Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/FakeSysdef on Windows 7


  • Please log in to reply
16 replies to this topic

#1 shipoffools

shipoffools

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 15 February 2012 - 07:48 PM

This activated on my system yesterday, Feb14th, at 10pm est.

My Microsoft Security Essentials notified me that it caught a Trojan and I allowed it to remove it. Or so I thought.
The fake scanner popped up and did not allow me to close it. Even task manager would not open, in order to close it.
I was hoping that a reboot would help so I did so with the power button, the only option to reboot available.
No good...I had the long, narrow error message about no disc found and could perform no function.
I took the system to a friend's place and we managed to do some virus scans (microsoft security essentials, malwarebytes, and I later did
one with Trend Microsystems Housecall). We recovered the system to the point of ensuring that all files were still there (though they had
become hidden) and networking was possible. Of course, my taskbar, start menu and desktop were all empty and I have done what I can to
manually restore it's lost state. We tried system restore, from a few points, and it wouldn't get past the 'initializing' stage, so after about
10 minutes or so, each time, we gave up on that idea.

I have two main concerns at this stage:
1. Is the virus actually eliminated or is it lying dormant somewhere?
2. Is there a way to restore my systems settings to how they were previously?

Obviously, I am also interested in knowing where it came from in the first place, but I'm guessing that such will be difficult to pin down.
If virus protection software would indicate such information then it would be infinitely more valuable. All I can suggest, for this concern, is four possible sources: I was watching a downloaded mpeg movie at the time, I had a video downloading via a torrent and I had, a few minutes prior, just started to download the part 2 of a 3-part rar. The 3 just mentioned were from reasonably trusted sites though the rar in question came from a site that I thought had become corrupted about 6 or 7 months ago (and fixed subsequently). The 4th possibility, as I found out a few hours ago, was that an e-mail I received was not actually sent from the sender but apparently from a possibly nefarious source; I did look at the e-mail but didn't open any attachment as I won't open e-mail attachments. There was a hyperlink--to a website--in the e-mail but I honestly can't recall if I clicked on it or not...I don't think so. Regardless, opening this e-mail was done several days before problems started (I'm pretty sure late on the 10th).

I should add that my friend claims that my system restore points might have been corrupted and perhaps I should eliminate them. I do have some
registry back-ups--done with crap cleaner--available. I am not sure if they are the entire registry or just info regarding corrections that
crap cleaner was about to make, and searching for info on that has provided ambiguous information. A crap cleaner representative claims that
right-clicking and selecting 'merge' restores those registry backs, but didn't state whether they were full-backs or just of any changes.

I am not sure what else to add presently, save that I am considering trying another registry repairer, perhaps wiseregistrycleaner or fixncr,
that latter of which I'm pretty sure is available from this site.

Any helpful information would be appreciated.
Thanks.

Edited by shipoffools, 15 February 2012 - 07:58 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:45 PM

Posted 15 February 2012 - 08:39 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 shipoffools

shipoffools
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 16 February 2012 - 01:41 AM

Thanks for the quick reply.
I've done most but the avast scan is still working.

From Security Check:
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 23
Out of date Java installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
===============================================================
Only red flag looks like Windows Security Center,
but I think that my version of Windows (7 Home)has Action Center instead.
================================================================

From Farber Service Scanner:

Farbar Service Scanner Version: 14-02-2012
Ran by MIKE (administrator) on 16-02-2012 at 00:26:57
Running from "C:\Users\MIKE\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
IE proxy is enabled.



Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.


Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
===========================================================================
I'm not sure what to make of this report and won't pretend to try.
===========================================================================

From MiniToolBox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by MIKE (administrator) on 16-02-2012 at 00:30:07
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Error: (02/16/2012 00:07:11 AM) (Source: System Restore) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Windows Update).

