Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my computer clean? Please help.


  • This topic is locked This topic is locked
15 replies to this topic

#1 mediamom

mediamom

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 07 July 2012 - 11:12 AM

I have spent days working on my cousins laptop running Vista. It wasn't connecting to the internet, had no vista update (including service packs), media player wasn't working, etc. I've got it running better. I ran malware bytes and it found several things and deleted.

It still runs pretty slow. (could just be yucky vista) Can someone please check my logs and see if it is clean (I am doubting that it is). Thanks for your help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:10:26 PM, on 7/7/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\tricia\Desktop\HijackThis.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: AT&T Con App Svc (CAATT) - Unknown owner - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sierra Wireless Error Reporting Agent (IERA) - Sierra Wireless, Inc. - C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5096 bytes

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 12 July 2012 - 11:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459655 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 12 July 2012 - 04:49 PM

My internet is still pretty slow. I also cannot defrag the hard drive. Don't know if that is related.

MBAM found and removed several items. Please check my logs to make sure they are clean. THANK YOU so much!

I cannot post the gmer log. It crashes every time I try to paste... Here is the DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by tricia at 17:19:11 on 2012-07-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.468 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atashost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\tricia\Desktop\2zjbrzz1.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.goodsearch.com/
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [attcm_AppStart.exe] "c:\program files\at&t\at&t communication manager\attcm_AppStart.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\tricia\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{297E43EF-1308-4A67-8547-02316940943B} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{74418B25-7870-4581-B060-9F613D726F8E} : DhcpNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{8398039F-2ECD-4A68-8A64-58FFEA7D5BD3} : DhcpNameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{FC121F84-8D39-4230-BC04-928A96F75BC1} : DhcpNameServer = 209.183.33.23 209.183.35.23
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tricia\appdata\roaming\mozilla\firefox\profiles\z3862h3p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\tricia\appdata\roaming\mozilla\firefox\profiles\z3862h3p.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

\components\RadioWMPCore.dll
FF - component: c:\users\tricia\appdata\roaming\mozilla\firefox\profiles\z3862h3p.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\tricia\appdata\roaming\mozilla\firefox\profiles\z3862h3p.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

\components\FFExternalAlert.dll
FF - component: c:\users\tricia\appdata\roaming\mozilla\firefox\profiles\z3862h3p.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

\components\RadioWMPCore.dll
FF - component: c:\users\tricia\appdata\roaming\mozilla\firefox\profiles\z3862h3p.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\tricia\appdata\roaming\mozilla\firefox\profiles\z3862h3p.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\plugins\np-mswmp.dll
FF - plugin: c:\users\tricia\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-30 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-30 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-30 110032]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-2-23 20376]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-30 83392]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-5-8 21504]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2007-11-15 204800]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\sierra wireless inc\common\SwiCardDetect.exe [2011-5-20 238960]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-10-30 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-10-30 812544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-27 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 ATTRcAppSvc;AT&T RcAppSvc;"c:\program files\at&t\communication manager\rcappsvc.exe" /n "attrcappsvc" --> c:\program files\at&t\communication

manager\RcAppSvc.exe [?]
S3 CAATT;AT&T Con App Svc;"c:\program files\at&t\communication manager\conappssvc.exe" /n "caatt" --> c:\program files\at&t\communication

manager\ConAppsSvc.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-2-25 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-27 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 129976]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [2012-5-25 215552]
S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [2012-5-25 83968]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2009-8-12 197504]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2012-5-25 208128]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2009-7-22 148992]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-10-31 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-10-31 79136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]
S4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-11-15 745472]
S4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-11-15

397312]
S4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-11-15

1089536]
.
=============== Created Last 30 ================
.
2012-07-12 20:05:09 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a73288f2-d204-4d02-aeca-187baaddc181}

\offreg.dll
2012-07-12 19:46:53 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a73288f2-d204-4d02-aeca-187baaddc181}

