Jump to content

Recommended Posts

Got this "critical hdd errors" virus. Killed the active part of it to allow the system to run hopfully enough to now get it clean up.

Turned hidden and system files to view to be able to see many of the files it hid. Ran Malwarebytes and it found and cleaned 2 items.

Manually deleted random Registry entry from run sections.

System is a Laptop running windows 7 starter

Thank youfor any help you can give to clean this up.

Here are the logs

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Sarah at 1:07:24 on 2012-09-10

Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2037.799 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Acer\Registration\GREGsvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Launch Manager\LMworker.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Windows\explorer.exe

C:\Windows\regedit.exe

C:\Program Files\Malwarebytes' Anti-Malware2\mbam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [Facebook Update] "c:\users\sarah\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [spotify Web Helper] rem "c:\users\sarah\appdata\roaming\spotify\data\SpotifyWebHelper.exe"

uRun: [Pc2Phone-BC] "c:\program files\java\jre6\bin\javaw.exe" -jar "c:\users\sarah\bananacall pc-2-phone\launcher.jar"

uRun: [Woakopgyo] c:\users\sarah\appdata\roaming\nyfe\lasio.exe

mRun: [suiteTray] rem "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"

mRun: [EgisUpdate] rem "c:\program files\egistec ips\EgisUpdate.exe" -d

mRun: [EgisTecPMMUpdate] rem "c:\program files\egistec ips\PmmUpdate.exe"

mRun: [mwlDaemon] rem c:\program files\egistec mywinlocker\x86\mwlDaemon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [LManager] c:\program files\launch manager\LManager.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware2\mbamgui.exe /install /silent

StartupFolder: c:\users\sarah\appdata\roaming\micros~1\windows\startm~1\programs\startup\_uninst_.lnk - c:\users\sarah\appdata\local\temp\_uninst_.bat

uPolicies-explorer: HideSCAHealth = 1 (0x1)

uPolicies-explorer: NoChangeStartMenu = 1 (0x1)

uPolicies-explorer: NoClose = 1 (0x1)

uPolicies-explorer: NoLogOff = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

Trusted Zone: myitlab.com

Trusted Zone: pearsoncmg.com

Trusted Zone: pearsoned.com

Trusted Zone: pearsoned.com\myitlab

Trusted Zone: researchnavigator.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{3FA59B61-A669-4A3F-8449-5EC2A2FC7F82} : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{3FA59B61-A669-4A3F-8449-5EC2A2FC7F82}\14A505F6775627 : DhcpNameServer = 10.128.128.128

TCP: Interfaces\{F433C961-DA20-4C9D-A7EB-CBC403AE569F} : DhcpNameServer = 192.168.15.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\xxiosi4q.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110808&q=

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\sarah\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\xxiosi4q.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]

R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]

R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]

R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2011-1-11 321104]

R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2011-2-17 735776]

R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]

R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-27 6656]

R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2011-1-11 260640]

R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2011-1-11 243232]

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-18 9216]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-1-11 68208]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-9 40776]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-27 250568]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2011-1-11 82768]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-7-14 112128]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-6 113120]

S3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-5-26 305520]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-21 52224]

.

=============== Created Last 30 ================

.

2012-09-10 07:40:25 -------- d-----w- c:\programdata\Bad

2012-09-10 07:11:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2012-09-10 06:50:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-09-10 06:40:38 56200 ---ha-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1c35d942-3b5b-4449-a4e0-703a03b8c4f6}\offreg.dll

2012-09-10 06:10:43 746724 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-09-09 18:22:19 7022536 ---ha-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1c35d942-3b5b-4449-a4e0-703a03b8c4f6}\mpengine.dll

2012-09-08 02:28:08 7022536 ---h--w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-27 20:01:09 -------- d--h--w- c:\users\sarah\appdata\local\{8FA6077B-9793-4D1A-AC8D-AEAD5CC5A44F}

2012-08-27 18:08:03 -------- d--h--w- c:\users\sarah\appdata\local\{C306D95C-417C-4AD2-802F-D9A56853AABA}