Error: (02/15/2012 11:45:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: winamp.exe, version: 5.5.8.2985, time stamp: 0x4c3b43ea
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000417
Fault offset: 0x0002fc96
Faulting process id: 0xda4
Faulting application start time: 0xwinamp.exe0
Faulting application path: winamp.exe1
Faulting module path: winamp.exe2
Report Id: winamp.exe3

Error: (02/15/2012 11:40:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: LimeWire.exe, version: 1.0.0.3, time stamp: 0x4a96bd26
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000417
Fault offset: 0x0006ccd5
Faulting process id: 0xce0
Faulting application start time: 0xLimeWire.exe0
Faulting application path: LimeWire.exe1
Faulting module path: LimeWire.exe2
Report Id: LimeWire.exe3

Error: (02/15/2012 10:35:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: LimeWire.exe, version: 1.0.0.3, time stamp: 0x4a96bd26
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000417
Fault offset: 0x0006ccd5
Faulting process id: 0xdec
Faulting application start time: 0xLimeWire.exe0
Faulting application path: LimeWire.exe1
Faulting module path: LimeWire.exe2
Report Id: LimeWire.exe3

Error: (02/15/2012 10:22:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: LimeWire.exe, version: 1.0.0.3, time stamp: 0x4a96bd26
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000417
Fault offset: 0x0006ccd5
Faulting process id: 0x858
Faulting application start time: 0xLimeWire.exe0
Faulting application path: LimeWire.exe1
Faulting module path: LimeWire.exe2
Report Id: LimeWire.exe3

Error: (02/15/2012 09:26:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: winamp.exe, version: 5.5.8.2985, time stamp: 0x4c3b43ea
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000417
Fault offset: 0x0002fc96
Faulting process id: 0xf40
Faulting application start time: 0xwinamp.exe0
Faulting application path: winamp.exe1
Faulting module path: winamp.exe2
Report Id: winamp.exe3

Error: (02/15/2012 09:57:46 AM) (Source: System Restore) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Scheduled Checkpoint).

Error: (02/15/2012 08:18:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: winamp.exe, version: 5.5.8.2985, time stamp: 0x4c3b43ea
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000417
Fault offset: 0x0002fc96
Faulting process id: 0xe60
Faulting application start time: 0xwinamp.exe0
Faulting application path: winamp.exe1
Faulting module path: winamp.exe2
Report Id: winamp.exe3

Error: (02/15/2012 03:06:53 AM) (Source: Application Error) (User: )
Description: Faulting application name: winamp.exe, version: 5.5.8.2985, time stamp: 0x4c3b43ea
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000417
Fault offset: 0x0002fc96
Faulting process id: 0xdcc
Faulting application start time: 0xwinamp.exe0
Faulting application path: winamp.exe1
Faulting module path: winamp.exe2
Report Id: winamp.exe3

Error: (02/15/2012 01:33:42 AM) (Source: System Restore) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Scheduled Checkpoint).


System errors:
=============
Error: (02/16/2012 00:07:12 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (02/16/2012 00:07:12 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (02/16/2012 00:07:12 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (02/16/2012 00:07:04 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (02/16/2012 00:06:56 AM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (02/15/2012 05:54:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (02/15/2012 05:54:49 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (02/15/2012 09:59:44 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (02/15/2012 09:59:40 AM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (02/15/2012 09:57:50 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (02/16/2012 00:07:11 AM) (Source: System Restore)(User: )
Description: Windows Update

Error: (02/15/2012 11:45:51 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.8.29854c3b43eaMSVCR90.dll9.0.30729.61614dace5b9c00004170002fc96da401ccec55ebaa6104C:\Program Files (x86)\Winamp\winamp.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll19df980a-5859-11e1-af84-842b2bac41f0

Error: (02/15/2012 11:40:27 PM) (Source: Application Error)(User: )
Description: LimeWire.exe1.0.0.34a96bd26MSVCR90.dll9.0.30729.61614dace5b9c00004170006ccd5ce001ccec62fd5a4d28C:\Program Files (x86)\LimeWire\LimeWire.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll58bda0e5-5858-11e1-af84-842b2bac41f0

Error: (02/15/2012 10:35:09 PM) (Source: Application Error)(User: )
Description: LimeWire.exe1.0.0.34a96bd26MSVCR90.dll9.0.30729.61614dace5b9c00004170006ccd5dec01ccec5a9172e0c2C:\Program Files (x86)\LimeWire\LimeWire.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll396e7006-584f-11e1-af84-842b2bac41f0

