Jump to content

cyndieraz

Honorary Members
 View Profile  See their activity

  • Posts

    33

  • Joined

  • Last visited

 Content Type 

Everything posted by cyndieraz

  1. cyndieraz
    This computer runs Windows 7 not vista and I don't recall having a disk....?
  2. cyndieraz
    Yes, It asks if I want to save changes, I select save, then restart in Safe Mode. Now what? I looked at the log again but it wasn't any different. I tried starting in normal mode, but windows just shuts down.
  3. cyndieraz
    I updated MBAM as you requested and ran it. Here is the log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6467 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 4/28/2011 8:16:33 PM mbam-log-2011-04-28 (20-16-33).txt Scan type: Quick scan Objects scanned: 156243 Time elapsed: 2 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\Temp\ntop.tmp\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. Here is the notepad from the cmd.exe: The type of the file system is NTFS. Cannot lock current drive. Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
  4. cyndieraz
    I think this is the finished cmd.exe file... If it's not, please let me know and I'll try to run it again. What's next....? Thanks for your help. Oh, I still am running only on safe mode, the computer shuts down when I run in normal mode. The type of the file system is NTFS. The volume is in use by another process. Chkdsk might report errors when no corruption is present. Volume label is TI105756W0B. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... 0 percent complete. (0 of 148992 file records processed) 1 percent complete. (14900 of 148992 file records processed) 1 percent complete. (28676 of 148992 file records processed) 2 percent complete. (29799 of 148992 file records processed) 3 percent complete. (44698 of 148992 file records processed) 4 percent complete. (59597 of 148992 file records processed) 5 percent complete. (74496 of 148992 file records processed) 6 percent complete. (89396 of 148992 file records processed) 7 percent complete. (104295 of 148992 file records processed) 8 percent complete. (119194 of 148992 file records processed) 9 percent complete. (134093 of 148992 file records processed) 148992 file records processed. File verification completed. 271 large file records processed. 0 bad file records processed. 0 EA records processed. 50 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... 11 percent complete. (3898 of 197930 index entries processed) 12 percent complete. (7903 of 197930 index entries processed) 13 percent complete. (11908 of 197930 index entries processed) 14 percent complete. (15912 of 197930 index entries processed) 15 percent complete. (19917 of 197930 index entries processed) 16 percent complete. (23922 of 197930 index entries processed) 17 percent complete. (27926 of 197930 index entries processed) 18 percent complete. (31931 of 197930 index entries processed) 19 percent complete. (35936 of 197930 index entries processed) 20 percent complete. (39940 of 197930 index entries processed) 21 percent complete. (43945 of 197930 index entries processed) 22 percent complete. (47950 of 197930 index entries processed) 23 percent complete. (51954 of 197930 index entries processed) 24 percent complete. (55959 of 197930 index entries processed) 25 percent complete. (59964 of 197930 index entries processed) 26 percent complete. (63968 of 197930 index entries processed) 27 percent complete. (67973 of 197930 index entries processed) 28 percent complete. (71978 of 197930 index entries processed) 29 percent complete. (75982 of 197930 index entries processed) 30 percent complete. (79987 of 197930 index entries processed) 31 percent complete. (83992 of 197930 index entries processed) 32 percent complete. (87996 of 197930 index entries processed) 33 percent complete. (92001 of 197930 index entries processed) 34 percent complete. (96006 of 197930 index entries processed) 35 percent complete. (100011 of 197930 index entries processed) 36 percent complete. (104015 of 197930 index entries processed) 37 percent complete. (108020 of 197930 index entries processed) 38 percent complete. (112025 of 197930 index entries processed) 39 percent complete. (116029 of 197930 index entries processed) 40 percent complete. (120034 of 197930 index entries processed) 41 percent complete. (124039 of 197930 index entries processed) 42 percent complete. (128043 