\mpengine.dll
2012-07-06 02:20:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-06 02:20:06 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-07-06 02:20:05 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-07-06 02:20:05 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-06 02:20:05 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-06 01:59:14 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-07-05 22:05:17 -------- d-----w- c:\users\tricia\appdata\local\ElevatedDiagnostics
2012-07-05 20:33:21 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-05 19:43:57 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-05 19:43:56 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-05 19:43:55 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-05 19:25:58 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-05 19:25:58 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-07-05 19:25:58 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-05 19:25:58 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-05 19:10:05 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-07-05 19:10:05 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-07-05 19:10:04 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-05 19:10:04 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-07-05 19:10:04 2873344 ----a-w- c:\windows\system32\mf.dll
2012-07-05 19:10:04 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-05 19:10:03 586240 ----a-w- c:\windows\system32\stobject.dll
2012-07-05 19:10:03 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-07-05 19:10:00 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-07-05 19:09:59 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-05 19:09:58 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-07-05 19:09:58 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-07-05 19:09:58 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-07-05 19:09:58 37376 ----a-w- c:\windows\system32\cdd.dll
2012-07-05 19:09:58 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-07-05 19:09:58 258048 ----a-w- c:\windows\system32\winspool.drv
2012-07-05 19:09:58 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-07-05 19:09:58 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-07-05 19:09:57 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-07-05 19:09:57 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-07-05 19:08:52 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-05 19:08:51 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-05 19:08:51 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-05 19:08:51 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-05 19:08:51 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-05 19:08:51 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-05 19:08:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-05 18:28:05 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-07-05 18:28:04 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-07-05 18:26:54 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-05 18:26:29 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-07-05 18:26:28 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-07-05 18:26:27 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-07-05 18:26:27 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-07-05 18:26:26 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-07-05 18:26:26 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-07-05 18:26:00 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-07-05 18:24:51 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-07-05 18:24:51 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-07-05 18:24:51 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-07-05 18:24:51 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-07-05 18:14:59 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-07-05 18:14:56 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-05 18:14:56 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-05 18:14:33 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-05 18:14:33 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-05 18:14:32 9728 ----a-w- c:\windows\system32\lsass.exe
2012-07-05 18:14:32 72704 ----a-w- c:\windows\system32\secur32.dll
2012-07-05 18:14:32 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-07-05 18:14:32 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-07-05 18:14:25 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-07-05 18:14:21 2048 ----a-w- c:\windows\system32\tzres.dll
2012-07-05 18:13:57 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-05 18:13:56 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-07-05 18:05:40 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-07-05 17:31:31 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-05 17:30:10 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-05 17:29:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-05 17:29:45 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-29 03:24:56 -------- d-----w- c:\windows\system32\eu-ES
2012-06-29 03:24:56 -------- d-----w- c:\windows\system32\ca-ES
2012-06-29 03:24:52 -------- d-----w- c:\windows\system32\vi-VN
2012-06-29 02:42:36 -------- d-----w- c:\windows\system32\EventProviders
2012-06-29 02:39:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2012-06-29 02:38:59 513000 ----a-w- c:\program files\windows defender\MpSoftEx.dll
2012-06-29 02:37:59 425472 ----a-w- c:\windows\system32\shwebsvc.dll
2012-06-29 00:55:46 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-06-29 00:40:42 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-06-29 00:40:42 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-06-29 00:40:42 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-06-29 00:40:42 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-06-29 00:40:42 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-29 00:34:16 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-06-29 00:32:27 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-06-29 00:32:20 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-06-29 00:32:19 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-06-29 00:32:19 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-06-29 00:32:13 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-06-29 00:32:13 954288 ----a-w- c:\windows\system32\mfc40u.dll
2012-06-29 00:30:45 17920 ----a-w- c:\windows\system32\netevent.dll
2012-06-29 00:29:45 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-06-29 00:28:58 1169408 ----a-w- c:\windows\system32\sdclt.exe
2012-06-29 00:28:55 739328 ----a-w- c:\windows\system32\inetcomm.dll
2012-06-29 00:28:45 322560 ----a-w- c:\windows\system32\sbe.dll
2012-06-29 00:28:45 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2012-06-29 00:28:45 153088 ----a-w- c:\windows\system32\sbeio.dll
2012-06-29 00:28:41 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-29 00:28:35 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-06-28 23:09:57 -------- d-----w- C:\PerfLogs
2012-06-28 01:41:35 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-06-28 01:06:13 -------- d-----w- c:\windows\Intuit
2012-06-27 18:59:09 -------- d-----w- c:\program files\CCleaner
2012-06-27 18:57:18 -------- d-----w- c:\users\tricia\appdata\local\Google
2012-06-27 18:55:16 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-27 18:52:40 -------- d-----w- C:\Reg_Backup
2012-06-27 18:51:28 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-06-25 18:10:58 -------- d-----w- c:\program files\VS Revo Group
2012-06-25 14:37:18 -------- d-----w- c:\users\tricia\appdata\roaming\Malwarebytes
2012-06-25 14:36:50 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 14:36:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 14:36:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-07-12 13:49:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 13:49:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-05 19:08:53 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-06-28 22:50:57 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-06-28 22:50:43 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-06-28 00:41:44 3452 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-06-28 00:40:47 88 --sh--r- c:\windows\system32\AF97E54247.sys
2012-06-27 18:54:52 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-16 22:18:38 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-18 17:49:50 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
.
============= FINISH: 17:22:29.48 ===============

