuddhistCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0xA3E88D47) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST31000528AS ATA Device +++++ --- User --- [MBR] 6aec600e05f6745786100572072e34cb [bSP] 64cf7b4991551554b7eee46f94e5092f : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - Lexar JD FireFly USB Device +++++ --- User --- [MBR] afe07965a7a693748f42bb7fb6d1fe0f [bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 2720 | Size: 15038 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_10122013_092843.txt >>
  21. LisaK2
    Hi, I am running Win 7 with Avast Free Ed, Malwarebytes Anti-Malware, SuperAntiSpyware Free, and Comodo AV & -Firewall. My pc has been infected with some rootkit virus/malware, that not only ups my cpu usage to 100% (under different processes - avast/comodo/nvidia/adobe/etc.) but has managed to crawl in behind/into all these programs. When I update these programs, i usually get error msgs at first attempt (or eternally hanging) before updating takes place. But when in SafeMode, all the above programs show that it has not been updated for days! When I noticed my pc started running crazy before I even logged in, I knew something was wrong! I immediately unplugged my internet to stop whoever from doing whatever and spreading that to my mail contacts. Bit too late though! My husbands' pc at work crashed, as well as my sons laptop. Laptop had to be formatted and Win re-installed, I am now sending this from the laptop. I ran various scans on my pc, nothing serious popped up. I am not a pc guru (unfortunately!), but after some research on the internet (via the laptop), I started checking different things on my system, like the event viewer etc. Also started double checking all services running - all were legal and running from the "correct" folders. Then I stumbled on this website (thank God!! :-) for that)! I downloaded a newer Malwarebytes via the laptop and installed on my pc; plugged internet back in and updated. Then I ran scan and after that I uninstalled all the suspect programs/games. Found an adobe reader x which would not allow me to uninstall since I am not connected to the network ?! Ran malwarebytes again this morning, yet the whole pc froze and I had to use power button to restart. Comodo scan did the same thing! Logged in on SafeMode, and once again all my 'security' programs were way behind their daily updates - including th Malwarebytes!(that was 186 days behind i think!) Then disabled all the security apps, copied dds and ran it. Attached are the two txt files. Thank you so much for giving your time to help with this. attach.txtdds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.