of 197930 index entries processed) 43 percent complete. (132048 of 197930 index entries processed) 44 percent complete. (136053 of 197930 index entries processed) 45 percent complete. (140057 of 197930 index entries processed) 46 percent complete. (144062 of 197930 index entries processed) 47 percent complete. (148067 of 197930 index entries processed) 47 percent complete. (149004 of 197930 index entries processed) 47 percent complete. (149710 of 197930 index entries processed) 47 percent complete. (150133 of 197930 index entries processed) 47 percent complete. (150944 of 197930 index entries processed) 47 percent complete. (151352 of 197930 index entries processed) 47 percent complete. (151861 of 197930 index entries processed) 48 percent complete. (152071 of 197930 index entries processed) 48 percent complete. (152594 of 197930 index entries processed) 48 percent complete. (153338 of 197930 index entries processed) 48 percent complete. (155250 of 197930 index entries processed) 49 percent complete. (156076 of 197930 index entries processed) 49 percent complete. (156957 of 197930 index entries processed) 49 percent complete. (158487 of 197930 index entries processed) 49 percent complete. (159108 of 197930 index entries processed) 50 percent complete. (160081 of 197930 index entries processed) 50 percent complete. (162127 of 197930 index entries processed) 50 percent complete. (163119 of 197930 index entries processed) 50 percent complete. (163517 of 197930 index entries processed) 50 percent complete. (163774 of 197930 index entries processed) 51 percent complete. (164085 of 197930 index entries processed) 51 percent complete. (164395 of 197930 index entries processed) 51 percent complete. (164839 of 197930 index entries processed) 51 percent complete. (165110 of 197930 index entries processed) 51 percent complete. (165413 of 197930 index entries processed) 51 percent complete. (165567 of 197930 index entries processed) 51 percent complete. (166000 of 197930 index entries processed) 51 percent complete. (166399 of 197930 index entries processed) 51 percent complete. (166567 of 197930 index entries processed) 51 percent complete. (167250 of 197930 index entries processed) 51 percent complete. (167778 of 197930 index entries processed) 52 percent complete. (168090 of 197930 index entries processed) 52 percent complete. (168745 of 197930 index entries processed) 52 percent complete. (171174 of 197930 index entries processed) 53 percent complete. (172095 of 197930 index entries processed) 53 percent complete. (172446 of 197930 index entries processed) 53 percent complete. (172847 of 197930 index entries processed) 53 percent complete. (173212 of 197930 index entries processed) 53 percent complete. (173416 of 197930 index entries processed) 197930 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 60 percent complete. (6592 of 148992 file SDs/SIDs processed) 61 percent complete. (18606 of 148992 file SDs/SIDs processed) 62 percent complete. (30620 of 148992 file SDs/SIDs processed) 63 percent complete. (42634 of 148992 file SDs/SIDs processed) 64 percent complete. (54648 of 148992 file SDs/SIDs processed) 65 percent complete. (66662 of 148992 file SDs/SIDs processed) 66 percent complete. (78676 of 148992 file SDs/SIDs processed) 67 percent complete. (90690 of 148992 file SDs/SIDs processed) 68 percent complete. (102704 of 148992 file SDs/SIDs processed) 69 percent complete. (114718 of 148992 file SDs/SIDs processed) 70 percent complete. (126732 of 148992 file SDs/SIDs processed) 71 percent complete. (138746 of 148992 file SDs/SIDs processed) 148992 file SDs/SIDs processed. Security descriptor verification completed. 24470 data files processed. CHKDSK is verifying Usn Journal... 99 percent complete. (0 of 35611480 USN bytes processed) 100 percent complete. (35610624 of 35611480 USN bytes processed) 35611480 USN bytes processed. Usn Journal verification completed. The master file table's (MFT) BITMAP attribute is incorrect. The Volume Bitmap is incorrect. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these. 301612031 KB total disk space. 69445212 KB in 119658 files. 82452 KB in 24471 indexes. 0 KB in bad sectors. 260447 KB in use by the system. 65536 KB occupied by the log file. 231823920 KB available on disk. 4096 bytes in each allocation unit. 75403007 total allocation units on disk. 57955980 allocation units available on disk.
