Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected and windows constnatly hang


  • This topic is locked This topic is locked
15 replies to this topic

#1 tnspeck

tnspeck

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 01 August 2012 - 08:00 PM

Hi,

I am having trouble with my computer being very, very slow and constantly being unable to download or upload almost everything. I cannot open pdf files or even download Adobe. I was first told to directed to This Guide and told to start at step 6.

When I tried to download the DDS program I probably had to try and download it more than 20 times. Finally I was able to download this program and tried to run a scan.

The first time I tried to run a scan I got the dreaded Blue Screen stating:

Microsoft Windows

A problem has been detected and Windows has been shutdown to prevent further damage to your computer.

DRIVER_IRQL_NOT_LESS_OR_EQUAL

If this is the first time you have seen this STOP error screen, restart your computer. If this screen appears again follow these steips:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any Windows updates you might need.

If problem continues disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options and then select Safe Mode.

"TECHNICAL INFORMATION"

***STOP: 0x000000D1 (0x8AE7D000,0x00000000,0xAC916BB2)
***

***mbr.sys - Address AC916BB2 base at AC915000, DateStamp 4cd665da.***

Begin dump of physical memory.
Physical memory dump complete.
Contact system administrator or technical support for further assistance.

*****************************************

I then restarted my computer and then received this "Blue Screen Error".

Microsoft Windows

A problem has been detected and Windows has been shutdown to prevent further damage to your computer.

DRIVER_IRQL_NOT_LESS_OR_EQUAL

If this is the first time you have seen
this STOP error screen, restart your computer. If this screen appears again follow these steips:

Check to be sure you have adequate disk space. If a driver is identified in the STOP message disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options and then select Safe Mode.

TECHNICAL INFORMATION

***STOP:0x0000007E (0xC0000005,0xBA68F837,0xA9B87CC8,0xA9B879C4)***

***drvmcdb.sys - Address BA68F837 at BA682000, DateStamp 3f29b97e.***

Begin dump of physical memory.
Physical memory dump complete.
Contact system administrator or technical support for further assistance.

*****************************************
I then restarted my computer and got online without any problems. Computer idled for about a half an hour when I tried to get back online.

Received a Microsoft Windows Error Box.

Error: System has recovered from a very serious error.
A log has been created.

ERROR SIGNATURE

BCCODE:100000d1 BCP1:8B737000 BCP2:000000FF BCP3:00000000 BCP4:F77D0BB2

OSVer: 5_1_2600 SP:3_0 Product 768_1

TECHNICAL INFORMATION

ERROR REPORT CONTENTS
The following will be included in this error report.

C:\DOCUME~1\Teresa\LOCALS~1\Temp\WER4a95/dir00\Mini073112-01.dmp
C:\DOCUME~1\Teresa\LOCALS~1
\Temp\WER4a95.dir00\sysdata.xml

After this Blue Screen Error I tried to run DDS one more time resulting in the same first Blue Screen Error above. Consequently I was unable to run a DDS log.

I then download GMER successfully and was able to do a scan and produce a GMER log which is attached.

Attached Files

  • Attached File  ark.txt   13.95KB   1 downloads


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 01 August 2012 - 08:40 PM

Hello tnspeck,

My name is Cody and I'll be helping you clean up your computer.

I will reply as soon as possible (typically within 24 hours).

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: When you post your reply, do not use the Posted Image button but use the Posted Image button instead.

In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Edited by TheShooter93, 01 August 2012 - 08:40 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 03 August 2012 - 01:58 PM

tnspeck,

How to Access Safe Mode With Networking

While the computer is turning on, tap F8 repeatedly until a black screen with white text appears. Using your arrow keys highlight the option Safe Mode With Networking and hit Enter.

Note: If you're using Windows XP, connect to your modem or router with an Ethernet cable, then follow these directions.

--------------------------------------

Try these directions in Safe Mode With Networking:

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
[/quote]

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 07 August 2012 - 07:32 AM

tnspeck,

It's been at least 72 hours since your last post. Are you still there?

If you need more time, let me know.

If you don't, this thread will be closed in 48 hours due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 10 August 2012 - 04:21 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 13 August 2012 - 06:49 AM

Hi tnsspeck,

I've reopened this at your request. Please follow TheShooter93's instructions here and post the DDS log in your reply.