Error: (02/15/2012 10:22:01 PM) (Source: Application Error)(User: )
Description: LimeWire.exe1.0.0.34a96bd26MSVCR90.dll9.0.30729.61614dace5b9c00004170006ccd585801ccec55c8377575C:\Program Files (x86)\LimeWire\LimeWire.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll63cb930c-584d-11e1-af84-842b2bac41f0

Error: (02/15/2012 09:26:23 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.8.29854c3b43eaMSVCR90.dll9.0.30729.61614dace5b9c00004170002fc96f4001ccec50dd966f41C:\Program Files (x86)\Winamp\winamp.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll9dd1a018-5845-11e1-af84-842b2bac41f0

Error: (02/15/2012 09:57:46 AM) (Source: System Restore)(User: )
Description: Scheduled Checkpoint

Error: (02/15/2012 08:18:08 AM) (Source: Application Error)(User: )
Description: winamp.exe5.5.8.29854c3b43eaMSVCR90.dll9.0.30729.61614dace5b9c00004170002fc96e6001ccebc1d3b27e67C:\Program Files (x86)\Winamp\winamp.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll804aab52-57d7-11e1-a888-842b2bac41f0

Error: (02/15/2012 03:06:53 AM) (Source: Application Error)(User: )
Description: winamp.exe5.5.8.29854c3b43eaMSVCR90.dll9.0.30729.61614dace5b9c00004170002fc96dcc01ccebb8c185a624C:\Program Files (x86)\Winamp\winamp.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll0509ebe6-57ac-11e1-8ae8-842b2bac41f0

Error: (02/15/2012 01:33:42 AM) (Source: System Restore)(User: )
Description: Scheduled Checkpoint


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Reader 9.5.0 (Version: 9.5.0)
Any Audio Converter 3.1.8
ATI AVIVO64 Codecs (Version: 11.6.0.50517)
ATI Catalyst Control Center (Version: 2.010.0517.1741)
ATI Catalyst Install Manager (Version: 3.0.778.0)
AVIedit 3.39
Bing Bar (Version: 6.3.2322.0)
Bing Bar Platform (Version: 6.3.2322.0)
Bridge Baron 17 (Version: 17.00.01)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0517.1742.29870)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0517.1742.29870)
Catalyst Control Center InstallProxy (Version: 2010.0517.1742.29870)
Catalyst Control Center Localization All (Version: 2010.0517.1742.29870)
CATraxx
ccc-core-static (Version: 2010.0517.1742.29870)
ccc-utility64 (Version: 2010.0517.1742.29870)
CCC Help Chinese Standard (Version: 2010.0517.1741.29870)
CCC Help Chinese Traditional (Version: 2010.0517.1741.29870)
CCC Help Czech (Version: 2010.0517.1741.29870)
CCC Help Danish (Version: 2010.0517.1741.29870)
CCC Help Dutch (Version: 2010.0517.1741.29870)
CCC Help English (Version: 2010.0517.1741.29870)
CCC Help Finnish (Version: 2010.0517.1741.29870)
CCC Help French (Version: 2010.0517.1741.29870)
CCC Help German (Version: 2010.0517.1741.29870)
CCC Help Greek (Version: 2010.0517.1741.29870)
CCC Help Hungarian (Version: 2010.0517.1741.29870)
CCC Help Italian (Version: 2010.0517.1741.29870)
CCC Help Japanese (Version: 2010.0517.1741.29870)
CCC Help Korean (Version: 2010.0517.1741.29870)
CCC Help Norwegian (Version: 2010.0517.1741.29870)
CCC Help Polish (Version: 2010.0517.1741.29870)
CCC Help Portuguese (Version: 2010.0517.1741.29870)
CCC Help Russian (Version: 2010.0517.1741.29870)
CCC Help Spanish (Version: 2010.0517.1741.29870)
CCC Help Swedish (Version: 2010.0517.1741.29870)
CCC Help Thai (Version: 2010.0517.1741.29870)
CCC Help Turkish (Version: 2010.0517.1741.29870)
CCleaner (Version: 3.04)
Cribbage Quest 1.00
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.48)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 3.1.5907.12)
DirectXInstallService (Version: 9.0.2)
EMC 10 Content (Version: 1.0.035)
EMCGadgets64 (Version: 1.0.302)
EMDB 1.40
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.99)
GoToAssist Corporate (Version: 9.1.0.615)
Governor of Poker (Version: 1.0)
Intel® Control Center (Version: 1.2.0.1006)
Intel® Rapid Storage Technology (Version: 9.5.0.1037)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 23 (Version: 6.0.230)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
LimeWire 5.6.2 (Version: 5.6.2)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC90 CRT + OMP (Version: 1.0.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Miro (Version: 3.5.1)
Mozilla Firefox 4.0 (x86 en-US) (Version: 4.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Card Reader (Version: 1.4.915.1)
PowerDVD DX (Version: 8.3.6029)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5953)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.0)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy CD and DVD Burning (Version: 10.3)
Roxio Easy CD and DVD Burning (Version: 10.3.106)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio File Backup (Version: 1.3.0)
Roxio Update Manager (Version: 6.0.0)
Shareaza 2.5.5.0 (Version: 2.5.5.0)
Skins (Version: 2010.0517.1742.29870)
Slice Audio File Splitter
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
THX TruStudio PC (Version: 1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
VD64Inst (Version: 1.00.0000)
Winamp (Version: 5.581 )
Winamp Detector Plug-in (Version: 1.0.0.1)
WinAVI All in One Converter (Version: 1.2.0.3939)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 6103.08 MB
Available physical RAM: 4358.32 MB
Total Pagefile: 12204.35 MB
Available Pagefile: 10387.59 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.64 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:920.59 GB) (Free:114.26 GB) NTFS