  5. cyndieraz
    This is what I got from cmd.exe... it didn't finish, I guess, it only got to 53 percent... Like I said in an earlier post, the computer kept shutting down, but I wanted to post what I could. I will try to continue running it. Thanks so much! The type of the file system is NTFS. The volume is in use by another process. Chkdsk might report errors when no corruption is present. Volume label is TI105756W0B. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... 0 percent complete. (0 of 148992 file records processed) 1 percent complete. (14900 of 148992 file records processed) 2 percent complete. (29799 of 148992 file records processed) 3 percent complete. (44698 of 148992 file records processed) 4 percent complete. (59597 of 148992 file records processed) 5 percent complete. (74496 of 148992 file records processed) 6 percent complete. (89396 of 148992 file records processed) 7 percent complete. (104295 of 148992 file records processed) 8 percent complete. (119194 of 148992 file records processed) 9 percent complete. (134093 of 148992 file records processed) 148992 file records processed. File verification completed. 271 large file records processed. 0 bad file records processed. 0 EA records processed. 50 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... 11 percent complete. (3898 of 197930 index entries processed) 12 percent complete. (7903 of 197930 index entries processed) 13 percent complete. (11907 of 197930 index entries processed) 14 percent complete. (15912 of 197930 index entries processed) 15 percent complete. (19916 of 197930 index entries processed) 16 percent complete. (23921 of 197930 index entries processed) 17 percent complete. (27926 of 197930 index entries processed) 18 percent complete. (31930 of 197930 index entries processed) 19 percent complete. (35935 of 197930 index entries processed) 20 percent complete. (39939 of 197930 index entries processed) 21 percent complete. (43944 of 197930 index entries processed) 22 percent complete. (47949 of 197930 index entries processed) 23 percent complete. (51953 of 197930 index entries processed) 24 percent complete. (55958 of 197930 index entries processed) 25 percent complete. (59962 of 197930 index entries processed) 26 percent complete. (63967 of 197930 index entries processed) 27 percent complete. (67972 of 197930 index entries processed) 28 percent complete. (71976 of 197930 index entries processed) 29 percent complete. (75981 of 197930 index entries processed) 30 percent complete. (79985 of 197930 index entries processed) 31 percent complete. (83990 of 197930 index entries processed) 32 percent complete. (87995 of 197930 index entries processed) 33 percent complete. (91999 of 197930 index entries processed) 34 percent complete. (96004 of 197930 index entries processed) 35 percent complete. (100008 of 197930 index entries processed) 36 percent complete. (104013 of 197930 index entries processed) 37 percent complete. (108018 of 197930 index entries processed) 38 percent complete. (112022 of 197930 index entries processed) 39 percent complete. (116027 of 197930 index entries processed) 40 percent complete. (120031 of 197930 index entries processed) 41 percent complete. (124036 of 197930 index entries processed) 42 percent complete. (128041 of 197930 index entries processed) 43 percent complete. (132045 of 197930 index entries processed) 44 percent complete. (136050 of 197930 index entries processed) 45 percent complete. (140054 of 197930 index entries processed) 46 percent complete. (144059 of 197930 index entries processed) 47 percent complete. (148064 of 197930 index entries processed) 47 percent complete. (149004 of 197930 index entries processed) 47 percent complete. (149738 of 197930 index entries processed) 47 percent complete. (150169 of 197930 index entries processed) 47 percent complete. (150952 of 197930 index entries processed) 47 percent complete. (151372 of 197930 index entries processed) 47 percent complete. (151906 of 197930 index entries processed) 48 percent complete. (152068 of 197930 index entries processed) 48 percent complete. (152678 of 197930 index entries processed) 48 percent complete. (153340 of 197930 index entries processed) 48 percent complete. (155309 of 197930 index entries processed) 49 percent complete. (156073 of 197930 index entries processed) 49 percent complete. (156957 of 197930 index entries processed) 49 percent complete. (158487 of 197930 index entries processed) 49 percent complete. (159108 of 197930 index entries processed) 50 percent complete. (160077 of 197930 index entries processed) 50 percent complete. (162141 of 197930 index entries processed) 50 percent complete. (163119 of 197930 index entries processed) 50 percent complete. (163515 of 197930 index entries processed) 50 percent complete. (163730 of 197930 index entries processed) 50 percent complete. (164034 of 197930 index entries processed) 51 percent complete. (164082 of 197930 index entries processed) 51 percent complete. (164390 of 197930 index entries processed) 51 percent complete. (164838 of 197930 index entries processed) 51 percent complete. (165100 of 197930 index entries processed) 51 percent complete. (165408 of 197930 index entries processed) 51 percent complete. (165567 of 197930 index entries processed) 51 percent complete. (165998 of 197930 index entries processed) 51 percent complete. (166391 of 197930 index entries processed) 51 percent complete. (166542 of 197930 index entries processed) 51 percent complete. (167231 of 197930 index entries processed) 51 percent complete. (167752 of 197930 index entries processed) 52 percent complete. (168087 of 197930 index entries processed) 52 percent complete. (168663 of 197930 index entries processed) 52 percent complete. (171191 of 197930 index entries processed) 53 percent complete. (172091 of 197930 index entries processed)
  6. cyndieraz
    Heres the log. Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 6444 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 4/25/2011 7:19:41 PM mbam-log-2011-04-25 (19-19-41).txt Scan type: Quick scan Objects scanned: 155956 Time elapsed: 2 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\Temp\fmpp.tmp\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\Temp\gsnc.tmp\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. I'm having problems with the cmd.exe I can start it and type in the command, but the computer keeps shutting down. I'm posting the MBAM for now, and if I can get the other to work, I'll post it.
