Jump to content

Hijacked Browsers and malware will not go away.


Recommended Posts

Hi. I was wondering if i could get some help with this. 2 of my browsers redirect on searches and have become very slow and stagnant. These hits on malware will not go away after cleaning.

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.01.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Micah L Mathis :: TROJANXHORSEACT [administrator]

12/1/2012 06:05:32

mbam-log-2012-12-01 (06-05-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213483

Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

DDS.txt

Attach.txt

Link to post
Share on other sites

  • Staff

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

Here it is. Thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012 (ATTENTION: FRST version is 8 days old)

Ran by SYSTEM at 01-12-2012 10:17:23

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [] [x]

HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [8312352 2009-11-02] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [x]

HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [x]

HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [x]

HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x]

HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [x]

HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [x]

HKLM\...\Run: [ThpSrv] "C:\windows\system32\thpsrv" /logon [x]

HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [709976 2009-11-05] (TOSHIBA Corporation)

HKLM\...\Run: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [x]

HKLM\...\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [x]

HKLM\...\Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [x]

HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x]

HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-07-19] (Intel® Corporation)

HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM-x32\...\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [x]

HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()

HKLM-x32\...\Run: [iAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [284696 2009-10-02] (Intel Corporation)

HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2009-11-21] (TOSHIBA CORPORATION.)

HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKU\Micah L Mathis\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-12-01] (Google Inc.)

HKU\Micah L Mathis\...\Run: [Google Update] "C:\Users\Micah L Mathis\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-12] (Google Inc.)

HKU\Micah L Mathis\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{91CEC3AD-FAD1-47E8-9225-72EC3A31E65A}: [NameServer]0.0.0.0

Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy Software Installer.lnk

ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy Software Installer.lnk

ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)

==================== Services (Whitelisted) ===================

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)

3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] ()

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)

3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)

3 RTL8187Se; C:\Windows\System32\Drivers\RTL8187Se.sys [427008 2009-06-10] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-01 10:16 - 2012-12-01 10:16 - 00000000 ____D C:\FRST

2012-12-01 07:50 - 2012-12-01 07:50 - 01461039 ____A (Farbar) C:\Users\Micah L Mathis\Downloads\FRST64.exe

2012-12-01 07:36 - 2012-12-01 07:43 - 00002331 ____A C:\Users\Micah L Mathis\Downloads\index.php.txt

2012-12-01 04:47 - 2012-12-01 04:47 - 00000146 ____A C:\Users\Micah L Mathis\Desktop\Virus.url

2012-12-01 03:56 - 2012-12-01 03:56 - 00023612 ____A C:\Users\Micah L Mathis\Desktop\DDS.txt

2012-12-01 03:55 - 2012-12-01 03:55 - 00010117 ____A C:\Users\Micah L Mathis\Desktop\Attach.txt

2012-11-27 15:53 - 2012-11-27 15:53 - 00006884 ____A C:\Users\Micah L Mathis\AppData\Local\PDLSetup.20121127.175303.txt

2012-11-26 02:58 - 2012-11-26 02:58 - 00000000 ____A C:\Users\Micah L Mathis\Documents\ts3_clientui-win64-1351504843-2012-11-26 04_58_26.096821.dmp

2012-11-25 14:51 - 2012-11-25 14:51 - 00006789 ____A C:\Users\Micah L Mathis\AppData\Local\PDLSetup.20121125.165134.txt

2012-11-23 22:02 - 2012-11-23 22:16 - 764790473 ____A C:\Users\Micah L Mathis\Desktop\_Episodes 5&6_ - Battlestar Galactica_ Blood & Chrome.mp4

2012-11-20 17:25 - 2012-11-20 17:25 - 23921701 ____A (Igor Pavlov) C:\Users\Micah L Mathis\Downloads\tor-browser-2.2.39-5_en-US.exe

2012-11-15 08:45 - 2012-11-15 08:45 - 00006791 ____A C:\Users\Micah L Mathis\AppData\Local\PDLSetup.20121115.104552.txt

2012-11-09 13:44 - 2012-11-09 13:51 - 401298517 ____A C:\Users\Micah L Mathis\Desktop\_Episode 2_ - Battlestar Galactica_ Blood and Chrome.mp4