2012-08-27 14:52:22 -------- d--h--w- c:\windows\system32\Adobe

2012-08-27 14:08:55 -------- d--h--w- c:\users\sarah\appdata\local\Pearson Education

2012-08-27 14:05:59 -------- d--h--w- c:\program files\MyITLab

2012-08-27 14:05:49 -------- d--h--w- c:\program files\Pearson Education

2012-08-27 14:05:17 -------- d--h--w- c:\programdata\myitlab2010

2012-08-27 06:15:59 683801 ---ha-w- c:\windows\unins000.exe

2012-08-27 06:15:59 578192 ---ha-w- c:\windows\system32\stub.ocx

2012-08-20 10:04:45 393728 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-20 10:03:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-20 10:03:05 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll

2012-08-20 10:03:05 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll

2012-08-20 10:03:04 194048 ----a-w- c:\program files\internet explorer\IEShims.dll

2012-08-20 10:03:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-20 10:02:59 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-20 10:02:58 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-20 10:02:56 748664 ----a-w- c:\program files\internet explorer\iexplore.exe

2012-08-20 10:02:55 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll

2012-08-20 10:02:54 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll

2012-08-20 10:02:53 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-18 21:20:19 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-18 21:20:16 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-08-18 21:20:14 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-18 21:20:13 317440 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-18 21:20:07 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-18 21:20:06 41984 ----a-w- c:\windows\system32\browcli.dll

2012-08-18 21:20:04 769024 ----a-w- c:\windows\system32\localspl.dll

2012-08-13 16:34:08 -------- d--h--w- c:\users\sarah\appdata\roaming\Ofomi

2012-08-13 16:34:08 -------- d--h--w- c:\users\sarah\appdata\roaming\Nyfe

2012-08-13 16:34:08 -------- d--h--w- c:\users\sarah\appdata\roaming\Dyarn

.

==================== Find3M ====================

.

2012-08-27 14:47:39 696520 ---ha-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-27 14:47:38 73416 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 1:09:51.75 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume2

Install Date: 5/21/2011 3:41:23 PM

System Uptime: 9/9/2012 11:38:24 PM (2 hours ago)

.

Motherboard: Acer | | JE02_PT_E

Processor: Intel® Atom CPU N455 @ 1.66GHz | CPU | 1666/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 136 GiB total, 77.591 GiB free.

D: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP155: 8/18/2012 2:29:48 PM - Windows Update

RP156: 8/20/2012 3:00:28 AM - Windows Update

RP157: 8/23/2012 11:01:07 AM - Windows Update

RP158: 8/27/2012 7:04:35 AM - Installed MyITLab

RP159: 8/27/2012 10:46:15 AM - Windows Update

RP160: 8/30/2012 3:50:32 PM - Windows Update

RP161: 9/3/2012 2:22:19 AM - Windows Update

RP162: 9/5/2012 10:04:58 AM - Windows Update

RP163: 9/9/2012 11:20:57 AM - Windows Update

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Acer Crystal Eye webcam

Acer ePower Management

Acer eRecovery Management

Acer Registration

Acer ScreenSaver

Acer Updater

Acer VCM

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2 MUI

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

BananaCall PC-2-Phone (remove only)

Bonjour

Codecv

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DivX Setup

doubleTwist

ENE USB Card Reader Driver

eSobi v2

Facebook Video Calling 1.2.0.159

ffdshow [rev 2527] [2008-12-19]

Identity Card

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

iTunes

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Launch Manager

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MyITLab

MyITLab ActiveX Installer 2, 9, 8, 65535

MyWinLocker

MyWinLocker Suite

QuickTime

Realtek High Definition Audio Driver

Respondus LockDown Browser

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Shredder

Skype™ 5.10

Spotify

SpywareBlaster 4.6

SUPERAntiSpyware

swMSM

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

VLC media player 1.1.9

Vodafone Mobile Connect Lite

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

9/9/2012 5:04:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

9/9/2012 11:39:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

9/9/2012 11:38:43 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.