  7. cyndieraz
    I attached a word file with 2 screenshots, taken within a couple minutes of each other. Sorry I couldn't figure out how to just post it on this reply. The "core" temp varies and changes every few seconds. speedfan.doc
  8. cyndieraz
    Hi, I figured out that I downloaded the drivers on that sight, not the speedfan. But now I've downloaded speedfan and ran it, but I'm not sure what to send to you. I don't know how to take a screenshot. Can you give me instructions on how to do that? Thanks, CyndieRaz
  9. cyndieraz
    I downloaded it, but the program wants me to register and pay $29. I can't seem to get around not registering.
  10. cyndieraz
    Hi, The blue screen flashes on and off in a matter of a few seconds, but here's what I can get, one line at a time! "A problem has been detected. Windows has been shut down to prevent damage to your computer. driver_irql_not_less_or_equal if this is the first time your seeing this error, restart your computer. If this screen appears again follow these steps." So the next time I restarted it, to get more of the blue screen, we got a "windows just recovered from a shutdown". I was able to update MBAM, and actually run it....Here is the log: Scan type: Quick scan Objects scanned: 166623 Time elapsed: 4 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Windows hasn't shut down yet, and it's been about 10 minutes. It's been shutting down just about immediately after starting. Not sure what this means, other than it's staying on.... Thanks, Cyndie
  11. cyndieraz
    My daughter has a laptop running Windows 7. I can start in safe mode and run malwarebytes, AVG and Spybots. I've run these several times and was getting 0 infections...Still cannot start in normal mode. After a couple of seconds, a blue screen pops up, saying that windows will shut down to prevent a crash. I did a system recovery to a time before this shutdown started, but it didn't work, still having the same problem. Updated and ran Malwarebytes again. Here is the log. What other logs should I try to get. I can only run in safe mode at this point in time. Thank you in advance for you help. Cyndie Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 6340 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 4/11/2011 11:24:14 PM mbam-log-2011-04-11 (23-24-14).txt Scan type: Quick scan Objects scanned: 165546 Time elapsed: 2 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\$Recycle.Bin\s-1-5-21-1406705716-1417950885-3890049717-1000\$RQ1JXM0.exe (PUP.FunWebProducts) -> Not selected for removal.
  12. cyndieraz
    Thank you very much! My daughter will be happy to get her computer back! Hopefully, she's learned her lesson!! Cyndie
  13. cyndieraz
    Done with all your instructions! Thank you very much! Is there anything else?
