Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicked on Fake Adobe Flash Upgrade. MSE/Firewall can't run. I need help removing the viruses!


  • Please log in to reply
25 replies to this topic

#1 CloseToHome

CloseToHome

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 July 2012 - 02:20 AM

Hey guys, I clicked on a fake Adobe Flash Player Upgrade and now I can't open my Firewall or Microsoft Security Essentials (error code 0x80070424). It would give me an error and it won't let me start it up. I am using Windows 7 32-bit by the way!

I did some searching and it seems to be that I have the same problem as this user who made a thread about it a few days ago.

http://www.bleepingcomputer.com/forums/topic461572.html

So far, I only did the steps up to TSDDkiller, aswMBR. **My ESET Online Scanner is still scanning, will post results later**

Thanks a lot!

-----------------------------------------------
Here are the steps I did up to this point.

TSDDkiller

It found zero threats.


aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-24 02:07:53
-----------------------------
02:07:53.857 OS Version: Windows 6.1.7601 Service Pack 1
02:07:53.857 Number of processors: 4 586 0xF0B
02:07:53.858 ComputerName: LANNY UserName: user
02:07:55.479 Initialize success
02:08:52.964 AVAST engine defs: 12072302
02:09:25.805 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:09:25.808 Disk 0 Vendor: ST3500413AS JC45 Size: 476940MB BusType: 3
02:09:25.810 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000076
02:09:25.813 Disk 1 Vendor: Size: 476940MB BusType: 0
02:09:25.816 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007b
02:09:25.819 Disk 2 Vendor: Size: 476940MB BusType: 0
02:09:25.832 Disk 0 MBR read successfully
02:09:25.836 Disk 0 MBR scan
02:09:25.841 Disk 0 Windows 7 default MBR code
02:09:25.847 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102938 MB offset 2048
02:09:25.862 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 374000 MB offset 210819072
02:09:25.869 Disk 0 scanning sectors +976771072
02:09:25.926 Disk 0 scanning C:\Windows\system32\drivers
02:09:35.192 Service scanning
02:09:54.475 Modules scanning
02:10:02.432 Disk 0 trace - called modules:
02:10:03.381
02:10:06.912 AVAST engine scan C:\Windows
02:10:07.028 File: C:\Windows\AutoKMS.exe **INFECTED** Win32:Trojan-gen
02:10:08.446 AVAST engine scan C:\Windows\system32
02:12:04.360 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
02:12:47.856 AVAST engine scan C:\Windows\system32\drivers
02:12:58.509 AVAST engine scan C:\Users\user
02:39:45.506 AVAST engine scan C:\ProgramData
02:40:55.257 Scan finished successfully
02:42:14.762 Disk 0 MBR has been saved successfully to "C:\Users\user\Documents\MBR.dat"
02:42:14.769 The log file has been saved successfully to "C:\Users\user\Documents\aswMBR.txt"



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:58 AM

Posted 24 July 2012 - 02:36 AM

:thumbup2:

#3 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 July 2012 - 11:40 AM

Thanks, here is my ESET Online Scanner results.

C:\Users\user\AppData\Local\{c647b46a-6d6b-8d07-01fd-6814141c9716}\n a variant of Win32/Kryptik.AIVX trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\Installer\{c647b46a-6d6b-8d07-01fd-6814141c9716}\n a variant of Win32/Kryptik.AIVX trojan cleaned by deleting - quarantined
C:\Windows\Installer\{c647b46a-6d6b-8d07-01fd-6814141c9716}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{c647b46a-6d6b-8d07-01fd-6814141c9716}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\System32\services.exe Win32/Sirefef.FC trojan unable to clean
Operating memory multiple threats



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:58 AM

Posted 24 July 2012 - 08:28 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{c647b46a-6d6b-8d07-01fd-6814141c9716}

Click on LOOK,post the generated log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 July 2012 - 08:45 PM

Thanks narenxp!

