Jump to content

Norton doesn't work, Google Chrome doesn't work, MBAM won't update...help!


Recommended Posts

Hi All

 

Sorry, I am new here & I am very stuck.

 

I discovered on Saturday morning that someone had gotten access to my Paypal and removed around $400 from my account...from here a big can of worms opened including...

 

Google Chrome not working

Norton 360 not opening

People receiving links on twitter from me

Unable to restart my computer (only works if I hold the power off button but this is not a proper restart)

 

I got my brother on Team Viewer 6 to try and help me but to no avail

 

Yesterday malwarebytes told me I had 4 threats, today it says none. I am scared they have cloaked themselves as I still cannot do the malwarebytes update...

 

Google Chrome gets stuck at the installing point (I uninstalled it in the hope of being able to reinstall)

 

Can someone please help me? I think my brother also downloaded CleanerCC (sp?)

 

Thanks in advance for any help you can give

 

 

Helen

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16537
Run by Daisy at 20:39:54 on 2013-08-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2934.2078 [GMT 1:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mwarebits.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\Daisy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [spotify Web Helper] "C:\Users\Daisy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm



TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{22C27D0C-1BE4-4324-AE08-738D89E57A3D} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{22C27D0C-1BE4-4324-AE08-738D89E57A3D}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{22C27D0C-1BE4-4324-AE08-738D89E57A3D}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm


x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daisy\AppData\Roaming\Mozilla\Firefox\Profiles\5j9du07i.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Daisy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1403010.016\symds64.sys [2013-4-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1403010.016\symefa64.sys [2013-4-16 1139800]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-11-4 1813056]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-22 1387608]
S1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys [2013-4-16 168096]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130412.001\IDSviA64.sys [2013-4-13 513184]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1403010.016\ironx64.sys [2013-4-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys [2013-4-16 432800]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-4 98208]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-11-4 677128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-19 103992]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-4 13336]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-26 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-26 701512]
S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccsvchst.exe [2013-4-16 144520]
S2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-17 2337144]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-4 2320920]
S3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-11-4 4181256]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-11-4 1096968]
S3 BTMCOM;Bluetooth Serial Port;C:\Windows\System32\drivers\btmcom.sys [2010-11-4 52736]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\System32\drivers\btmusb.sys [2010-11-4 3232768]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-4 1028096]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-26 25928]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-4 225280]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-4 333928]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-17 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-17 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-08-26 16:58:07 -------- d-----w- C:\Program Files\CCleaner
2013-08-26 16:57:46 -------- d-----w- C:\Program Files\SafeSearch
2013-08-26 16:55:33 -------- d-----w- C:\Users\Daisy\AppData\Roaming\TeamViewer
2013-08-26 14:08:15 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-26 13:55:43 -------- d-----w- C:\Users\Daisy\AppData\Roaming\Malwarebytes
2013-08-26 13:55:33 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-26 13:55:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-26 13:55:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-26 13:55:10 -------- d-----w- C:\Users\Daisy\AppData\Local\Programs
2013-08-26 08:37:16 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-26 08:37:14 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-08-26 08:37:14 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-26 08:37:12 193832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-08-26 08:37:12 117656 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-08-26 08:37:11 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2013-08-26 08:37:11 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2013-08-26 08:37:07 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-08-26 08:37:07 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-08-26 08:37:07 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-08-25 22:39:34 -------- d-----w- C:\Users\Daisy\AppData\Local\NPE
2013-08-18 15:44:39 4188160 ----a-w- C:\Program Files (x86)\GUTD9BC.tmp
2013-08-18 15:44:39 -------- d-----w- C:\Program Files (x86)\GUMD9BB.tmp
2013-08-03 21:00:58 0 ----a-w- C:\Program Files (x86)\GUT4192.tmp
2013-08-03 21:00:58 -------- d-----w- C:\Program Files (x86)\GUM4191.tmp
.
==================== Find3M  ====================
.
2013-06-02 22:56:08 4167680 ----a-w- C:\Program Files (x86)\GUTDF38.tmp
.
============= FINISH: 20:40:45.24 ===============
 

Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16/08/2011 16:35:49
System Uptime: 27/08/2013 20:31:16 (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 1439
Processor: Intel® Core i3 CPU       M 350  @ 2.27GHz | CPU | 2261/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 281 GiB total, 219.642 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 2.357 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP218: 26/03/2013 20:15:51 - Windows Update
RP219: 02/04/2013 10:28:12 - Installed HP Support Assistant
RP220: 02/04/2013 10:33:18 - Windows Modules Installer
RP221: 02/04/2013 10:35:21 - Windows Modules Installer
RP222: 11/04/2013 09:46:47 - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Agatha Christie - Death on the Nile
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Blackhawk Striker 2
CCleaner
Chuzzle Deluxe
CyberLink DVD Suite
CyberLink PowerDVD 9
CyberLink YouCam
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dora's Carnival Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.287
FATE
Final Drive Nitro
Google Earth
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Wireless Assistant
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java 6 Update 20
Java 6 Update 20 (64-bit)
Jewel Quest - Heritage
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MyTomTom 3.2.0.906
Norton 360
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter
Ralink RT3090 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RtVOsd
SafeSearch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.1
Spotify
Synaptics Pointing Device Driver
TeamViewer 6
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
27/08/2013 20:39:06, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
27/08/2013 20:32:10, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
27/08/2013 20:32:10, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/08/2013 20:32:10, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/08/2013 20:31:59, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/08/2013 20:31:52, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27/08/2013 20:31:47, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 SMR322 spldr SRTSPX SymIRON SymNetS Wanarpv6
27/08/2013 20:26:38, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
26/08/2013 19:14:39, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
26/08/2013 19:10:21, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SMR322
26/08/2013 18:21:04, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
26/08/2013 18:21:04, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
26/08/2013 15:07:46, Error: mbamchameleon [61440]  -
26/08/2013 00:02:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
26/08/2013 00:02:09, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service Bluetooth Device Manager with arguments "" in order to run the server: {3428CA47-50B8-48C2-8839-48D3C4C59B23}
26/08/2013 00:01:00, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
26/08/2013 00:00:38, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
26/08/2013 00:00:38, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
26/08/2013 00:00:18, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
26/08/2013 00:00:17, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
26/08/2013 00:00:17, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
26/08/2013 00:00:17, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
26/08/2013 00:00:17, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
26/08/2013 00:00:17, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
26/08/2013 00:00:17, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
26/08/2013 00:00:17, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
26/08/2013 00:00:17, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
26/08/2013 00:00:17, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
26/08/2013 00:00:17, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
25/08/2013 19:48:39, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {000C101C-0000-0000-C000-000000000046}  and APPID  {000C101C-0000-0000-C000-000000000046}  to the user Daisy-HP\Daisy SID (S-1-5-21-324888256-1376828831-3609373928-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Home Premium x64
Ran by Daisy on 02/09/2013 at 19:59:32.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-324888256-1376828831-3609373928-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1AB75F4-3FE0-40D3-AEB5-C2516742C7AA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA99F352-198E-4DDA-B196-FD7D1520A383}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FC0C0170-4EB0-430D-A7F3-939EE7EA1A25}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EA99F352-198E-4DDA-B196-FD7D1520A383}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Users\Daisy\appdata\local\codec-v"
Successfully deleted: [Folder] "C:\Program Files (x86)\codec-v"

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Daisy\AppData\Roaming\mozilla\firefox\profiles\5j9du07i.default\searchplugins\safesearch.xml
Successfully deleted: [Folder] C:\Users\Daisy\AppData\Roaming\mozilla\firefox\profiles\5j9du07i.default\extensions\crossriderapp435@crossrider.com
Successfully deleted: [Folder] C:\Users\Daisy\AppData\Roaming\mozilla\firefox\profiles\5j9du07i.default\extensions\staged
Successfully deleted the following from C:\Users\Daisy\AppData\Roaming\mozilla\firefox\profiles\5j9du07i.default\prefs.js