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 tnspeck

tnspeck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 18 August 2012 - 01:05 AM

Here are the DDS reports that you asked for. Sorry it took so long to get back to you but I did not have high speed internet until today. I could not make the attach.txt file a zip file. Tried to but was unsuccessful and unable to do this right now on my computer. I attached it and hope that this is ok. Please explain to me how to make a file a zip file as I cannot make it by right clicking a file, hitting Send To and then compressed file as that is not available on my Send To options.

Sorry for any inconvenience this may have caused. Thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0
Run by Teresa at 23:28:08 on 2012-08-17
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: H - No File
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {a899079d-206f-43a6-be6a-07e0fa648ea0} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [EPSON WorkForce 610 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S62.tmp" /EF "HKCU"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNjM1MDYwMjI0LVNUMSsyLUZQOSs2LVRCOSsyLUZMKzktUUlYMSszLUYxME0xMEQrMi1GTDEwKzEtTElDKzg4LVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzE"&"prod=90"&"ver=10.0.1382
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\ccleaner\CCleaner.exe
mPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342047649390
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
TCP: Interfaces\{AA48D4DD-75DF-4953-9F30-68496640683B} : DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = :\windows\system3
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-08-18 01:43:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 01:43:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 23:24:53 -------- d-----w- c:\program files\Pure Networks
2012-08-17 23:21:40 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2012-08-17 23:21:30 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2012-08-17 23:21:06 -------- d-----w- c:\program files\common files\Pure Networks Shared
2012-08-17 23:18:25 -------- d-----w- c:\documents and settings\all users\application data\Pure Networks
2012-08-17 22:41:11 -------- d-----w- c:\program files\WebEx
2012-07-27 20:48:04 -------- d-----w- c:\documents and settings\all users\application data\MSScanAppDataDir
.
==================== Find3M ====================
.
2012-08-17 23:22:50 8892928 ----a-w- c:\documents and settings\all users\application data\atscie.msi
2012-07-03 20:40:42 582992 ----a-w- c:\windows\system32\sbap.dll
2012-07-03 20:40:42 1332560 ----a-w- c:\windows\system32\sbte.dll
2012-07-03 20:40:41 308560 ----a-w- c:\windows\system32\vipre.dll
2012-07-03 20:40:41 160768 ----a-w- c:\windows\system32\unrar.dll
2012-07-03 20:40:05 6197048 ----a-w- c:\windows\uninstac.exe
2012-07-03 19:51:53 4106512 ----a-w- c:\windows\uninst.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 03:33:45 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-16 03:33:45 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 03:33:45 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-03 14:40:49 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 23:28:26.18 ===============

Attached Files



#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 19 August 2012 - 08:56 AM

Hello tnspeck,

We need to run a scan with Combofix:

  • Please go to the download page for ComboFix by sUBs.
  • Click the Download Now button pictured below and save the file to your desktop:

    Posted Image
  • Disable any anti-virus and/or firewall software you have installed.
    instructions can be found here if needed
  • Close all open windows including your web browser
    as mentioned in the first post, you may want to print out all instructions before starting
  • Double-click on the ComboFix icon on your desktop. Posted Image
  • Read the Disclaimer and click I Agree if you want to run the software, then you should see a window like the one below:

    Posted Image
  • DO NOT use your computer while ComboFix is running. There are a lot of things going on behind the scenes and a single mouse click can cause the program to stall.

    However, if you see the prompt below, please click Yes to download the Microsoft Windows Recovery Console.

    Posted Image

    If an Internet connection is not available or you choose not to install the recovery console, ComboFix will run in Reduced Functionality mode
  • Allow ComboFix to reboot the computer if necessary, it will run again after you log back in.
  • When complete, a log file will be displayed, please copy and paste the contents of this file into your next post.

    Posted Image

More information about downloading and using ComboFix can be found here if needed.

--------------------------------------------------------

Also, I suggest uninstalling PC Cleaner Pro.

Programs like these claim to make your computer faster, but I've worked on cases where it leaves the user's computer a doorstop.

There is no program that can safely scan the registry and delete only "safe" values.

--------------------------------------------------------

Also, did you edit the previous DDS log in any way?

There was a couple sections missing. This could be the result of malware or user error, and I would just like to narrow down which it is.