9/9/2012 10:08:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

9/7/2012 7:16:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

9/7/2012 12:38:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

9/4/2012 8:17:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

9/4/2012 2:55:19 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3FA59B61-A669-4A3F-8449-5EC2A2FC7F82} because another computer on the network has the same name. The server could not start.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Sarah [Admin rights]

Mode : Scan -- Date : 09/10/2012 15:31:14

¤¤¤ Bad processes : 1 ¤¤¤

[sVCHOST] svchost.exe -- -> KILLED [TermThr]

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Woakopgyo (C:\Users\Sarah\AppData\Roaming\Nyfe\lasio.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1126507059-1493332292-2624287968-1000[...]\Run : Woakopgyo (C:\Users\Sarah\AppData\Roaming\Nyfe\lasio.exe) -> FOUND

[sTARTUP][sUSP PATH] _uninst_.lnk @Sarah : C:\Users\Sarah\AppData\Local\Temp\_uninst_.bat -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++

--- User ---

[MBR] c5f95bfc3f411e03586963087946ca5b

[bSP] 9c542d6a42531d02dbda65bf23f797c9 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 139213 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKCU\[...]\Run : Woakopgyo (C:\Users\Sarah\AppData\Roaming\Nyfe\lasio.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1126507059-1493332292-2624287968-1000[...]\Run : Woakopgyo (C:\Users\Sarah\AppData\Roaming\Nyfe\lasio.exe) -> FOUND

[sTARTUP][sUSP PATH] _uninst_.lnk @Sarah : C:\Users\Sarah\AppData\Local\Temp\_uninst_.bat -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~~

Next click on the Processes tab and put a check next to these and uncheck the rest. (if found)

[sVCHOST] svchost.exe -- -> KILLED [TermThr]

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~~

Next.......

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Please create a new system restore point before you run ComboFix.

If after running ComboFix you can't connect to the internet, please use that system restore point and that will correct the problem.

~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-09-10.04 - Sarah 09/10/2012 17:55:12.1.2 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2037.1122 [GMT -7:00]

Running from: c:\users\Sarah\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Codecv

c:\programdata\Codecv\background.html

c:\programdata\Codecv\content.js

c:\programdata\Codecv\data\content.js

c:\programdata\Codecv\data\jsondb.js

c:\programdata\Codecv\ejenkilffmbcojclmjjgbdngjlckdkid.crx

c:\programdata\Codecv\settings.ini

c:\programdata\Codecv\uninstall.exe

c:\users\Sarah\AppData\Roaming\Nyfe

c:\users\Sarah\AppData\Roaming\Nyfe\lasio.exe

.

----- File Replicators -----

.

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\Sarah\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe

c:\documents and settings\Sarah\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe

c:\documents and settings\Sarah\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Facebook\Update\FacebookUpdate.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-08-11 to 2012-09-11 )))))))))))))))))))))))))))))))

.

.

2012-09-11 01:11 . 2012-09-11 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-10 23:05 . 2012-09-10 23:05 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{581A98C3-797C-4F75-A3D3-E33D638AD797}\MpKsl6378f7a4.sys

2012-09-10 18:22 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{581A98C3-797C-4F75-A3D3-E33D638AD797}\mpengine.dll

2012-09-10 11:37 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-10 07:40 . 2012-09-10 18:52 -------- d-----w- c:\programdata\Bad

2012-09-10 07:11 . 2012-09-10 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2012-08-27 14:52 . 2012-09-10 11:35 -------- d-----w- c:\windows\system32\Adobe

2012-08-27 14:08 . 2012-08-27 14:08 -------- d--h--w- c:\users\Sarah\AppData\Local\Pearson Education

2012-08-27 14:05 . 2012-09-10 11:33 -------- d-----w- c:\program files\MyITLab

2012-08-27 14:05 . 2012-09-10 11:33 -------- d-----w- c:\program files\Pearson Education