Systemlook results

SystemLook 30.07.11 by jpshortstuff
Log created at 21:32 on 24/07/2012 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] A302BBFF2A7278C0E239EE5D471D86A9
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

========== folderfind ==========

Searching for "{c647b46a-6d6b-8d07-01fd-6814141c9716}"
C:\Users\user\AppData\Local\{c647b46a-6d6b-8d07-01fd-6814141c9716} d--hs-- [11:54 11/01/2012]
C:\Windows\Installer\{c647b46a-6d6b-8d07-01fd-6814141c9716} d--hs-- [11:54 11/01/2012]

-= EOF =-


Mini toolbox - For this I had an error [The ordinal1108 could not be located in the dynamic link library WSOCK32.dll). I closed the dialog and it continued, but pressing OK would just keep it from coming up.

MiniToolBox by Farbar Version: 23-07-2012
Ran by user (administrator) on 24-07-2012 at 21:38:27
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.autoconfig_url", "http://89.36.225.1:8080/Romania_0%20"
"network.proxy.http", "75.119.200.19"
"network.proxy.http_port", 80

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82566DC-2 Gigabit Network Connection = Local Area Connection (Connected)
TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Lanny
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-BA-0A-3D-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1D-09-1E-3B-09
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ad85:4b50:eb18:32d5%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, July 14, 2012 12:17:48 PM
Lease Expires . . . . . . . . . . : Wednesday, July 25, 2012 12:18:23 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 167779593
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E6-F5-07-00-1D-09-1E-3B-09
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{32A6A4E1-E53D-4336-A8CB-49A1A0494681}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BA0A3DF0-391E-4BC2-A604-37201236146F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.226.71] with 32 bytes of data:
Reply from 74.125.226.71: bytes=32 time=14ms TTL=56
Reply from 74.125.226.71: bytes=32 time=25ms TTL=56

Ping statistics for 74.125.226.71:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 25ms, Average = 19ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=155ms TTL=48
Reply from 98.139.183.24: bytes=32 time=71ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 71ms, Maximum = 155ms, Average = 113ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 ff ba 0a 3d f0 ......TAP-Win32 Adapter V9
9...00 1d 09 1e 3b 09 ......Intel® 82566DC-2 Gigabit Network Connection
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 266
192.168.1.2 255.255.255.255 On-link 192.168.1.2 266
192.168.1.255 255.255.255.255 On-link 192.168.1.2 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 266 fe80::/64 On-link
9 266 fe80::ad85:4b50:eb18:32d5/128
On-link
1 306 ff00::/8 On-link
9 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/24/2012 05:00:09 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 14.0.1.4577 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3fac

Start Time: 01cd69dc19ec4144

Termination Time: 31

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 8afbfc4b-d5d2-11e1-a8dc-001d091e3b09

Error: (07/24/2012 04:57:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version: 11.3.300.265, time stamp: 0x4febd5ac
Faulting module name: NPSWF32_11_3_300_265.dll, version: 11.3.300.265, time stamp: 0x4febd798
Exception code: 0xc0000005
Fault offset: 0x002118b9
Faulting process id: 0x4f04
Faulting application start time: 0xFlashPlayerPlugin_11_3_300_265.exe0
Faulting application path: FlashPlayerPlugin_11_3_300_265.exe1
Faulting module path: FlashPlayerPlugin_11_3_300_265.exe2
Report Id: FlashPlayerPlugin_11_3_300_265.exe3

Error: (07/24/2012 04:48:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version: 11.3.300.265, time stamp: 0x4febd5ac
Faulting module name: NPSWF32_11_3_300_265.dll, version: 11.3.300.265, time stamp: 0x4febd798
Exception code: 0xc0000005
Fault offset: 0x001ce991
Faulting process id: 0x5284
Faulting application start time: 0xFlashPlayerPlugin_11_3_300_265.exe0
Faulting application path: FlashPlayerPlugin_11_3_300_265.exe1
Faulting module path: FlashPlayerPlugin_11_3_300_265.exe2
Report Id: FlashPlayerPlugin_11_3_300_265.exe3

Error: (07/24/2012 04:05:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/24/2012 04:05:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/24/2012 04:05:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/24/2012 04:05:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/24/2012 04:05:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/24/2012 04:05:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/24/2012 04:04:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/23/2012 08:33:45 AM) (Source: DCOM) (User: LANNY)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}LANNYuserS-1-5-21-914039790-3522676490-3717198472-1000LocalHost (Using LRPC)

Error: (07/23/2012 08:33:45 AM) (Source: DCOM) (User: LANNY)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}LANNYuserS-1-5-21-914039790-3522676490-3717198472-1000LocalHost (Using LRPC)

Error: (07/23/2012 08:12:31 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk7\DR12.