========================= Users: ========================================


Administrator Guest MIKE


**** End of log ****
================================================================================

From Malwarebytes, which I had ran just before coming in to see your response:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
MIKE :: MIKE-PC [administrator]

16/02/2012 12:12:32 AM
mbam-log-2012-02-16 (00-12-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 184587
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
===================================================================================
Unusual that it found nothing as the avast scan has
===================================================================================

From aswMBR:
(I saved this log too early, apparently, as it stopped and seemed to be done)

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 00:44:15
-----------------------------
00:44:15.043 OS Version: Windows x64 6.1.7601 Service Pack 1
00:44:15.043 Number of processors: 4 586 0x1E05
00:44:15.043 ComputerName: MIKE-PC UserName: MIKE
00:44:18.568 Initialize success
00:46:11.608 AVAST engine defs: 12021501
00:46:29.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
00:46:29.033 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 8
00:46:29.049 Disk 0 MBR read successfully
00:46:29.064 Disk 0 MBR scan
00:46:29.064 Disk 0 Windows VISTA default MBR code
00:46:29.080 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
00:46:29.095 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 81920
00:46:29.142 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942686 MB offset 22900736
00:46:29.158 Service scanning
00:46:29.501 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
00:46:30.094 Modules scanning
00:46:30.094 Disk 0 trace - called modules:
00:46:30.109 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:46:30.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800660c060]
00:46:30.437 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80062cb050]
00:47:03.350 Disk 0 MBR has been saved successfully to "C:\Users\MIKE\Desktop\MBR.dat"
00:47:03.365 The log file has been saved successfully to "C:\Users\MIKE\Desktop\aswMBR.txt"


==============================================================================
The 1 file that says 'LOCKED' was, and remains, in yellow text.
The program has found an infected file in AppData/Local/Temp
at 12:54 am (est).
By the name it is clearly related to the Win32 family of nonsense.
After it spotted it, my microsoft sec. essentials popped up a notice that it,
ahem, "found" this malignancy. I went ahead and allowed mse to smite it.

This scan is taking forever but I'll post the new log if and when it finishes.
I'm guessing that there is still trouble hiding somewhere on my system.
I also haven't been able to come up with a possible solution to restoring my comp,
save manually. I still have those crap cleaner registry back-ups but I'm not sure
whether that's a good way to go.

The scan is done. Go figure.
Give me a minute or 17.

Edited by shipoffools, 16 February 2012 - 04:30 PM.