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 13 July 2012 - 08:41 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 13 July 2012 - 12:42 PM

Thanks so much! I appreciate your help!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 13:36:01
-----------------------------
13:36:01.215 OS Version: Windows 6.0.6002 Service Pack 2
13:36:01.216 Number of processors: 2 586 0xF0D
13:36:01.221 ComputerName: TRICIA-PC UserName: tricia
13:36:52.026 Initialize success
13:38:26.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:38:26.296 Disk 0 Vendor: Hitachi_ SB4O Size: 152627MB BusType: 3
13:38:26.304 Disk 1 \Device\Harddisk1\DR1 -> \Device\000000d3
13:38:26.309 Disk 1 Vendor: ( Size: 152627MB BusType: 0
13:38:26.316 Disk 2 \Device\Harddisk2\DR2 -> \Device\000000d4
13:38:26.324 Disk 2 Vendor: ( Size: 152627MB BusType: 0
13:38:26.362 Disk 0 MBR read successfully
13:38:26.370 Disk 0 MBR scan
13:38:26.378 Disk 0 Windows VISTA default MBR code
13:38:26.412 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8101 MB offset 2048
13:38:26.439 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 144524 MB offset 16592896
13:38:26.502 Disk 0 scanning sectors +312579760
13:38:26.668 Disk 0 scanning C:\Windows\system32\drivers
13:39:15.813 Service scanning
13:40:21.904 Modules scanning
13:40:37.552 Disk 0 trace - called modules:
13:40:37.586 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
13:40:37.599 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86250ac8]
13:40:37.612 3 CLASSPNP.SYS[887a58b3] -> nt!IofCallDriver -> [0x85260b18]
13:40:37.628 5 acpi.sys[82a966bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85261030]
13:40:37.640 Scan finished successfully
13:41:13.990 Disk 0 MBR has been saved successfully to "C:\Users\tricia\Desktop\MBR.dat"
13:41:14.003 The log file has been saved successfully to "C:\Users\tricia\Desktop\aswMBRjluly13.txt"

#6 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 13 July 2012 - 12:42 PM

Thanks!

Edited by mediamom, 13 July 2012 - 12:44 PM.


#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 13 July 2012 - 01:26 PM

I see you have another thread open too - is that for this PC also?