Error: (07/17/2012 02:05:12 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the libusbd service.

Error: (07/14/2012 00:25:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the libusbd service.

Error: (07/14/2012 00:25:21 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/14/2012 00:17:46 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KLIM6

Error: (07/14/2012 00:17:42 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:15:33 PM on ?7/?14/?2012 was unexpected.

Error: (07/11/2012 05:22:53 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KLIM6

Error: (07/06/2012 00:27:00 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (07/24/2012 05:00:09 PM) (Source: Application Hang)(User: )
Description: firefox.exe14.0.1.45773fac01cd69dc19ec414431C:\Program Files\Mozilla Firefox\firefox.exe8afbfc4b-d5d2-11e1-a8dc-001d091e3b09

Error: (07/24/2012 04:57:07 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_3_300_265.exe11.3.300.2654febd5acNPSWF32_11_3_300_265.dll11.3.300.2654febd798c0000005002118b94f0401cd69ddb1a34620C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exeC:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll207a058d-d5d2-11e1-a8dc-001d091e3b09

Error: (07/24/2012 04:48:33 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_3_300_265.exe11.3.300.2654febd5acNPSWF32_11_3_300_265.dll11.3.300.2654febd798c0000005001ce991528401cd69dd64fabd06C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exeC:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dllee070828-d5d0-11e1-a8dc-001d091e3b09

Error: (07/24/2012 04:05:24 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\imperator\firmware updater\bootloader\DPInst_amd64.exe

Error: (07/24/2012 04:05:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"j:\program files\Last.fm\Moose1.dll

Error: (07/24/2012 04:05:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"j:\program files\Last.fm\LastFmTools1.dll

Error: (07/24/2012 04:05:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"j:\program files\Last.fm\LastFmFingerprint1.dll

Error: (07/24/2012 04:05:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"j:\program files\Last.fm\LastFM.exe

Error: (07/24/2012 04:05:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"j:\program files\Last.fm\breakpad.dll

Error: (07/24/2012 04:04:10 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"i:\APPS\cyberlink powerdirector 9\cyberlink.powerdirector.ultra64.v9.0.2316\powerdirector\muitransfer\MUIStartMenuX64.exe