Edited by TheShooter93, 19 August 2012 - 08:58 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#9 tnspeck

tnspeck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 20 August 2012 - 11:55 AM

I did not edit my DDS report that I sent to you. Copied and pasted and sent it. I did run Combofix and I will be including that in this post.

ComboFix 12-08-18.03 - Teresa 08/20/2012 0:06.1.2 - x86
Running from: c:\documents and settings\Teresa\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\260
c:\documents and settings\All Users\Application Data\260\{96D0C5DE-7C35-4173-9645-25AFC8D2A35C}.swf
c:\documents and settings\All Users\Application Data\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Speck\Application Data\PriceGong
c:\documents and settings\Speck\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Speck\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Teresa\WINDOWS
c:\documents and settings\Teresa\WINDOWS\Startup\desktop.ini
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\29b7388759332fd4.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\813eac108f5c0c8c.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COUPONALERT_2PSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 04:25 . 2012-08-20 04:25 -------- d-----w- c:\documents and settings\Teresa\WINDOWS
2012-08-19 23:50 . 2012-08-19 23:50 -------- d-----w- c:\documents and settings\Teresa\Local Settings\Application Data\Ilivid Player
2012-08-19 23:50 . 2012-08-19 23:50 -------- d-----w- c:\documents and settings\Teresa\Application Data\searchquband
2012-08-19 23:48 . 2012-08-19 23:50 -------- d-----w- c:\documents and settings\Teresa\Application Data\searchqutoolbar
2012-08-19 23:47 . 2012-08-19 23:48 -------- d-----w- c:\program files\Searchqu Toolbar
2012-08-18 18:51 . 2012-08-18 18:51 -------- d-----w- c:\program files\Microsoft Silverlight
2012-08-18 17:14 . 2012-08-18 17:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 17:14 . 2012-08-18 17:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-18 05:46 . 2012-08-18 05:46 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-18 05:19 . 2012-08-18 05:41 -------- d-----w- c:\program files\7-zip
2012-08-17 23:24 . 2012-08-18 05:42 -------- d-----w- c:\program files\Pure Networks(2)
2012-08-17 23:21 . 2012-08-18 05:42 -------- d-----w- c:\program files\Common Files\Pure Networks Shared(2)
2012-08-17 23:18 . 2012-08-18 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks(2)
2012-08-17 22:41 . 2012-08-18 05:45 -------- d-----w- c:\program files\WebEx
2012-07-27 20:48 . 2012-07-27 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 20:40 . 2012-07-03 20:40 582992 ----a-w- c:\windows\system32\sbap.dll
2012-07-03 20:40 . 2012-07-03 20:40 1332560 ----a-w- c:\windows\system32\sbte.dll
2012-07-03 20:40 . 2012-07-03 20:40 308560 ----a-w- c:\windows\system32\vipre.dll
2012-07-03 20:40 . 2010-07-02 21:31 160768 ----a-w- c:\windows\system32\unrar.dll
2012-07-03 20:40 . 2012-07-03 20:41 6197048 ----a-w- c:\windows\uninstac.exe
2012-07-03 19:51 . 2012-07-03 18:39 4106512 ----a-w- c:\windows\uninst.exe
2012-07-03 17:46 . 2012-07-13 04:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 03:33 . 2012-06-16 03:35 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-16 03:33 . 2012-02-16 05:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 03:33 . 2010-07-12 20:48 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-04 21:35 . 2010-07-02 21:20 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-03 14:40 . 2010-09-04 21:55 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-02 19:19 . 2010-04-29 15:11 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2010-04-29 15:11 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2010-04-29 15:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2010-04-29 15:11 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-08-06 23:23 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2010-04-29 15:11 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2010-04-29 15:11 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2010-04-29 15:11 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2010-04-29 14:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2003-07-16 20:25 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2010-04-29 15:11 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2010-04-29 15:11 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2010-04-29 14:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-07-02 21:20 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-06-29 19:21 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2003-03-20 20:18 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-14 23:17 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-14 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-08-19 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-24 4616192]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-04-24 49152]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-14 1107552]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNjM1MDYwMjI0LVNUMSsyLUZQOSs2LVRCOSsyLUZMKzktUUlYMSszLUYxME0xMEQrMi1GTDEwKzEtTElDKzg4LVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzE&prod=90&ver=10.0.1382" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-6-3 688128]
Shortcut to CCleaner.lnk - c:\program files\CCleaner\CCleaner.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CouponAlert_2p Browser Plugin Loader
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-07-19 17:53 2567272 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2009-06-05 05:00 843776 ------w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Documents and Settings\\Teresa\\desktop\\Nero Portable\\Nero Burning Rom\\nero.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Logitech\\SetPoint\\connect.exe"=
"c:\\Program Files\\Searchqu Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
.
R1 SABKUTIL;SABKUTIL;c:\documents and settings\Teresa\Local Settings\Temporary Internet Files\Content.IE5\ONFG6NWG\SABKUTIL.sys [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpuz134;cpuz134;c:\docume~1\Teresa\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\fide.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 17:14]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-28 23:43]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-28 23:43]
.
2012-08-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 22:52]
.
2012-08-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-527237240-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 14:47]
.
2012-08-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-527237240-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 14:47]
.
2012-08-19 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 22:52]
.
2012-08-19 c:\windows\Tasks\User_Feed_Synchronization-{79B5F9A8-3DBE-45AB-B266-D8B01CC567A2}.job
- c:\windows\system32\msfeedssync.exe [2010-05-24 08:31]
.
2012-08-20 c:\windows\Tasks\User_Feed_Synchronization-{F0BA1E64-CC96-4B77-A9D8-8DB444FE5D69}.job
- c:\windows\system32\msfeedssync.exe [2010-05-24 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
Notify-avgrsstarter - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-20 00:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?????D?????Ow?%B???????????????????B???A~L?B~??????????????????@???@?? C?????E?@?????????@?B???A????? ?A? ?????B???@?????P???????? ??????~?B~??????????@???????????????????B?????,???????????????????????????r?B
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-527237240-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3312)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\CTsvcCDA.exe
c:\windows\system32\dlbxcoms.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\fxssvc.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2012-08-20 00:43:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-20 04:43
.
Pre-Run: 28,399,239,168 bytes free
Post-Run: 28,544,376,832 bytes free
.
- - End Of File - - 1370071E62320ADD23FE5D5315115DEF

