Jump to content

0,0 DNS Error and can't update


Recommended Posts

My son has definitely downloaded something nasty, and I can not for the life of me fix this. I have malware bytes installed and as usual started his PC in safemode with networking, went to update and got the 0,0 DDS error. Only internet explorer will work and nothing else though all other computers are running fine on chrome. So I have tried rkill, uninstalling and reinstalling, and everything else I have found on here. I am computer retarded so you will have to be patient with me:)

Here are his logs I was instructed to download and save pertaining to the DDS. I have no clue what they mean so please be overly specific if you see anything I can fix:)

DDS (Ver_2012-11-07.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16450

Run by nate at 11:40:34 on 2012-11-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.3221 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y

mStart Page = hxxp://home.sweetim.com/?crg=3.17010003&st=12&barid={39B86AFA-D117-4302-BDE2-37E0F29EAB60}

uProxyOverride = <local>

mWinlogon: Userinit = userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [Google Update] "C:\Users\nate\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Cbox] C:\Program Files (x86)\Cbox\Cbox

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\windows\System32\Sendori.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{C3D7410D-AECD-44D4-A084-6129F6BA0CF7} : DHCPNameServer = 50.40.0.50

TCP: Interfaces\{EF837C08-8FE1-47D6-A413-69A38A90D030} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{EF837C08-8FE1-47D6-A413-69A38A90D030}\4416E69656C6C656D275962756C6563737 : NameServer = 192.168.1.1

TCP: Interfaces\{EF837C08-8FE1-47D6-A413-69A38A90D030}\4416E69656C6C656D275962756C6563737 : DHCPNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://start.toshiba.com/

x64-mDefault_Page_URL = hxxp://start.toshiba.com/

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe

x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r

x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]

R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-4-16 1109096]

S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-4-16 123320]

S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-4-16 126392]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-16 2656280]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-4-16 38096]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-4-16 250984]

S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-4-16 307304]

S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-4-16 57216]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]

S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-13 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-11 15:26:25 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-11-11 15:26:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-11 14:28:36 -------- d-----w- C:\Users\nate\AppData\Roaming\Malwarebytes

2012-11-11 14:28:29 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-11 14:05:18 -------- d-----w- C:\Users\nate\AppData\Local\Diagnostics

2012-11-11 01:44:13 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4029FBAA-977E-4816-9B32-FF034EF0B5B1}\mpengine.dll

2012-11-10 01:13:48 -------- d--h--w- C:\Users\nate\AppData\Local\Cbox

2012-11-10 01:12:48 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2012-11-10 01:12:48 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2012-11-10 01:12:43 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-11-10 01:11:57 -------- d-----w- C:\Program Files (x86)\Yahoo!

2012-11-09 22:29:27 -------- d-----w- C:\Users\nate\AppData\Local\Adobe

2012-11-09 22:26:19 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-09 22:11:39 -------- d-----w- C:\Users\nate\AppData\Roaming\.techniclauncher

2012-11-06 02:56:14 -------- d--h--w- C:\ProgramData\Common Files

2012-11-04 23:14:04 -------- d-----w- C:\ProgramData\PopCapY

2012-11-04 23:14:04 -------- d-----w- C:\ProgramData\PopCap Games

2012-11-04 23:14:04 -------- d-----w- C:\Program Files (x86)\PopCap Games

2012-11-03 00:32:08 -------- d-----w- C:\Users\nate\AppData\Roaming\Namco

2012-11-03 00:32:05 -------- d-----w- C:\Program Files (x86)\Pacman

2012-11-03 00:31:57 -------- d-----w- C:\Program Files (x86)\Common Files\Pacman

2012-10-21 01:51:07 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63DC9507-85A0-42DB-A12C-921B4B18BF68}\gapaengine.dll

.

==================== Find3M ====================

.

2012-10-09 11:27:43 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 11:27:42 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys

2012-08-31 02:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys

2012-08-31 02:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe

2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 11:40:59.09 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/29/2012 12:09:22 PM

System Uptime: 11/11/2012 10:22:17 AM (1 hours ago)

.

Motherboard: Intel Corp. | | Base Board Product Name

Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU1 | 2294/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 450 GiB total, 405.032 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP46: 10/27/2012 8:03:41 AM - Windows Update

RP47: 10/30/2012 10:39:29 AM - Windows Update

RP48: 11/2/2012 9:26:19 PM - Windows Update

RP49: 11/5/2012 9:19:37 PM - Removed SweetIM for Messenger 3.7

RP50: 11/5/2012 9:21:11 PM - Removed SweetPacks bundle uninstaller

RP51: 11/5/2012 9:51:22 PM - Removed SweetPacks bundle uninstaller

RP52: 11/6/2012 1:28:53 PM - Windows Update

RP53: 11/9/2012 5:25:54 PM - Windows Update

RP54: 11/10/2012 4:28:27 PM - Removed Update Manager for SweetPacks 1.1

RP55: 11/10/2012 4:38:53 PM - Removed Internet Explorer Toolbar 4.6 by SweetPacks

RP56: 11/10/2012 4:41:36 PM - Removed Label@Once 1.0.