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
32 bit Windows Card Reader Driver (Version: 1.1.0.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
abgx360 v1.0.6
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
All Sound Recorder Vista 1.30
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
Assassin's Creed Revelations (Version: 1.01)
Audacity 1.3.13 (Unicode)
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Back to the Future The Game - Episode 1 (Version: 1.0.0.0)
Back to the Future The Game - Episode 2 (Version: 1.0.0.0)
Back to the Future The Game - Episode 3 (Version: 1.0.0.0)
Back to the Future The Game - Episode 4 (Version: 1.0.0.15)
Back to the Future The Game - Episode 5 (Version: 1.0.0.15)
Batman Arkham City version 1.0 (Version: 1.0)
Bonjour (Version: 3.0.0.10)
Call of Duty: Modern Warfare 3 - Multiplayer
Call of Juarez The Cartel
Cheat Engine 6.1
Conduit Engine (Version: )
Counter-Strike: Source
CyberGhost VPN Patch 4.7.19
CyberLink PowerDirector (Version: 9.0.0.2316)
CyberLink PowerDVD 10 (Version: 10.0.2325.51)
CyberLink WaveEditor (Version: 1.0.1.2228b)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Pro (Version: 4.41.0314.0232)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DiRT 3 (Version: 1.0.0001.130)
Dropbox (Version: 1.1.45)
EPSON Artisan 800 Series Printer Uninstall
Epson Event Manager (Version: 2.01.00)
Epson Print CD (Version: 2.00.00)
EPSON Scan
ESET Online Scanner v3
FileZilla Client 3.5.0 (Version: 3.5.0)
FlashGet 1.9.6.1073 (Version: 1.9.6.1073)
Fraps
Google Chrome (Version: 20.0.1132.57)
Google Update Helper (Version: 1.3.21.115)
HyperCam 3 (Version: 3.0.912.18)
HyperSnap 7 (Version: 7.06.01)
ImgBurn (Version: 2.5.7.0)
InfraRecorder
Intel® PRO Network Connections 12.1.12.4 (Version: )
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
L.A. Noire (Version: 1.00.0000)
LAME v3.98.3 for Audacity
LibUSB-Win32-0.1.10.1 (Version: 0.1.10.1)
LIMBO
London 2012: The Official Video Game of the Olympic Games
Major League Baseball 2K12 (Version: 1.0.0)
Max Payne 3 (Version: 1.0.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Midnight Club II
mIRC (Version: 7.25)
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
Monopoly
MotioninJoy ds3 driver version 0.6.0004 (Version: 0.6.00001)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSN Connection Center (Version: 1.8)
MSVCRT (Version: 15.4.2862.0708)
Need for Speed™ The Run (Version: 1.0.0.0)
NetWaiting (Version: 2.5.47)
Nexus Mod Manager (Version: 0.13.1)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA 3D Vision Driver 296.10 (Version: 296.10)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9610)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
Octoshape Streaming Services
OpenAL
PAYDAY: The Heist
Pod to PC 4.027
Power Challenge Game Plugin
PunkBuster Services (Version: 0.991)
QuickTime (Version: 7.72.80.56)
Rapture3D 2.4.8 Game
Razer Imperator (Version: 2.02.00)
Razer Imperator Firmware Updater (Version: 1.16.00)
Rockstar Games Social Club (Version: 1.0.9.5)
Saints Row The Third
Segoe UI (Version: 15.4.2271.0615)
SigmaTel Audio (Version: 5.10.5102.0)
Sniper Elite V2
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab
System Requirements Lab CYRI (Version: 4.5.1.0)
The Darkness II
The Walking Dead © 3 version 1 (Version: 1)
Toy Soldiers
Ubisoft Game Launcher (Version: 1.0.0.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentBar Toolbar (Version: 6.3.5.3)
VLC media player 2.0.2 (Version: 2.0.2)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 3069.94 MB
Available physical RAM: 1392.74 MB
Total Pagefile: 6138.17 MB
Available Pagefile: 2898.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.75 MB

========================= Partitions: =====================================

1 Drive c: (Partition Drive) (Fixed) (Total:100.53 GB) (Free:12.25 GB) NTFS
7 Drive i: (FreeAgentGoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:1257.49 GB) NTFS
8 Drive j: (Local Disk) (Fixed) (Total:365.23 GB) (Free:334.18 GB) NTFS
9 Drive k: (IMATION) (Fixed) (Total:931.51 GB) (Free:198.06 GB) NTFS
10 Drive l: (The Darkness II) (CDROM) (Total:6.06 GB) (Free:0 GB) CDFS
11 Drive m: (London 2012) (CDROM) (Total:6.27 GB) (Free:0 GB) CDFS
12 Drive n: (Toy Soldiers) (CDROM) (Total:1.46 GB) (Free:0 GB) CDFS
13 Drive o: (NFS_TR_DISC_1) (CDROM) (Total:7.92 GB) (Free:0 GB) CDFS
14 Drive p: (NFS_TR_DISC_2) (CDROM) (Total:7.04 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\LANNY

Administrator Guest Mcx1-LANNY
UpdatusUser user


**** End of log ****


FSS

Farbar Service Scanner Version: 22-07-2012
Ran by user (administrator) on 24-07-2012 at 21:42:38
Running from "J:\Documents\Flashget Download"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




adware cleaner log will be posted here in a few minutes, since I have to close everything.

Edited by CloseToHome, 24 July 2012 - 08:48 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:58 AM

Posted 24 July 2012 - 08:48 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER


Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\user\AppData\Local\{c647b46a-6d6b-8d07-01fd-6814141c9716}
C:\Windows\Installer\{c647b46a-6d6b-8d07-01fd-6814141c9716}

delete the folders,if you receive,access denied error restart the PC

Post the new system look log


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Edited by narenxp, 24 July 2012 - 09:20 PM.