Please do this next:

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 13 July 2012 - 02:37 PM

The other thread is for a different PC - my laptop - which is very messed up!

Thanks! Here is my combofix log:

ComboFix 12-07-13.03 - tricia 07/13/2012 15:14:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.934 [GMT -4:00]
Running from: c:\users\tricia\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\I Want This
c:\program files\I Want This\I Want This.ico
c:\users\tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security
c:\users\tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security\System Security.lnk
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.html
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps-style.css
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps.html
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\messaging.js
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.js
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xul
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\push.html
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.html
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\install.rdf
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\button1.png
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\button2.png
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\button3.png
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\button4.png
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\button5.png
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.png
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.png
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.png
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.png
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\popup.css
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\popup.html
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\skin.css
c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\extensions\crossriderapp2258@crossrider.com\skin\update.css
c:\users\tricia\Documents\~WRL0005.tmp
c:\users\tricia\Documents\~WRL0223.tmp
c:\users\tricia\Documents\~WRL0366.tmp
c:\users\tricia\Documents\~WRL0683.tmp
c:\users\tricia\Documents\~WRL0812.tmp
c:\users\tricia\Documents\~WRL0907.tmp
c:\users\tricia\Documents\~WRL0926.tmp
c:\users\tricia\Documents\~WRL0945.tmp
c:\users\tricia\Documents\~WRL0992.tmp
c:\users\tricia\Documents\~WRL1033.tmp
c:\users\tricia\Documents\~WRL1068.tmp
c:\users\tricia\Documents\~WRL1160.tmp
c:\users\tricia\Documents\~WRL1210.tmp
c:\users\tricia\Documents\~WRL1242.tmp
c:\users\tricia\Documents\~WRL1551.tmp
c:\users\tricia\Documents\~WRL1763.tmp
c:\users\tricia\Documents\~WRL2065.tmp
c:\users\tricia\Documents\~WRL2212.tmp
c:\users\tricia\Documents\~WRL2230.tmp
c:\users\tricia\Documents\~WRL2355.tmp
c:\users\tricia\Documents\~WRL2401.tmp
c:\users\tricia\Documents\~WRL2599.tmp
c:\users\tricia\Documents\~WRL2880.tmp
c:\users\tricia\Documents\~WRL2919.tmp
c:\users\tricia\Documents\~WRL3096.tmp
c:\users\tricia\Documents\~WRL3179.tmp
c:\users\tricia\Documents\~WRL3307.tmp
c:\users\tricia\Documents\~WRL3436.tmp
c:\users\tricia\Documents\~WRL3777.tmp
c:\users\tricia\Documents\~WRL3869.tmp
c:\users\tricia\Documents\~WRL4019.tmp
c:\users\tricia\Documents\~WRL4095.tmp
c:\users\tricia\Documents\~WRL4100.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 19:28 . 2012-07-13 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 17:43 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFFF8B06-DEAF-415B-8735-65C00F317D87}\mpengine.dll
2012-07-12 21:16 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 19:46 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 19:46 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 19:46 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 19:44 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 19:44 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 19:44 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-06 02:20 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-06 02:20 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-07-06 02:20 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-06 02:20 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-06 02:20 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-07-06 01:59 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-07-05 22:05 . 2012-07-05 22:05 -------- d-----w- c:\users\tricia\AppData\Local\ElevatedDiagnostics
2012-07-05 20:33 . 2012-07-05 20:33 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-05 19:43 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-05 19:43 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-05 19:43 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-05 19:25 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-05 19:25 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-07-05 19:25 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-05 19:25 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-05 19:10 . 2012-07-05 19:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-07-05 19:10 . 2012-07-05 19:10 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-07-05 19:10 . 2012-07-05 19:10 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-05 19:10 . 2012-07-05 19:10 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-07-05 19:10 . 2012-07-05 19:10 2873344 ----a-w- c:\windows\system32\mf.dll
2012-07-05 19:10 . 2012-07-05 19:10 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-05 19:10 . 2012-07-05 19:10 586240 ----a-w- c:\windows\system32\stobject.dll
2012-07-05 19:10 . 2012-07-05 19:10 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-07-05 19:10 . 2012-07-05 19:10 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-07-05 19:09 . 2012-07-05 19:09 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-05 19:09 . 2012-07-05 19:09 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-07-05 19:09 . 2012-07-05 19:09 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-07-05 19:09 . 2012-07-05 19:09 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-07-05 19:09 . 2012-07-05 19:09 37376 ----a-w- c:\windows\system32\cdd.dll
2012-07-05 19:09 . 2012-07-05 19:09 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-07-05 19:09 . 2012-07-05 19:09 258048 ----a-w- c:\windows\system32\winspool.drv