RP57: 11/10/2012 4:42:20 PM - Removed PlayReady PC Runtime x86

RP58: 11/10/2012 4:43:07 PM - Removed Skype Launcher

RP59: 11/10/2012 4:43:28 PM - Removed Toshiba Book Place.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X MUI

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Bejeweled 3

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Conexant HD Audio

D3DX10

FATE - The Traitor Soul

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java 7 Update 5 (64-bit)

Junk Mail filter update

Letters from Nowhere 2

Malwarebytes Anti-Malware version 1.65.1.1000

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

Netwaiting

Pacman (remove only)

Penguins!

Pirate101

Plants vs. Zombies

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime amd64

Polar Bowler

Realtek USB 2.0 Reader Driver

Realtek WLAN Driver

RollerCoaster Tycoon 3: Platinum

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Synaptics Pointing Device Driver

Tales of Lagoona

Toshiba App Place

TOSHIBA Application Installer

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA Disc Creator

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Laptop Checkup

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

Toshiba Online Backup

TOSHIBA PC Health Monitor

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Service Station

TOSHIBA Sleep Utility

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBARegistration

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

Virtual Villagers 4 - The Tree of Life

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wizard101

Yahoo! Detect

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

11/9/2012 8:12:53 PM, Error: Service Control Manager [7030] - The CboxUpdater service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/9/2012 8:12:25 PM, Error: Service Control Manager [7030] - The PCUnzipUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/9/2012 8:12:16 PM, Error: Service Control Manager [7030] - The FreeOnlineConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/11/2012 10:22:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/11/2012 10:22:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/11/2012 10:22:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/11/2012 10:22:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/11/2012 10:22:41 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

11/10/2012 4:40:08 PM, Error: Service Control Manager [7034] - The PCUnzipUpdt service terminated unexpectedly. It has done this 1 time(s).

11/10/2012 4:32:42 PM, Error: Service Control Manager [7034] - The FreeOnlineConverterUpdt service terminated unexpectedly. It has done this 1 time(s).

11/10/2012 4:27:25 PM, Error: Service Control Manager [7034] - The CboxUpdater service terminated unexpectedly. It has done this 1 time(s).

11/10/2012 10:31:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

Hope this is right, lol

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : nate [Admin rights]

Mode : Scan -- Date : 11/11/2012 12:10:50

¤¤¤ Bad processes : 1 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++

--- User ---

[MBR] 7f79cb000448030f522d37fdcf96dd4d

[bSP] 7baa029788e9cf5e28b7bc72b87ad807 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 460413 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 945999872 | Size: 15026 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11112012_02d1210.txt >>

RKreport[1]_S_11112012_02d1210.txt

Link to post
Share on other sites

Yes that's right.............

Please create a new system restore point before running Malwarebytes Anti-Malware.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

OK, we're not done yet.....

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 14:23:29

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : nate - NATE-PC

# Boot Mode : Normal

# Running from : C:\Users\nate\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\nate\AppData\Local\Temp\Uninstall.exe

Folder Found : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Folder Found : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Software

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.17010003&st=12&barid={39B86AFA-D117-4302-BDE2-37E0F29EAB60}

-\\ Google Chrome v [unable to get version]

File : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2248 octets] - [11/11/2012 14:23:29]

########## EOF - C:\AdwCleaner[R1].txt - [2308 octets] ##########

Link to post
Share on other sites

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

~~~~~~~~~~~~~~~~~~~~~~

Then.............

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 15:32:59

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : nate - NATE-PC

# Boot Mode : Normal

# Running from : C:\Users\nate\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\nate\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Folder Deleted : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Software

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.17010003&st=12&barid={39B86AFA-D117-4302-BDE2-37E0F29EAB60} --> hxxp://www.google.com

-\\ Google Chrome v [unable to get version]

File : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2371 octets] - [11/11/2012 14:23:29]

AdwCleaner[R2].txt - [2431 octets] - [11/11/2012 15:31:56]

AdwCleaner[s1].txt - [2437 octets] - [11/11/2012 15:32:59]

########## EOF - C:\AdwCleaner[s1].txt - [2497 octets] ##########

Link to post
Share on other sites

What about this scan????

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.54

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Flash Player 11.4.402.287

Google Chrome 23.0.1271.64

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.