#7 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 July 2012 - 08:56 PM

Just restarted my computer from the log. Here are the results.

EDIT: You reply too quick haha, I will do the steps you posted right now!

My adware cleaner log.

# AdwCleaner v1.703 - Logfile created 07/24/2012 at 21:49:24
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : user - LANNY
# Running from : J:\Documents\Flashget Download\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\uTorrentBar
File Deleted : C:\Windows\system32\conduitEngine.tmp

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2966884
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\uTorrentBar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41BE5DC3-212A-44A3-8811-4A54E9D2884A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41BE5DC3-212A-44A3-8811-4A54E9D2884A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

-\\ Google Chrome v20.0.1132.57

*************************

AdwCleaner[S1].txt - [268 octets] - [24/07/2012 21:43:57]
AdwCleaner[S2].txt - [4306 octets] - [24/07/2012 21:49:24]

########## EOF - C:\AdwCleaner[S2].txt - [4434 octets] ##########



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:58 AM

Posted 24 July 2012 - 09:00 PM

EDIT: You reply too quick haha, I will do the steps you posted right now!


:thumbup2:

#9 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 July 2012 - 09:07 PM

EDIT: You reply too quick haha, I will do the steps you posted right now!


:thumbup2:


Hello, I have just done the steps up to the

Click ok,now go to

C:\Users\user\AppData\Local\{c647b46a-6d6b-8d07-01fd-6814141c9716}
C:\Windows\Installer\{c647b46a-6d6b-8d07-01fd-6814141c9716}


I was able to delete C:\Users\user\AppData\Local\{c647b46a-6d6b-8d07-01fd-6814141c9716}. However, not C:\Windows\Installer\{c647b46a-6d6b-8d07-01fd-6814141c9716}. It says "action can't be completed because the file is opened in another program. Close the folder and try again."

What should I do from here.

Also, when you tell me to do this:

Click ok,now go to

C:\Users\user\AppData\Local\{c647b46a-6d6b-8d07-01fd-6814141c9716}
C:\Windows\Installer\{c647b46a-6d6b-8d07-01fd-6814141c9716}

delete the folders,if you receive,access denied error restart the PC

Post the new system look log


You want me to use this script again right?

@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0




Hehe, also I caught a little mistake you made. Should it be "services.bat" instead? Just making sure :wink:

Click on FILE>> save as

filename:sevices.bat
Save as type:All types


Edited by CloseToHome, 24 July 2012 - 09:10 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:58 AM

Posted 24 July 2012 - 09:10 PM

I was able to delete C:\Users\user\AppData\Local\{c647b46a-6d6b-8d07-01fd-6814141c9716}. However, not C:\Windows\Installer\{c647b46a-6d6b-8d07-01fd-6814141c9716}. It says "action can't be completed because the file is opened in another program. Close the folder and try again."

Run the services.bat file ,restart the PC and delete the folder

Hehe, also I caught a little mistake you made. Should it be "services.bat" instead? Just making sure :wink:


Sorry for typo

#11 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 July 2012 - 09:18 PM

Uh oh. I think I just messed up my computer. I got a blue screen. Im typing this on my iPhone. All I did was pasted in the Services.bat script again like you told me to. I clicked restart and now im trying to repair windows

Edited by CloseToHome, 24 July 2012 - 09:19 PM.


#12 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 July 2012 - 09:21 PM

Also, is it normal for services.bat to delete itself everytime? Im at Startup repair state

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:58 AM

Posted 24 July 2012 - 09:22 PM

If startup repair works let me know else

Try this

Press F8 on bootup,click on REPAIR your COMPUTER option

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select System restore and try to restore the PC to previous point

Edited by narenxp, 24 July 2012 - 09:23 PM.


#14 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 July 2012 - 09:25 PM

I cannot press F8. Ot says windows fails to start. Gives me two options. Launch startup repair or start windows normally(will get blue screen)

Oh woops didnt see your edited post. I will try system restore after i try repairing it. Takes a while :(

Edited by CloseToHome, 24 July 2012 - 09:26 PM.


#15 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 July 2012 - 09:28 PM

What should I do after system restore(if it works)?

What steps should I redo again?

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users