user_pref("extensions.crossrider.bic", "137db3fc1bbd900e8e28ea35d73afaef");
user_pref("extensions.crossriderapp435.435.InstallationThankYouPage", true);
user_pref("extensions.crossriderapp435.435.InstallationTime", 1336770784);
user_pref("extensions.crossriderapp435.435.InstallationUserSettings.searchUserConifrmation", false);
user_pref("extensions.crossriderapp435.435.InstallationUserSettings.setHomepage", false);
user_pref("extensions.crossriderapp435.435.InstallationUserSettings.setNewTab", false);
user_pref("extensions.crossriderapp435.435.InstallationUserSettings.setSearch", false);
user_pref("extensions.crossriderapp435.435.active", true);
user_pref("extensions.crossriderapp435.435.addressbar", "");
user_pref("extensions.crossriderapp435.435.addressbarenhanced", "");
user_pref("extensions.crossriderapp435.435.affid", "0");
user_pref("extensions.crossriderapp435.435.backgroundjs", "\n\nfunction buttonClick() {        \n  \n  if (appAPI.platform == \"FF\") window.open(\"file:///C:/codec-info/codec
user_pref("extensions.crossriderapp435.435.backgroundver", 9);
user_pref("extensions.crossriderapp435.435.can_run_bg_code", true);
user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
user_pref("extensions.crossriderapp435.435.changeprevious", false);
user_pref("extensions.crossriderapp435.435.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.cookie.InstallationTime.value", "1336770784");
user_pref("extensions.crossriderapp435.435.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221339413266%22");
user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22");
user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2244476%22");
user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.value", "435");
user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.value", "14969");
user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.value", "%222993%22");
user_pref("extensions.crossriderapp435.435.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Daylight Time)");
user_pref("extensions.crossriderapp435.435.cookie.previous_page.value", "%22hxxp%3A//www.google.com/%22");
user_pref("extensions.crossriderapp435.435.cookie.session_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Daylight Time)");
user_pref("extensions.crossriderapp435.435.cookie.session_id.value", "%22x5o42odFfz%22");
user_pref("extensions.crossriderapp435.435.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.cookie.user_id.value", "%22137db3fc1bbd900e8e28ea35d73afaef%22");
user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
user_pref("extensions.crossriderapp435.435.domain", "");
user_pref("extensions.crossriderapp435.435.emailsig", "");
user_pref("extensions.crossriderapp435.435.enablesearch", false);
user_pref("extensions.crossriderapp435.435.exposesites", "");
user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
user_pref("extensions.crossriderapp435.435.group", 0);
user_pref("extensions.crossriderapp435.435.homepage", "");
user_pref("extensions.crossriderapp435.435.iframe", false);
user_pref("extensions.crossriderapp435.435.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22F610BA9DCB994BCB9CF5EF23E38487E9IE%22%2C%22installer_verifier%2
user_pref("extensions.crossriderapp435.435.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.internaldb.Resources_appVer.value", "75");
user_pref("extensions.crossriderapp435.435.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.internaldb.Resources_lastVersion.value", "0");
user_pref("extensions.crossriderapp435.435.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.crossriderapp435.435.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard Time)");
user_pref("extensions.crossriderapp435.435.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp435.435.js", "\n\n$jquery(document).ready(function() {\n   \n   $jquery('#cblocker').remove();\n    if(window.self==window.top && 'mystart.i
user_pref("extensions.crossriderapp435.435.manifesturl", "");
user_pref("extensions.crossriderapp435.435.name", "Codec-V");
user_pref("extensions.crossriderapp435.435.newtab", "");
user_pref("extensions.crossriderapp435.435.opensearch", "");
user_pref("extensions.crossriderapp435.435.plugins.plugin_10.code", "if(!appAPI.matchPages(\"search.babylon.com\",\"search.sweetim.com\",\"mystart.incredimail.com\",\"mystart.
user_pref("extensions.crossriderapp435.435.plugins.plugin_10.name", "app_435_specific");
user_pref("extensions.crossriderapp435.435.plugins.plugin_10.ver", 5);
user_pref("extensions.crossriderapp435.435.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection(
user_pref("extensions.crossriderapp435.435.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp435.435.plugins.plugin_13.ver", 3);
user_pref("extensions.crossriderapp435.435.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&
user_pref("extensions.crossriderapp435.435.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp435.435.plugins.plugin_14.ver", 3);
user_pref("extensions.crossriderapp435.435.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_f
user_pref("extensions.crossriderapp435.435.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp435.435.plugins.plugin_16.ver", 7);