2012-08-27 14:05 . 2012-09-10 11:33 -------- d-----w- c:\programdata\myitlab2010

2012-08-27 06:15 . 2012-08-27 14:06 683801 ----a-w- c:\windows\unins000.exe

2012-08-27 06:15 . 2009-07-06 17:43 578192 ----a-w- c:\windows\system32\stub.ocx

2012-08-20 10:04 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-20 10:03 . 2012-06-29 00:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-20 10:03 . 2012-06-29 01:00 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-08-20 10:03 . 2012-06-29 00:06 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2012-08-20 10:03 . 2012-06-29 00:06 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-08-20 10:03 . 2012-06-29 00:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-20 10:02 . 2012-06-29 00:09 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-20 10:02 . 2012-06-29 00:16 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-20 10:02 . 2012-06-29 01:00 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-08-20 10:02 . 2012-06-29 00:10 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-08-20 10:02 . 2012-06-29 00:10 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-08-20 10:02 . 2012-06-29 00:08 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-18 21:20 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-18 21:20 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-08-18 21:20 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-18 21:20 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-18 21:20 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-18 21:20 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll

2012-08-18 21:20 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll

2012-08-13 16:34 . 2012-09-10 23:22 -------- d--h--w- c:\users\Sarah\AppData\Roaming\Ofomi

2012-08-13 16:34 . 2012-08-13 16:34 -------- d--h--w- c:\users\Sarah\AppData\Roaming\Dyarn

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-08 00:04 . 2011-05-21 23:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-27 14:47 . 2012-04-15 07:20 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-27 14:47 . 2011-05-23 05:02 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-06 01:27 . 2012-09-10 19:55 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 03:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-03 1193176]

"Pc2Phone-BC"="c:\program files\Java\jre6\bin\javaw.exe" [2012-03-22 149280]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="rem" [X]

"EgisUpdate"="rem" [X]

"EgisTecPMMUpdate"="rem" [X]

"mwlDaemon"="rem" [X]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 715296]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-19 2412032]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-1-11 704104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeStartMenu"= 1 (0x1)

"NoLogOff"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

S1 MpKsl6378f7a4;MpKsl6378f7a4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{581A98C3-797C-4F75-A3D3-E33D638AD797}\MpKsl6378f7a4.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]

S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 50203035

*NewlyCreated* - 64271388

*NewlyCreated* - MPKSL6378F7A4

*Deregistered* - 50203035

*Deregistered* - 64271388

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 14:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://acer.msn.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

Trusted Zone: myitlab.com

Trusted Zone: pearsoncmg.com

Trusted Zone: pearsoned.com

Trusted Zone: pearsoned.com\myitlab

Trusted Zone: researchnavigator.com

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xxiosi4q.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110808&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-Facebook Update - c:\users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe

HKCU-Run-Woakopgyo - c:\users\Sarah\AppData\Roaming\Nyfe\lasio.exe

SafeBoot-50203035.sys

AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1126507059-1493332292-2624287968-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1126507059-1493332292-2624287968-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-09-10 18:18:22

ComboFix-quarantined-files.txt 2012-09-11 01:18

.

Pre-Run: 82,547,863,552 bytes free

Post-Run: 83,302,182,912 bytes free

.

- - End Of File - - 884198CE90550122CFA8BCC3CEFABC6D

Link to post
Share on other sites

Possibly from daughters school, but can go away if there is any question lets dump them.

Well check with your daughter first, they're folders with odd names > I don't see any malware running out of them but if you don't recognize I would delete them.

~~~~~~~~~~~~~~~~~~~~~~~~~

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Computer seems to be running very well.

MBAM report to follow.

Thank you very much for all your help.

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.11.09

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Sarah :: 1453-SS-PC [administrator]

9/11/2012 7:46:49 PM

mbam-log-2012-09-11 (19-46-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 195115

Time elapsed: 13 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great!

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.50

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

SpywareBlaster 4.6

SUPERAntiSpyware

Malwarebytes Anti-Malware version 1.65.0.1400

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 11.4.402.265

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (15.0.1)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Java™ 6 Update 31 <---uninstall from add/remove programs

Java version out of Date! <---download and install the latest version

Adobe Flash Player 11.4.402.265

Adobe Reader 9 Adobe Reader out of Date! <---please update

You have out dated programs on the system which are vulnerable to malware.

Please update or delete them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.