Jump to content

Multiple Issues Win32/Cycbot!cfg


Recommended Posts

Hello,

This last weekend (Dec. 17 to Dec. 20, 2011) I started having trouble with MS Outlook. EVERY incomming email was being put into the Junk Files Folder. Huh?

Today Dec. 22, 2011 I started running my malware programs and soon found out that my Firewall was disabled and the Windows System and Security program wouldn't let me reactivate the Firewall.

At the same time I found that the Security Center was disabled and wouldn't restart either and I've found that I can't create a new shortcut either.

So, I may have 1 or more virus'/malwares/Trogans programs running on this PC and perhaps more.

Could someone direct me in locating these problem programs and removing them?

Malware Anti-Virus didn't repport any issues. I'm on Social Security so I probably have the Free version. I just checked and found that my copy was downloaded on 4/18/2010.

I'm uploading several diagnostic files and I also made a backup (using Regedit 'Export') on 2011-12-15.

Bill

Attach.txt

DDS.txt

Extras.Txt

OTL.Txt

Link to post
Share on other sites

  • 1 month later...
  • Replies 64
  • Created
  • Last Reply

Top Posters In This Topic

Hello,

Would you advise if you have resolved your issues or if you have sought help elsewhere?

If not resolved and you are not already seeking help elsewhere, I'd like for you to rerun a new (fresh) DDS and Copy & Paste the DDS.txt into a new reply.

Anyone other than original-poster who has similar issues, do not reply here. Start your own topic.

Link to post
Share on other sites

Interestingly enough, I just solved the Outlook issue last Friday. It was a Rule that said "On this machine" send emails to "junk mail folder". When I deleted this Rule incoming emails went to my Inbox as they should.

I don't think I added that rule, but with me you never can tell.

Something is still preventing my firewall from resetting to the recommended settings and something is preventing the Security Center from Starting. I've attached the error messages.

I've run several scans and haven't been able to find a reason for these issues.

I have one of IObit's software programs running in resident that I can't remove with the windows uninstall. It doesn't show up in the list of installed programs.

I am wondering if this is the reason I can't reset to the firewall recommended settings, nor start the Security Center.

I'm grasping at straws, aren't I?

post-103823-0-43208100-1328553312.jpg

post-103823-0-03185100-1328553321.jpg

Link to post
Share on other sites

It's very highly likely you still have residual malware & very nasty one that affects firewall & also security center.

It needs immediate attention, so make it top priority & no web-surfing of any kind, no online transactions !!!

Start with Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft...&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

If and only if your system is Vista x64, WIN7 -x64, Windows XP x64 and Windows 2003 x64 computers.

Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

http://www.microsoft...&displaylang=en

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830

If no infections were found, you will see in your log

[qp]Results Summary:

----------------

No infection found.[/qp]

I need for you to then run a New run of DDS and post those logs, and hopefully the one from MS MSRT tool.

Link to post
Share on other sites

In the meantime, Maurice,

I ran a newly downloaded copy of Malwarebytes and ran it. I've attached the LOG.

Bill

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.06.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Bill Halliday :: OWNER-PC [administrator]

2/6/2012 4:43:26 PM

mbam-log-2012-02-06 (16-43-26).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 377359

Time elapsed: 1 hour(s), 2 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCR\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Detected: 3

HKCR\ah|Content Type (Rogue.MultipleAV) -> Data: application/x-msdownload -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Data: C:\Users\Bill Halliday\AppData\Local\b623afbc\X -> Quarantined and deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:53495 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Users\Bill Halliday\Downloads\Computer\Computer Maintenance\repairsetup.exe (Rogue.ErrorRepairProfessional) -> No action taken.

C:\Users\Bill Halliday\Downloads\Computer\Test My Hardware\repairsetup.exe (Rogue.ErrorRepairProfessional) -> No action taken.

C:\Users\Bill Halliday\Downloads\Computer\Video\Gimp_Setup.exe (Adware.IBryte) -> No action taken.