2012-11-09 13:25 - 2012-11-09 13:34 - 492040389 ____A C:\Users\Micah L Mathis\Desktop\_Episode 1_ - Battlestar Galactica_ Blood and Chrome.mp4

2012-11-09 12:11 - 2012-11-09 12:11 - 00000000 ____D C:\Users\Micah L Mathis\Desktop\New folder

2012-11-03 17:59 - 2012-11-03 17:59 - 16450830 ____A C:\Users\Micah L Mathis\Desktop\Daren Bates' Nasty Stiff Arm.mp4

==================== One Month Modified Files and Folders =======

2012-12-01 10:16 - 2012-12-01 10:16 - 00000000 ____D C:\FRST

2012-12-01 08:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-01 08:04 - 2009-07-13 20:51 - 00153072 ____A C:\Windows\setupact.log

2012-12-01 07:52 - 2011-12-12 18:03 - 00000000 ____D C:\Users\Micah L Mathis\AppData\Roaming\TS3Client

2012-12-01 07:50 - 2012-12-01 07:50 - 01461039 ____A (Farbar) C:\Users\Micah L Mathis\Downloads\FRST64.exe

2012-12-01 07:50 - 2011-12-29 09:49 - 00787590 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-01 07:43 - 2012-12-01 07:36 - 00002331 ____A C:\Users\Micah L Mathis\Downloads\index.php.txt

2012-12-01 07:18 - 2010-08-23 10:37 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-12-01 07:11 - 2012-07-03 05:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-12-01 07:06 - 2011-12-12 16:40 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-892447014-2351559839-3818858411-1000UA.job

2012-12-01 07:06 - 2011-12-12 16:40 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-892447014-2351559839-3818858411-1000Core.job

2012-12-01 04:58 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-01 04:58 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-01 04:57 - 2010-08-23 10:37 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-12-01 04:49 - 2009-12-01 19:00 - 00373438 ____A C:\Windows\PFRO.log

2012-12-01 04:47 - 2012-12-01 04:47 - 00000146 ____A C:\Users\Micah L Mathis\Desktop\Virus.url

2012-12-01 03:58 - 2012-01-06 04:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-01 03:56 - 2012-12-01 03:56 - 00023612 ____A C:\Users\Micah L Mathis\Desktop\DDS.txt

2012-12-01 03:56 - 2012-01-22 20:55 - 00000000 ____D C:\Users\Micah L Mathis\AppData\Roaming\Skype

2012-12-01 03:55 - 2012-12-01 03:55 - 00010117 ____A C:\Users\Micah L Mathis\Desktop\Attach.txt

2012-11-28 20:40 - 2012-03-05 21:44 - 00000000 ____D C:\Program Files (x86)\Steam

2012-11-28 18:27 - 2011-12-15 20:47 - 00000000 ____D C:\Users\Micah L Mathis\AppData\Roaming\Mumble

2012-11-27 18:09 - 2012-03-22 04:43 - 00000000 ____D C:\Users\Micah L Mathis\AppData\Roaming\vlc

2012-11-27 15:53 - 2012-11-27 15:53 - 00006884 ____A C:\Users\Micah L Mathis\AppData\Local\PDLSetup.20121127.175303.txt

2012-11-26 03:13 - 2010-08-22 14:43 - 00000000 ____D C:\Users\Micah L Mathis\Documents\Outlook Files

2012-11-26 02:58 - 2012-11-26 02:58 - 00000000 ____A C:\Users\Micah L Mathis\Documents\ts3_clientui-win64-1351504843-2012-11-26 04_58_26.096821.dmp

2012-11-25 14:51 - 2012-11-25 14:51 - 00006789 ____A C:\Users\Micah L Mathis\AppData\Local\PDLSetup.20121125.165134.txt

2012-11-23 22:16 - 2012-11-23 22:02 - 764790473 ____A C:\Users\Micah L Mathis\Desktop\_Episodes 5&6_ - Battlestar Galactica_ Blood & Chrome.mp4

2012-11-20 17:25 - 2012-11-20 17:25 - 23921701 ____A (Igor Pavlov) C:\Users\Micah L Mathis\Downloads\tor-browser-2.2.39-5_en-US.exe