2012-07-05 19:09 . 2012-07-05 19:09 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-07-05 19:09 . 2012-07-05 19:09 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-07-05 19:09 . 2012-07-05 19:09 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-07-05 19:09 . 2012-07-05 19:09 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-07-05 19:08 . 2012-07-05 19:08 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-05 19:08 . 2012-07-05 19:08 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-05 19:08 . 2012-07-05 19:08 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-05 19:08 . 2012-07-05 19:08 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-05 19:08 . 2012-07-05 19:08 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-05 19:08 . 2012-07-05 19:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-05 19:08 . 2012-07-05 19:08 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-05 18:28 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-07-05 18:28 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-07-05 18:26 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-05 18:26 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-05 18:26 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-07-05 18:26 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-05 18:26 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-05 18:26 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-05 18:26 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-07-05 18:26 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-07-05 18:24 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-07-05 18:24 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-07-05 18:24 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-07-05 18:24 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-07-05 18:14 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-07-05 18:14 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-05 18:14 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-05 18:14 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-07-05 18:14 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-07-05 18:14 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-07-05 18:14 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-07-05 18:14 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-07-05 18:14 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-07-05 18:13 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-05 18:05 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-07-05 17:31 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-05 17:31 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-05 17:31 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-05 17:31 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-05 17:30 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-05 17:30 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-05 17:30 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-05 17:29 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-05 17:29 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-29 03:24 . 2012-06-29 03:26 -------- d-----w- c:\windows\system32\ca-ES
2012-06-29 03:24 . 2012-06-29 03:26 -------- d-----w- c:\windows\system32\eu-ES
2012-06-29 03:24 . 2012-06-29 03:26 -------- d-----w- c:\windows\system32\vi-VN
2012-06-29 02:42 . 2012-06-29 02:42 -------- d-----w- c:\windows\system32\EventProviders
2012-06-29 02:39 . 2009-04-11 06:28 324608 ----a-w- c:\windows\system32\sdohlp.dll
2012-06-29 02:38 . 2009-04-11 06:28 1382912 ----a-w- c:\windows\system32\WMVSDECD.DLL
2012-06-29 02:37 . 2009-04-11 06:28 425472 ----a-w- c:\windows\system32\shwebsvc.dll
2012-06-29 02:05 . 2012-06-29 02:05 -------- d-----w- c:\programdata\WindowsSearch
2012-06-29 00:55 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-06-29 00:40 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-06-29 00:40 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-06-29 00:40 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-06-29 00:40 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-06-29 00:40 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-29 00:34 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-06-29 00:32 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-06-29 00:32 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-06-29 00:32 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-06-29 00:32 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-06-29 00:32 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-06-29 00:32 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2012-06-29 00:30 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-06-29 00:29 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-06-29 00:28 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2012-06-29 00:28 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2012-06-29 00:28 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2012-06-29 00:28 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2012-06-29 00:28 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2012-06-29 00:28 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-06-28 23:09 . 2012-07-08 02:36 -------- d-----w- C:\PerfLogs
2012-06-28 01:41 . 2012-06-28 01:41 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-28 01:06 . 2012-06-28 01:06 -------- d-----w- c:\windows\Intuit
2012-06-28 00:21 . 2012-06-28 00:21 -------- d-----w- c:\users\tricia\AppData\Roaming\InterVideo
2012-06-27 18:59 . 2012-07-06 03:00 -------- d-----w- c:\program files\CCleaner
2012-06-27 18:57 . 2012-06-27 18:59 -------- d-----w- c:\users\tricia\AppData\Local\Google
2012-06-27 18:57 . 2012-06-27 18:58 -------- d-----w- c:\program files\Google
2012-06-27 18:55 . 2012-06-27 18:54 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-27 18:52 . 2012-06-27 18:52 -------- d-----w- C:\Reg_Backup
2012-06-27 18:52 . 2012-06-27 18:54 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-06-27 18:51 . 2012-06-27 18:53 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 13:49 . 2012-03-30 23:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 13:49 . 2012-03-30 23:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-05 19:08 . 2012-07-05 19:08 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-06-28 22:50 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-06-28 22:50 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-06-27 18:54 . 2010-11-28 03:17 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-16 22:18 . 2012-03-31 01:24 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-16 22:18 . 2012-03-31 01:24 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-18 17:49 . 2012-04-25 01:55 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-04-30 15:47 . 2011-08-19 18:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-12 45056]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 4669440]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-16 348624]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-01 232616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"attcm_AppStart.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2011-06-10 210568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOL DDI.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOL DDI.lnk
backup=c:\windows\pss\AOL DDI.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^tricia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\users\tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-09-06 22:38 53248 ----a-w- c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:49]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 18:57]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 18:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.goodsearch.com/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\tricia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\tricia\AppData\Roaming\Mozilla\Firefox\Profiles\z3862h3p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
MSConfigStartUp-1449151949 - c:\programdata\1221814252\1449151949.exe
MSConfigStartUp-VAIOSurvey - c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-{A63E7492-A0BC-4BB9-89A7-352965222380} - c:\program files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-13 15:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-13 15:33:42
ComboFix-quarantined-files.txt 2012-07-13 19:33
.
Pre-Run: 99,037,622,272 bytes free
Post-Run: 99,144,126,464 bytes free
.
- - End Of File - - CC8A04789B82989562760F7B52A7CB99