user_pref("extensions.crossriderapp435.435.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp435.435.plugins.plugin_17.ver", 4);
user_pref("extensions.crossriderapp435.435.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(fu
user_pref("extensions.crossriderapp435.435.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp435.435.plugins.plugin_47.ver", 3);
user_pref("extensions.crossriderapp435.435.plugins.plugin_49.code", "if (!appAPI.monetize || appAPI.monetize.isNeedToRun(\"monitzation_100\")) {\n \n(function($,e,b){var c=\"h
user_pref("extensions.crossriderapp435.435.plugins.plugin_49.name", "similar_web");
user_pref("extensions.crossriderapp435.435.plugins.plugin_49.ver", 4);
user_pref("extensions.crossriderapp435.435.plugins.plugin_50.code", "function create_id(string_size) {\n    var text = \"\";\n    var possible = \"ABCDEFGHIJKLMNOPQRSTUVWXYZab
user_pref("extensions.crossriderapp435.435.plugins.plugin_50.name", "similar_web_bg");
user_pref("extensions.crossriderapp435.435.plugins.plugin_50.ver", 1);
user_pref("extensions.crossriderapp435.435.plugins.plugin_60.code", "var MonitizationPluginsBase=function(){var a=appAPI.internal&&appAPI.internal.db?appAPI.internal.db:appAPI
user_pref("extensions.crossriderapp435.435.plugins.plugin_60.name", "base_monetization");
user_pref("extensions.crossriderapp435.435.plugins.plugin_60.ver", 1);
user_pref("extensions.crossriderapp435.435.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function(e){return(typeof e===\"object\"&&e!==null);};var
user_pref("extensions.crossriderapp435.435.plugins.plugin_64.name", "appApiMessage");
user_pref("extensions.crossriderapp435.435.plugins.plugin_64.ver", 2);
user_pref("extensions.crossriderapp435.435.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PARAM_
user_pref("extensions.crossriderapp435.435.plugins.plugin_72.name", "appApiValidation");
user_pref("extensions.crossriderapp435.435.plugins.plugin_72.ver", 3);
user_pref("extensions.crossriderapp435.435.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!=
user_pref("extensions.crossriderapp435.435.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.crossriderapp435.435.plugins.plugin_78.ver", 3);
user_pref("extensions.crossriderapp435.435.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true)
user_pref("extensions.crossriderapp435.435.plugins.plugin_98.name", "omniCommands");
user_pref("extensions.crossriderapp435.435.plugins.plugin_98.ver", 2);
user_pref("extensions.crossriderapp435.435.plugins_lists.plugins_0", "14,78,16,64,47,72,98,50");
user_pref("extensions.crossriderapp435.435.plugins_lists.plugins_1", "17,14,78,13,16,64,72,98,60,49,10");
user_pref("extensions.crossriderapp435.435.plugins_lists.plugins_5", "14,78,13,16,64,47,72");

user_pref("extensions.crossriderapp435.435.pluginsversion", 24);
user_pref("extensions.crossriderapp435.435.premium", true);
user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay");
user_pref("extensions.crossriderapp435.435.searchstatus", 0);
user_pref("extensions.crossriderapp435.435.setnewtab", false);
user_pref("extensions.crossriderapp435.435.settingsurl", "");
user_pref("extensions.crossriderapp435.435.thankyou", "");
user_pref("extensions.crossriderapp435.435.updateinterval", 360);
user_pref("extensions.crossriderapp435.435.ver", 75);
user_pref("extensions.crossriderapp435.adsOldValue", -1);
user_pref("extensions.crossriderapp435.apps", "435");
user_pref("extensions.crossriderapp435.bic", "137db3fc1bbd900e8e28ea35d73afaef");
user_pref("extensions.crossriderapp435.cid", 435);
user_pref("extensions.crossriderapp435.firstrun", false);
user_pref("extensions.crossriderapp435.hadappinstalled", true);
user_pref("extensions.crossriderapp435.installationdate", 1339413218);
user_pref("extensions.crossriderapp435.lastcheck", 22958930);
user_pref("extensions.crossriderapp435.lastcheckitem", 22958930);
user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1341847017967");
user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1341847017959");
user_pref("extensions.crossriderapp435.modetype", "production");
user_pref("extensions.crossriderapp435.statsDailyCounter", 6);
user_pref("extensions.crossriderapp435.updating", true);
Emptied folder: C:\Users\Daisy\AppData\Roaming\mozilla\firefox\profiles\5j9du07i.default\minidumps [23 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/09/2013 at 21:01:44.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Hi Ron I was trying to post the mbar log but was not letting me reply as quickly however I just finished running adecleaner and attempting to now reboot but the problem is that my system won't restart or shut down... It says perpetually as 'preparing to configure' or 'shutting down'. So lots of the steps require reboots that I'm struggling to do... Is that something a virus can do? My computer is currently sat in logging off mode (I'm on my phone)

Link to post
Share on other sites

  • Root Admin

Well that is not a typical infection issue but could simply be part of a Windows Update that we don't want to force as it could break things and make it difficult to start up again.