C:\Users\Bill Halliday\Downloads\Computer\Video\VideoConverterSetup.exe (Adware.InstallCore) -> No action taken.

(end)

Edited by Maurice Naggar
Highlights added for emphasis
Link to post
Share on other sites

Here is the significant portion of the MS Malicious Software Removal Tool log:

Threat detected: Backdoor:Win32/Cycbot!cfg

file://C:\Users\Bill Halliday\AppData\Roaming\EAF0.11C

SigSeq: 0x00001450ACB3ACDB

SHA1: A27214185854CF311B688EBBA63716FA8F105A8D

Extended Scan Removal Results

----------------

Start 'remove' for file://\\?\C:\Users\Bill Halliday\AppData\Roaming\EAF0.11C

Operation succeeded !

Results Summary:

----------------

Found Backdoor:Win32/Cycbot!cfg and Removed!

Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 06 16:00:34 2012

Next, STEP 1

Start MBAM Press the UPDATE tab. Press Check for Updates. Let it update.

Next, press the Scanner tab and do another FULL Scan. This time have it quarantine or delete all items / files that it tags. You did not do that last time !

STEP 2

NEXT get DDS & run it, so that I can review the reports.

Download DDS AND SAVE to the Desktop from here: dds.scr or here: dds.com and save it to your desktop.

Temporarily disable your anti-virus program. If needed, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:


    1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    COPY & Paste the contents of the 2 files inside the body of next reply.
    You can ignore the note about zipping the Attach.txt file in most cases

STEP 3

Now, re-enable your anti-virus program.

Edited by Maurice Naggar
added another MBAM run
Link to post
Share on other sites

Hi Maurice,

The reason I left these file instead of deleting them is because they aren't or shouldn't be in the execution PATH.

Files Detected: 4

C:\Users\Bill Halliday\Downloads\Computer\Computer Maintenance\repairsetup.exe (Rogue.ErrorRepairProfessional) -> No action taken.

C:\Users\Bill Halliday\Downloads\Computer\Test My Hardware\repairsetup.exe (Rogue.ErrorRepairProfessional) -> No action taken.

C:\Users\Bill Halliday\Downloads\Computer\Video\Gimp_Setup.exe (Adware.IBryte) -> No action taken.

C:\Users\Bill Halliday\Downloads\Computer\Video\VideoConverterSetup.exe (Adware.InstallCore) -> No action taken.

I will remove them for the purpose of fixing whatever my problems are. I've uploading the DSS.TXT and ATTACH.TXT I got after running MBAM the first time and then I'm going to run and update MBAM and DDS again.

DDS.txt

Attach.txt

Link to post
Share on other sites

I'd like for you to post a copy of the MBAM scan log, and the DDS log if you managed to get it going.

Then, next

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.

Next:

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Also, post a copy of Checkup.txt and let me know where things stand now.

There is a whole lot more work to do, so please always stay in touch.

Do NOT use your pc for any sort of work nor websurfing of any kind.

Link to post
Share on other sites

Please do NOT use personal messages to send your log reports. Just make all replies here to this topic.

Your DDS log:

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Bill Halliday at 22:52:19 on 2012-02-06

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8031.4987 [GMT -6:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\lxdjcoms.exe

C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe

C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\Explorer.EXE

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Bill Halliday\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\TypeItIn\TypeItIn.exe

C:\Windows\System32\taskmgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files\Sony\VAIO Care\collsvc.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://my.yahoo.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll

BHO: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll

TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Bill Halliday\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

dRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"

dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe

StartupFolder: C:\Users\BILLHA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TypeItIn.lnk - C:\Program Files (x86)\TypeItIn\TypeItIn.exe

StartupFolder: C:\Users\BILLHA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\System32\taskmgr.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026}\037364851313030343235363 : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026}\34963736F673630313 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026}\34963736F683030333 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026}\662716E6369637 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026}\7756374756C6C633830343 : DhcpNameServer = 10.0.0.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll

BHO-X64: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll

BHO-X64: CrossriderApp0002258 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO-X64: Conduit Engine - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO-X64: Vuze Remote - No File

BHO-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll

TB-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

mRun-x64: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 53495

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko5.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko6.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko7.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Bill Halliday\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Users\Bill Halliday\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: LibertyGuard: {9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC} - %profile%\extensions\{9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC}

FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: I Want This: crossriderapp2258@crossrider.com - %profile%\extensions\crossriderapp2258@crossrider.com

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - C:\Users\Bill Halliday\AppData\Roaming\NetAssistant

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-12-3 821592]

R2 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-6-18 189984]

R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-6-18 167424]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-23 2358656]

R2 VoicentGateway;Voicent Gateway;C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe [2011-9-5 1327168]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-12-3 21384]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-12-3 33184]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-9-18 328536]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-1 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-1 136176]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-12-3 21872]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-07 01:47:43 -------- d-----w- C:\Users\Bill Halliday\AppData\Roaming\OfficeSuiteX

2012-02-07 01:46:03 -------- d-----w- C:\Program Files (x86)\Office Suite X 3

2012-02-07 00:50:01 -------- d-----w- C:\Users\Bill Halliday\AppData\Local\I Want This

2012-02-07 00:49:59 -------- d-----w- C:\Program Files (x86)\I Want This

2012-02-04 21:56:50 -------- d-----w- C:\ProgramData\UAB

2012-02-04 21:56:45 -------- d-----w- C:\Users\Bill Halliday\AppData\Local\PC_Drivers_Headquarters

2012-02-04 21:56:32 -------- d-----w- C:\ProgramData\Driver Manager

2012-02-04 21:55:53 -------- d-----w- C:\Program Files (x86)\Driver Manager

2012-01-21 19:26:16 -------- d-----w- C:\ProgramData\Uniblue

2012-01-21 19:25:32 -------- d-----w- C:\Program Files (x86)\Uniblue

2012-01-12 23:20:55 -------- d-----w- C:\Users\Bill Halliday\AppData\Roaming\PCPro

2012-01-12 23:20:55 -------- d-----w- C:\Users\Bill Halliday\AppData\Roaming\PC Cleaners

2012-01-12 23:20:52 5276432 ----a-w- C:\Windows\uninst.exe

2012-01-12 23:20:51 -------- d-----w- C:\ProgramData\PC1Data

2012-01-11 18:56:47 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 18:56:47 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 18:56:47 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 18:56:47 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 18:56:45 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-11 18:56:45 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-11 18:56:44 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 18:56:44 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-09 15:35:14 -------- d-----w- C:\bf0935c20b7402b4141084109bc56671

2012-01-09 15:08:28 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

2012-01-09 15:08:07 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

2012-01-09 15:07:54 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

2012-01-09 15:07:30 108544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

2012-01-09 15:07:18 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-01-09 15:07:18 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-01-09 14:55:42 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2012-01-09 14:55:40 3145216 ----a-w- C:\Windows\System32\win32k.sys

2012-01-09 14:55:39 723456 ----a-w- C:\Windows\System32\EncDec.dll

2012-01-09 14:55:38 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2012-01-09 14:55:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-01-09 14:55:34 2048 ----a-w- C:\Windows\System32\tzres.dll

.

==================== Find3M ====================

.

2012-01-14 17:33:53 54008112 ----a-w- C:\Windows\System32\Omega.exe

2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 22:54:43.28 ===============

Link to post
Share on other sites

I apologize for sending the log files to your private forum. I did try to warn you that I feeling mentally foggy Today and I may not do things correctly.

Anyway, I downloaded the FixPolicy executable, ran it and ran then downloaded and ran the SecurityCheck executable, ran it and here is the results:

Bill

=======================

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 18

Java version out of date!