#4 shipoffools

shipoffools
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 16 February 2012 - 01:50 AM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 00:44:15
-----------------------------
00:44:15.043 OS Version: Windows x64 6.1.7601 Service Pack 1
00:44:15.043 Number of processors: 4 586 0x1E05
00:44:15.043 ComputerName: MIKE-PC UserName: MIKE
00:44:18.568 Initialize success
00:46:11.608 AVAST engine defs: 12021501
00:46:29.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
00:46:29.033 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 8
00:46:29.049 Disk 0 MBR read successfully
00:46:29.064 Disk 0 MBR scan
00:46:29.064 Disk 0 Windows VISTA default MBR code
00:46:29.080 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
00:46:29.095 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 81920
00:46:29.142 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942686 MB offset 22900736
00:46:29.158 Service scanning
00:46:29.501 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
00:46:30.094 Modules scanning
00:46:30.094 Disk 0 trace - called modules:
00:46:30.109 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:46:30.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800660c060]
00:46:30.437 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80062cb050]
00:47:03.350 Disk 0 MBR has been saved successfully to "C:\Users\MIKE\Desktop\MBR.dat"
00:47:03.365 The log file has been saved successfully to "C:\Users\MIKE\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 00:44:15
-----------------------------
00:44:15.043 OS Version: Windows x64 6.1.7601 Service Pack 1
00:44:15.043 Number of processors: 4 586 0x1E05
00:44:15.043 ComputerName: MIKE-PC UserName: MIKE
00:44:18.568 Initialize success
00:46:11.608 AVAST engine defs: 12021501
00:46:29.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
00:46:29.033 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 8
00:46:29.049 Disk 0 MBR read successfully
00:46:29.064 Disk 0 MBR scan
00:46:29.064 Disk 0 Windows VISTA default MBR code
00:46:29.080 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
00:46:29.095 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 81920
00:46:29.142 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942686 MB offset 22900736
00:46:29.158 Service scanning
00:46:29.501 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
00:46:30.094 Modules scanning
00:46:30.094 Disk 0 trace - called modules:
00:46:30.109 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:46:30.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800660c060]
00:46:30.437 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80062cb050]
00:47:03.350 Disk 0 MBR has been saved successfully to "C:\Users\MIKE\Desktop\MBR.dat"
00:47:03.365 The log file has been saved successfully to "C:\Users\MIKE\Desktop\aswMBR.txt"
00:47:12.604 AVAST engine scan C:\Windows
00:47:15.506 AVAST engine scan C:\Windows\system32
00:50:33.657 AVAST engine scan C:\Windows\system32\drivers
00:50:48.743 AVAST engine scan C:\Users\MIKE
00:54:52.485 File: C:\Users\MIKE\AppData\Local\Temp\0.8508844054702964 **INFECTED** Win32:Kryptik-HHY [Trj]
01:36:58.378 AVAST engine scan C:\ProgramData
01:39:27.717 Scan finished successfully
01:42:47.269 Disk 0 MBR has been saved successfully to "C:\Users\MIKE\Desktop\MBR.dat"
01:42:47.269 The log file has been saved successfully to "C:\Users\MIKE\Desktop\aswMBR.txt"

===================================================================================

A little redundant, repeated the part previously posted by c'est la vie.
It was that Win32:Kryptik-HHY that mse allegedly smited, once activated, I suppose,
by the avast scan.

Maybe Broni or somebody else can make heads or tails of where I'm at and what to do.

over and out

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:45 PM

Posted 16 February 2012 - 11:34 AM

Your Security Center is not running because you have one registry key missing.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on wscsvc.reg file and confirm the prompt.
Restart computer and post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 shipoffools

shipoffools
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 16 February 2012 - 04:34 PM

What happened to Windows Security Center?

Action Center replaces Windows Security Center in this version of Windows.

Action Center manages firewall settings, Windows Update, antispyware software settings, Internet security, and User Account control settings. Action Center also monitors computer maintenance settings and provides links to troubleshooters and other tools that can help fix problems.

Click to open Action Center.

For more information about Action Center, see How does Action Center check for problems?

Article ID: MSW700038

========================================================================================

By the way, Broni, maybe you're mixing up your response to another post that you saw.
You seemed to have missed that I already had malwarebytes on my system, and might
have missed that I'm running Windows 7.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:45 PM

Posted 16 February 2012 - 04:47 PM

Action Center replaces Windows Security Center in this version of Windows.