  14. cyndieraz
    Things are running fine now... What do I need to turn back on???? Thanks, Cyndie
  15. cyndieraz
    Here's the rerun of MBAM..... Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5270 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 12/8/2010 3:52:02 PM mbam-log-2010-12-08 (15-52-02).txt Scan type: Quick scan Objects scanned: 159863 Time elapsed: 15 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  16. cyndieraz
    Here is the log from MBAM from this morning... looking forward to your reply! Thank you very much for helping me1 Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5270 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 12/8/2010 7:16:21 AM mbam-log-2010-12-08 (07-16-21).txt Scan type: Quick scan Objects scanned: 159877 Time elapsed: 17 minute(s), 35 second(s) Memory Processes Infected: 3 Memory Modules Infected: 0 Registry Keys Infected: 26 Registry Values Infected: 3 Registry Data Items Infected: 1 Folders Infected: 9 Files Infected: 20 Memory Processes Infected: c:\Users\Jordan\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> 2016 -> Unloaded process successfully. c:\Users\Jordan\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 916 -> Unloaded process successfully. c:\Users\Jordan\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 764 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Spyware.Passwords.XGen) -> Value: svchost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mxntshub (Trojan.FakeAlert.Gen) -> Value: mxntshub -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Jordan\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully. Folders Infected: c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\Users\Jordan\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Delete on reboot. c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.622.0 (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.622.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.622.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.622.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully. Files Infected: c:\Users\Jordan\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\Jordan\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.622.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.622.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\Users\Jordan\Desktop\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\Jordan\AppData\Local\Temp\841c17e5.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Jordan\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.622.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.622.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.622.0\launchhelp.dll (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.622.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\program files\clickpotatolite\bin\10.0.622.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
  17. cyndieraz
    Hi, I disabled TeaTimer, removed Ask and ran Malwarebytes. I'm posting that log and the new DDS log. Thank you very much and I am waiting for the next set of instructions! Cyndie Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 12/7/2010 6:28:29 PM mbam-log-2010-12-07 (18-28-29).txt Scan type: Quick scan Objects scanned: 131973 Time elapsed: 18 minute(s), 48 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 2 Files Infected: 6 Memory Processes Infected: C:\Users\Jordan\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d425283-d487-4337-bab6-ab8354a81457} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9d425283-d487-4337-bab6-ab8354a81457} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Data: c:\users\jordan\appdata\local\temp\csrss.exe -> Quarantined and deleted successfully. Folders Infected: C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. Files Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Users\Jordan\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Jordan\AppData\Roaming\Microsoft\conhost.exe (Backdoor.Bot) -> Delete on reboot. C:\Program Files\Search Toolbar\SearchToolbar.dll (Trojan.BHO) -> Quarantined and deleted successfully. DDS (Ver_10-12-05.01) - NTFSx86 Run by Jordan at 18:35:00.58 on Tue 12/07/2010 Internet Explorer: 8.0.6001.18975 Microsoft
  18. cyndieraz
    OK, I reran DDS and this time the attach.txt popped up...it didn't last time! So I'm attaching that the dds file that came up today also, just incase its different than the other day.... Attach.txt DDS_7.txt
  19. cyndieraz
    Hi Borislav, Please post your Attach.txt ! <~~what is this and how do I find it? Keep in mind that I can't get to a whole lot on the infected computer!!
  20. cyndieraz
    I requested help last week and haven't heard back from an expert, so I'm reposting...I know that you are all busy and I appreciate your help! I'm still waiting for help, but I was able to finally run the defogger and dds in safe mode. I tried running the GMER file, but the computer kept shutting down or telling me that the program stopped working. I tried running it in normal mode too, and a notice comes up that it stopped working correctly. Then it goes to a blue screen that says windows quit working correctly and it shuts down the system. I'm attaching the files that I did get though and I'm waiting for a reply. Thank you! Cyndie defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:47 on 05/12/2010 (Jordan) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- DDS (Ver_10-12-05.01) - NTFSx86 MINIMAL Run by Jordan at 9:50:37.12 on Sun 12/05/2010 Internet Explorer: 8.0.6001.18975 Microsoft
  21. cyndieraz
    I'm still waiting for help, but I was able to finally run the defogger and dds in safe mode. I tried running the GMER file, but the computer kept shutting down or telling me that the program stopped working. I tried running it in normal mode too, and a notice comes up that it stopped working correctly. Then it goes to a blue screen that says windows quit working correctly and it shuts down the system. I'm attaching the files that I did get though and I'm waiting for a reply. Thank you! defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:47 on 05/12/2010 (Jordan) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- DDS (Ver_10-12-05.01) - NTFSx86 MINIMAL Run by Jordan at 9:50:37.12 on Sun 12/05/2010 Internet Explorer: 8.0.6001.18975 Microsoft
  22. cyndieraz
    Oh, and I tried running OTL in safe mode, like I had to do on the other computer, but the pc just turns off.