Adobe Flash Player 10.3.183.10 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (3.6.9) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Bill Halliday Downloads Computer Anti-Virus and Malware Detector\SecurityCheck.exe

IObit IObit Malware Fighter IMFsrv.exe

IObit IObit Malware Fighter IMF.exe

``````````End of Log````````````

Link to post
Share on other sites

IF you are not feeling 100%, we can put this off for later or tomorrow. What I'll be asking you to do needs careful following. Just let me know.

As I understand it, the Windows Firewall is disabled and Windows 7 Action Center is not all OK.

Please just take a look at Action Center displays. Use Windows-Start key, then Control Panel >> then choose Action Center.

In the Security line with down arrow ..... click on down arrow

Tell me what it shows for Network Firewall

& Virus protection

& Spyware protection

& User Account Control

does it show OK or ON or what ? reply for each of those, please

IF User Account Control is OFF, please click on Change settings, so you can turn it back ON.

Link to post
Share on other sites

To start a command prompt with elevated permissions, find the icon or Start menu entry that you use to start a command prompt session, right-click it, and then click Run as Administrator.

Once the command prompt window opens, type the following lines (in-turn) { You might also be able to highlight and Copy the commands from here, and paste into the command window} and press Enter-key

netsh advfirewall reset

netsh advfirewall set currentprofile state on

Now Exit the command window

Check on firewall status in Action Center

Link to post
Share on other sites

I got nothing but error messages:

Microsoft Windows [Version 6.1.7601]

Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>netsh advfirewall reset

An error occurred while attempting to contact the Windows Firewall service. Mak

e sure that the service is running and try your request again.

C:\Windows\system32>netsh advfirewall set currentprofile state on

An error occurred while attempting to contact the Windows Firewall service. Mak

e sure that the service is running and try your request again.

C:\Windows\system32>

Link to post
Share on other sites

Thanks for showing me how tro run a DOS program as Administrator, I ran DDS.exe as Administrator:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Bill Halliday at 18:45:05 on 2012-02-07

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8031.5998 [GMT -6:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\lxdjcoms.exe

C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe

C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Bill Halliday\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\TypeItIn\TypeItIn.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\taskmgr.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://my.yahoo.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll

BHO: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll

TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Bill Halliday\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"

dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe

StartupFolder: C:\Users\BILLHA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TypeItIn.lnk - C:\Program Files (x86)\TypeItIn\TypeItIn.exe

StartupFolder: C:\Users\BILLHA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\System32\taskmgr.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026}\037364851313030343235363 : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026}\34963736F673630313 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026}\34963736F683030333 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026}\662716E6369637 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026}\7756374756C6C633830343 : DhcpNameServer = 10.0.0.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll

BHO-X64: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll

BHO-X64: CrossriderApp0002258 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO-X64: Conduit Engine - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO-X64: Vuze Remote - No File

BHO-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll

TB-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

mRun-x64: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 53495

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko5.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko6.dll

FF - component: C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko7.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Bill Halliday\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Users\Bill Halliday\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: LibertyGuard: {9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC} - %profile%\extensions\{9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC}

FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: I Want This: crossriderapp2258@crossrider.com - %profile%\extensions\crossriderapp2258@crossrider.com

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - C:\Users\Bill Halliday\AppData\Roaming\NetAssistant

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-12-3 821592]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-6 652360]

R2 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-6-18 189984]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-23 2358656]

R2 VoicentGateway;Voicent Gateway;C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe [2011-9-5 1327168]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-12-3 21384]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-12-3 33184]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-9-18 328536]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-1 136176]

S2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-6-18 167424]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-1 136176]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-12-3 21872]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-07 18:55:44 607260 ------r- C:\dds.com

2012-02-07 01:47:43 -------- d-----w- C:\Users\Bill Halliday\AppData\Roaming\OfficeSuiteX

2012-02-07 01:46:03 -------- d-----w- C:\Program Files (x86)\Office Suite X 3

2012-02-07 00:50:01 -------- d-----w- C:\Users\Bill Halliday\AppData\Local\I Want This

2012-02-07 00:49:59 -------- d-----w- C:\Program Files (x86)\I Want This

2012-02-04 21:56:50 -------- d-----w- C:\ProgramData\UAB

2012-02-04 21:56:45 -------- d-----w- C:\Users\Bill Halliday\AppData\Local\PC_Drivers_Headquarters

2012-02-04 21:56:32 -------- d-----w- C:\ProgramData\Driver Manager

2012-02-04 21:55:53 -------- d-----w- C:\Program Files (x86)\Driver Manager

2012-01-21 19:26:16 -------- d-----w- C:\ProgramData\Uniblue

2012-01-21 19:25:32 -------- d-----w- C:\Program Files (x86)\Uniblue

2012-01-12 23:20:55 -------- d-----w- C:\Users\Bill Halliday\AppData\Roaming\PCPro

2012-01-12 23:20:55 -------- d-----w- C:\Users\Bill Halliday\AppData\Roaming\PC Cleaners

2012-01-12 23:20:52 5276432 ----a-w- C:\Windows\uninst.exe

2012-01-12 23:20:51 -------- d-----w- C:\ProgramData\PC1Data

2012-01-11 18:56:47 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 18:56:47 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 18:56:47 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 18:56:47 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 18:56:45 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-11 18:56:45 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-11 18:56:44 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 18:56:44 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-09 15:35:14 -------- d-----w- C:\bf0935c20b7402b4141084109bc56671

2012-01-09 15:08:28 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

2012-01-09 15:08:07 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

2012-01-09 15:07:54 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

2012-01-09 15:07:30 108544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

2012-01-09 15:07:18 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-01-09 15:07:18 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-01-09 14:55:42 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2012-01-09 14:55:40 3145216 ----a-w- C:\Windows\System32\win32k.sys

2012-01-09 14:55:39 723456 ----a-w- C:\Windows\System32\EncDec.dll

2012-01-09 14:55:38 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2012-01-09 14:55:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-01-09 14:55:34 2048 ----a-w- C:\Windows\System32\tzres.dll

.

==================== Find3M ====================

.

2012-01-14 17:33:53 54008112 ----a-w- C:\Windows\System32\Omega.exe

2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 18:47:39.89 ===============

.

ATTACH.TXT

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 3/11/2010 2:44:02 PM

System Uptime: 2/7/2012 6:24:24 PM (0 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz | N/A | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 141.575 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP279: 12/21/2011 11:34:43 AM - Installed Java 6 Update 22

RP280: 12/21/2011 11:35:39 AM - Installed OpenOffice.org 3.3

RP281: 12/29/2011 1:49:56 PM - Removed Avery Toolbar.

RP282: 12/29/2011 1:59:28 PM - Installed AVG 2012

RP283: 12/29/2011 2:00:06 PM - Installed AVG 2012

RP284: 12/29/2011 3:58:09 PM - Removed IObit Toolbar v4.9.

RP285: 12/29/2011 4:48:29 PM - Removed AVG 2012

RP286: 12/29/2011 4:50:29 PM - Removed AVG 2012

RP287: 12/31/2011 3:00:15 AM - Windows Update

RP288: 1/9/2012 7:47:33 AM - Restore Operation

RP290: 1/9/2012 8:07:29 AM - Windows Update