 

Let it run trying to shut down for at least a couple hours - if it still has not shut down or restarted then go ahead and turn the power off for a couple minutes and then try to restart and see where you're at.

Link to post
Share on other sites

# AdwCleaner v3.002 - Report created 02/09/2013 at 22:52:13
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Daisy - DAISY-HP
# Running from : C:\Users\Daisy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Daisy\AppData\Roaming\Mozilla\Firefox\Profiles\5j9du07i.default\prefs.js ]

Line Deleted : user_pref("extensions.crossriderapp435.435.backgroundjs", "\n\nfunction buttonClick() {        \n  \n  if (appAPI.platform == \"FF\") window.open(\"file:///C:/codec-info/codec_info.html\");\n  if (app[...]
Line Deleted : user_pref("extensions.crossriderapp435.435.js", "\n\n$jquery(document).ready(function() {\n   \n   $jquery('#cblocker').remove();\n    if(window.self==window.top && 'mystart.incredibar.com,search.baby[...]
Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_10.code", "if(!appAPI.matchPages(\"search.babylon.com\",\"search.sweetim.com\",\"mystart.incredimail.com\",\"mystart.incredibar.com\",\"search[...]
Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator!=[...]
Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&typeof[...]

Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_49.code", "if (!appAPI.monetize || appAPI.monetize.isNeedToRun(\"monitzation_100\")) {\n \n(function($,e,b){var c=\"hashchange\",h=document,f,[...]
Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_50.code", "function create_id(string_size) {\n    var text = \"\";\n    var possible = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0[...]
Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function(e){return(typeof e===\"object\"&&e!==null);};var b=function(e){return(!!e[...]
Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PARAM_NAME% value is not suppor[...]
Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(function[...]
Line Deleted : user_pref("extensions.crossriderapp435.435.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=appA[...]
Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp435%40crossrider.com:0.91.75,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");

-\\ Google Chrome v

[ File : C:\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url

*************************

AdwCleaner[R0].txt - [3946 octets] - [02/09/2013 22:50:33]
AdwCleaner[s0].txt - [3903 octets] - [02/09/2013 22:52:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3963 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.07.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Daisy :: DAISY-HP [administrator]

02/09/2013 19:42:22
mbar-log-2013-09-02 (19-42-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 234089
Time elapsed: 14 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

  • Root Admin

Please visit this site and reset Internet Explorer back to the default settings.
How to reset Internet Explorer settings

Then run MBAM and check for updates and do a Quick Scan and post back the new log.

Next, Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Link to post
Share on other sites

im trying to post my TDSS killer log but its saying its too long.

 

Here the end bit

 

20:37:47.0753 0x14f0  ============================================================
20:37:47.0753 0x14f0  Scan finished
20:37:47.0753 0x14f0  ============================================================
20:37:47.0769 0x14e8  Detected object count: 5
20:37:47.0769 0x14e8  Actual detected object count: 5
20:37:59.0203 0x14e8  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:59.0203 0x14e8  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:37:59.0203 0x14e8  FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:59.0203 0x14e8  FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:37:59.0203 0x14e8  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:59.0203 0x14e8  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:37:59.0219 0x14e8  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:59.0219 0x14e8  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:37:59.0219 0x14e8  RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:59.0219 0x14e8  RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
 

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.27.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Daisy :: DAISY-HP [administrator]

Protection: Enabled

05/09/2013 20:44:26
mbam-log-2013-09-05 (20-44-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217396
Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

  • Root Admin

No based on your reply the computer still needs work.  You don't need Chrome for now - if you're able to download Chrome from Internet Explorer then IE is working well enough to use while we continue to work on your computer.

 

Do you have the installation CD for Windows ?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.