Same thing, different name in different Windows version.
You still have to fix registry issue.

I'm not sure what you're saying regarding MBAM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 shipoffools

shipoffools
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 16 February 2012 - 05:18 PM

Farbar Service Scanner Version: 14-02-2012
Ran by MIKE (administrator) on 16-02-2012 at 17:12:00
Running from "C:\Users\MIKE\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
IE proxy is enabled.



Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

================================================

Alright...followed instructions and I got the above.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:45 PM

Posted 16 February 2012 - 06:07 PM

Looks good.

Any current issues?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 shipoffools

shipoffools
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 16 February 2012 - 07:01 PM

On my first boot up, today, I did a scan of user/mike/AppData
as that seemed to be where virus was hiding.
It found something with 'java' in the name (mse did) so it nixed it.

Also, trying to find out why I can't create a desktop background (it shows on
log-in, shut-down, and when I bring up the task manager page),
I found a site that described how to change the 'wallpaper' registry key.
I went into that key and it had the name c:\etc\etc\AppData\etc,
so I am wondering if that was changed during the nastiness.
I changed it to blank, with no change to resulting.

I haven't done the last 2 steps mentioned, yet.
I'm going to look into the ESET and proceed if it looks safe.

Thanks

#11 shipoffools

shipoffools
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 16 February 2012 - 09:10 PM

okay...
======================================================
C:\Users\MIKE\Desktop\PCSafeDoctor_Setup.exe multiple threats deleted - quarantined
C:\Users\MIKE\Documents\Futuris Imager\plugins\f_windib.dll a variant of Win32/Kryptik.MLW trojan cleaned by deleting - quarantined
C:\Users\MIKE\Downloads\Miro_Installer.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\MIKE\Downloads\PCSafeDoctor_Setup.exe multiple threats deleted - quarantined

============================================================

4 found
The 2 pc safe doctor hmmm.
I just downloaded that yesterday, after problems started, and shortly uninstalled
it when I discovered it useless. I left the setup exe on my comp. The TFC application
appeared to get rid of it (it was on my desktop is how I noticed), among the
450M or so it eliminated.


I've installed miro as I had a video that wouldn't play (ages ago).
It seems to have worked fine. How the setup file becomes corrupt is beyond me.

I use Futuris Imager (capture) to take some screenshots.
Am I to believe that a nasty plugin got slipped in somehow?

I'm not sure if it's totally been eliminated or not. I'll have to pay close attention.
I presume that the other recoveries will have to be done manually.
My background isn't crucial but I don't understand why it insists on remaining black.

Thanks for the tips.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:45 PM

Posted 16 February 2012 - 09:14 PM

PCSafeDoctor is a rogue. See here: http://www.mywot.com/en/scorecard/pcsafedoctor.com
Stay away.

Can you change background manually?

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

Any other issues?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 shipoffools

shipoffools
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 16 February 2012 - 09:47 PM

Another quick reply...thanks.

I figured about pcsafedoc. I only scored that after probs started, though.
I've searched my system and it's toast.

I can't seem to change my background. I still just appears at log-in, shut-down
and with alt-ctrl-del to bring up the task manager.

My java may be an issue.
I'll check that out next.

Thanks

#14 shipoffools

shipoffools
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 16 February 2012 - 10:11 PM

I updated my java.
After (presumably) the installation I got a message saying:
Installer:Wrapper.CreateFile failed with error 5:Access is denied

I went back to the java page and had it check my version, though, and it told me 'congrats...I had the recommended version'

I ran the uninstall previous versions.
It gave me an error about not finding the log file,
which is hopefully meaningless,
though I'm not sure if it got rid of old versions or not.

I'm scanned and fixed-out for the day so I'm going to do some other stuff and
see how things are running. Hopefully the virus is toast and I can only assume
that my inability to change my background is due to some kind of lock set in the
program data or else some funky registry change. I though I might have fixed the
registry issue but, apparently, not.

Thanks for the help.
At least this problem is forcing me to learn a little more about my system.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:45 PM

Posted 16 February 2012 - 10:28 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :reg
    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users