2012-11-20 11:35 - 2009-12-01 18:51 - 00000000 ____D C:\Users\All Users\Adobe

2012-11-20 10:56 - 2012-04-14 01:28 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-11-20 10:56 - 2011-07-07 16:41 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-11-15 08:45 - 2012-11-15 08:45 - 00006791 ____A C:\Users\Micah L Mathis\AppData\Local\PDLSetup.20121115.104552.txt

2012-11-11 10:13 - 2012-08-30 06:00 - 00000000 ____D C:\Users\Micah L Mathis\Desktop\The Fall Of Hyperion

2012-11-09 13:51 - 2012-11-09 13:44 - 401298517 ____A C:\Users\Micah L Mathis\Desktop\_Episode 2_ - Battlestar Galactica_ Blood and Chrome.mp4

2012-11-09 13:34 - 2012-11-09 13:25 - 492040389 ____A C:\Users\Micah L Mathis\Desktop\_Episode 1_ - Battlestar Galactica_ Blood and Chrome.mp4

2012-11-09 12:11 - 2012-11-09 12:11 - 00000000 ____D C:\Users\Micah L Mathis\Desktop\New folder

2012-11-08 13:52 - 2012-01-20 09:40 - 00000000 ____D C:\Users\Micah L Mathis\Desktop\battlestar galactica

2012-11-05 04:47 - 2012-05-09 07:26 - 00000000 ____D C:\Users\Micah L Mathis\Desktop\Hyperion

2012-11-03 17:59 - 2012-11-03 17:59 - 16450830 ____A C:\Users\Micah L Mathis\Desktop\Daren Bates' Nasty Stiff Arm.mp4

ZeroAccess:

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\@

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\L

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\U

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\L\00000004.@

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\L\201d3dde

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\L\4cce1f70

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\L\55490ac4

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\U\00000004.@

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\U\00000008.@

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\U\000000cb.@

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\U\80000000.@

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\U\80000032.@

C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:

C:\Users\Micah L Mathis\AppData\Local\{8c7abcee-489c-da28-bb7b-297551f70b34}

C:\Users\Micah L Mathis\AppData\Local\{8c7abcee-489c-da28-bb7b-297551f70b34}\@

C:\Users\Micah L Mathis\AppData\Local\{8c7abcee-489c-da28-bb7b-297551f70b34}\L

C:\Users\Micah L Mathis\AppData\Local\{8c7abcee-489c-da28-bb7b-297551f70b34}\U

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-25 02:16:33

==================== Memory info ===========================

Percentage of memory in use: 14%

Total physical RAM: 3894.78 MB

Available physical RAM: 3323.61 MB

Total Pagefile: 3892.93 MB

Available Pagefile: 3314.47 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (TI105512W0E) (Fixed) (Total:456.78 GB) (Free:59.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive f: (USB20FD) (Removable) (Total:3.8 GB) (Free:3.79 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 3894 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 1500 MB 1024 KB

Partition 2 Primary 456 GB 1501 MB

Partition 3 Primary 7701 MB 458 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C TI105512W0E NTFS Partition 456 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 17 (Suspicious Type)

Hidden: Yes

Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3894 MB 28 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F USB20FD FAT32 Removable 3894 MB Healthy

=========================================================

Last Boot: 2012-11-25 02:09

==================== End Of Log =============================

FRST.txt

Link to post
Share on other sites

  • Staff

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [] [x]
C:\Windows\Installer\{8c7abcee-489c-da28-bb7b-297551f70b34}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Micah L Mathis\AppData\Local\{8c7abcee-489c-da28-bb7b-297551f70b34}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

NEXT

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

  • Staff

Please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

NEXT

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Link to post
Share on other sites

  • Staff

please try this:

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC

Capture.gif

On the the Start Repairs tab => Click the Start

7fthj.png

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Link to post
Share on other sites

  • Staff
Browsers still hanging

allow all the windows updates to complete, then test out the browsers and tell me in as much detail as possible what is still occurring

does it happen in all browsers

run TFC, let me know if that makes a difference

Temp File Cleaner

Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.