#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 14 July 2012 - 10:39 AM

Please do this next:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 14 July 2012 - 02:38 PM

no malicious items were found. Here is the log

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.14.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
tricia :: TRICIA-PC [administrator]

Protection: Enabled

7/14/2012 12:27:16 PM
mbam-log-2012-07-14 (12-27-16).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 340938
Time elapsed: 1 hour(s), 27 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 14 July 2012 - 05:48 PM

How is the computer running now? Please do this next:

Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 14 July 2012 - 09:03 PM

Running pretty good now. Here is the eset log. Found 2 items:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9033f9b642ae27479eef55fb946c990f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-15 01:44:47
# local_time=2012-07-14 09:44:47 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 8228965 8228965 0 0
# compatibility_mode=5892 16776573 100 100 0 178915173 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=146744
# found=2
# cleaned=2
# scan_time=9043
C:\Users\tricia\Downloads\FreeYouTubeToMP3Converter(3).exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\tricia\Downloads\FreeYouTubeToMP3Converter(4).exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 14 July 2012 - 09:59 PM

Your YourTube to mp3 converter was flagged by ESET because because they consider it to be adware, it installs toolbars or has other unclear objectives. If you no longer want that app, uninstall it via Control Panel > Programs > Uninstall a program.

Otherwise your logs look good. All I have left for you is some very important cleanup:

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • GMER
  • aswMBR
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 15 July 2012 - 08:31 AM

Thank you so much for your help!

#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 15 July 2012 - 10:51 AM

You're welcome, mediamom. Take care!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users