  23. cyndieraz
    So, I get one laptop cleaned up and the other one has a virus now! Can't go on internet, says all websites are unsafe to visit. Won't run AVG, Malwarebytes or Spybot. A window keeps popping up saying unprotected and infected with virus, trojan, worm, etc.... Tried running malwarebytes in safe mode and the pc just shut off after about 1 minute. Please help me clean up this computer! Cyndie
  24. cyndieraz
    So far so good! She'll be happy to have her computer back again!! Thank you very much!!!! Cyndie
  25. cyndieraz
    Here ya go....Glad all this makes sense to you...looks like a foreign language to me! Thanks so much! OTL logfile created on: 12/1/2010 4:08:27 PM - Run 4 OTL by OldTimer - Version 3.2.17.3 Folder = E:\ 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.64 Gb Total Space | 241.02 Gb Free Space | 83.79% Space Free | Partition Type: NTFS Drive E: | 3.74 Gb Total Space | 3.00 Gb Free Space | 80.23% Space Free | Partition Type: FAT32 Computer Name: NIKKIERAZ-PC | User Name: Nikkie Raz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) ========== Modules (SafeList) ========== MOD - E:\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBCCID) -- C:\windows\SysNative\DRIVERS\RtsUCcid.sys File not found DRV:64bit: - (RtsUIR) -- C:\windows\SysNative\DRIVERS\Rts516xIR.sys File not found DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (purendis) -- C:\Windows\SysNative\drivers\purendis.sys (Cisco Systems, Inc.) DRV:64bit: - (pnarp) -- C:\Windows\SysNative\drivers\pnarp.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.malwarebytes.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 28 FE D2 F6 2B CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {19A0F032-27D7-4227-BBB5-51AA9E5904F5} - C:\Program Files (x86)\Dogpile Toolbar\Helper.dll File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [2010/07/13 11:03:06 | 000,000,000 | ---D | M] -- C:\Users\Nikkie Raz\AppData\Roaming\Mozilla\Extensions O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.) O2 - BHO: (Freecause Toolbar BHO) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - C:\Program Files (x86)\Dogpile Toolbar\Toolbar.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files (x86)\Dogpile Toolbar\Toolbar.dll File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files (x86)\Dogpile Toolbar\Toolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe File not found O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files (x86)\PlaySushi\PSText.dll File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.115.71.53 24.159.193.40 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{af073ef3-6f4e-11df-822d-70f1a164820d}\Shell - "" = AutoRun O33 - MountPoints2\{af073ef3-6f4e-11df-822d-70f1a164820d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/29 21:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010/11/29 15:56:27 | 000,000,000 | ---D | C] -- C:\Users\Nikkie Raz\AppData\Local\ElevatedDiagnostics [2010/11/28 15:31:22 | 000,000,000 | ---D | C] -- C:\39b643f6ea31f36bb79d1b4e23a597cd [2010/11/28 15:05:29 | 000,000,000 | ---D | C] -- C:\Users\Nikkie Raz\AppData\Local\PackageAware ========== Files - Modified Within 30 Days ========== [2010/12/01 16:12:22 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2010/12/01 16:12:22 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2010/12/01 16:12:22 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2010/12/01 16:10:59 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/12/01 16:10:59 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/12/01 16:03:33 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2010/12/01 16:03:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/12/01 16:03:02 | 3092,942,848 | -HS- | M] () -- C:\hiberfil.sys [2010/12/01 15:54:54 | 068,370,192 | ---- | M] () -- C:\windows\SysNative\drivers\Avg\incavi.avm [2010/11/30 17:26:01 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys [2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2010/11/20 10:05:53 | 000,001,182 | ---- | M] () -- C:\Users\Nikkie Raz\Desktop\ Mabinogi .lnk ========== Files Created - No Company Name ========== [2010/09/08 21:07:41 | 000,004,096 | -H-- | C] () -- C:\Users\Nikkie Raz\AppData\Local\keyfile3.drm [2010/07/13 20:33:49 | 000,004,929 | ---- | C] () -- C:\windows\wininit.ini [2010/07/06 20:48:44 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2010/06/05 08:51:13 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi [2010/04/21 19:36:59 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009/04/28 05:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.