RP291: 1/9/2012 8:57:40 AM - Windows Update

RP292: 1/9/2012 9:10:27 AM - Removed IObit Toolbar v4.9.

RP293: 1/9/2012 10:11:26 AM - Removed eM Client

RP294: 1/9/2012 10:20:15 AM - 2012-01-09 After restoring of 2011-12-15 settings

RP295: 1/14/2012 8:46:48 AM - Windows Update

RP296: 2/4/2012 1:57:12 PM - Windows Update

RP297: 2/4/2012 3:55:28 PM - Installed Driver Manager.

RP298: 2/6/2012 7:09:58 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

RP299: 2/6/2012 7:45:41 PM - Installed Office Suite X 3.3

.

==== Installed Programs ======================

.

7-Zip 9.20

ABBYY FineReader 6.0 Sprint

Adobe Acrobat Connect Add-in

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader 9.5.0

Advanced SystemCare 4

Apple Application Support

Apple Software Update

ArcSoft WebCam Companion 2

Ask Toolbar

Auslogics Disk Defrag

Avery Wizard 3.1

Avery Wizard 4.0

AVS Update Manager 1.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.3

Belarc Advisor 7.2

Bing Bar

Bulk Mailer

CashSystemX

Conduit Engine

Driver Manager

EditPlus 3

Email Extractor

Email Verifier

ExamDiff 1.8 (Build 1.8.0.3)

FaxRedist

FileZilla Client 3.5.2

forexfreedom

Gimp

GIMP 2.6.11

Google Chrome

Google Earth

Google SketchUp 8

Google Update Helper

GoToMeeting 5.0.0.799

Hulu Desktop

I Want This

ieSpell

Interbank FX Trader 4.00

IObit Malware Fighter

Java Auto Updater

Java 6 Update 18

LG USB Modem driver

Live Email Autoresponder

Live TV

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Project MUI (English) 2007

Microsoft Office Project Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# 2.0 Redistributable Package

Mozilla Firefox (3.6.9)

MySQL Connector J

MySQL Connector Net 6.4.4

MySQL Installer

MySQL Workbench 5.2 CE

Net Extractor

NetAssistant

NetAssistant for Firefox

NetPicks Ultimate Swing Trader

Office Suite X 3.3

Oracle Trader 1.2.24

PCLinq2 High-Speed USB Bridge Cable

Picasa 3

Presto! Forms 3.50.02

Presto! PageManager 7.12.10

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Registry Life version 1.28

Screen Sharing Plug-in

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Click to Call

Skype™ 5.5

Smart Defrag 2

SnagIt 8

Software Success Bundle - NX/GS/AP

TeamViewer 6

The Weather Channel Screensaver

ThermaData Logger

TypeItIn Professional V2.8.1

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office Word 2007 (KB974631)

VAIO Care

VLC media player 0.9.8a

Voicent Gateway

Vuze

Vuze Remote Toolbar

Windows Media Player Firefox Plugin

WinSysClean X2

.

==== End Of File ===========================

Link to post
Share on other sites

Hello,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Right click my attachment & SAVE it. Save the ZIP file that I have attached to your Desktop.

Next, extract the contents to your Desktop.

It should have 2 files: BFE.reg & Firewall.reg

Right Click on each reg file (in turn) and do a MERGE

You may have to respond to UAC prompt.

Afterwards, recheck services and also Action Center for firewall and anti-virus status.

Link to post
Share on other sites

Hi Maurice,

I completed Step1 No error messages encountered. I looked into the ERUNT folder and didn't see any files that were as large (327,000KB) as the registry export I did. Is it hidden somewhere?

I completed Step2 of merging BFE and Firewall into the registry. I checked the registry and both sets of entries were there.

After turning UAC back on and rebooting, I check and the Security Center and Firewall issues remained unchanged.

Bill

Link to post
Share on other sites

The ERUNT is the preferred method of doing a registry backup.

I take it the merge of the two reg files went OK, as you mentioned. There is no need for you to look at Regedit, and I'd prefer if you would stay away from it, to be safest.

Can you get me a snapshot of screen from Action Center with the security block details.

Don't worry at this time, we'll get it squared away.

Link to post
Share on other sites

Close Outlook. You can bookmark this Topic in your browser.

Please only follow my directions. Do NOT make any changes on your system without checking with me first.

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for Oneoleguy only. If you are a casual viewer, do NOT try this on your system!

If you are not Oneoleguy and have a similar problem, do NOT post here; start your own topic

Step 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, Right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

IF none of those have succeeded, let's skip over this. In any event, proceed to step 5.

Step 2

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C: folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Re-Enable your Anti-Virus.

There will be lots more to do.

Reply with copy of TDSSKILLER log.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.