#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 22 August 2012 - 09:59 AM

Hello tnspeck,

Just wanted to let you know that I'm still here. :busy:

As I'm currently in training, I work with malware removal instructors to ensure that all my posts are the highest quality possible.

I'm still talking with an instructor about your case and will reply soon.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#11 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 23 August 2012 - 03:49 PM

Hello tnspeck,

I noticed that they have TuneUp Utilities 2012 installed, and I would like to suggest that they uninstall that due to the same reasons given for PC Cleaner Pro.

-----------------------------------------------------

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 25 August 2012 - 10:35 AM

tnspeck,

It's been at least 72 hours since your last post. Are you still there?

If you need more time, let me know.

If you don't, this thread will be closed in 48 hours due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#13 tnspeck

tnspeck
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 26 August 2012 - 02:09 PM

Here is the Malwarebytes report that you asked for. I know several times you have told me to remove tune up utilities and pc cleanerpro but I have been unable to do so and am frustrated because I have tried just about all the ways to remove them but to no avail. I get a message that my windows installer cannot be accessed and is not installed correctly, consequently I cannot update or download. Also when I try to update Windows, I get a log that says updates failed to install. I dont think windows has upsated in several months. I do have automatic updates enabled but windows does not update.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.26.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Teresa :: SPECKNT [administrator]

8/26/2012 2:37:01 PM
mbam-log-2012-08-26 (14-37-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295543
Time elapsed: 21 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 9dd963b7f85b04abffe2745220f5a75b -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Teresa\Local Settings\temp\softonic_ssk_conduit.exe (PUP.BundleInstaller.IB) -> No action taken.

(end)

#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 27 August 2012 - 08:59 AM

Hello tnspeck,

Try using Revo Uninstaller to uninstall TuneUp Utilities and PC Cleaner Pro.

If you receive an error at any point during the uninstall procedure, just continue with the directions given below.

----------------------------------------

Download and install the Revo Uninstaller (Freeware) from here.

Run Revo Uninstaller and select the program to remove (one at a time), and click the Uninstall icon.
Posted Image

Now, select: Advanced
Posted Image

Click Next, and follow the prompts.

Posted Image
Click Select All, and Delete to remove all Registry items, folders and files listed by Revo.

If asked to restart the computer, then, do so.

----------------------------------------

Do you have your Windows XP OS CD/DVD?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:59 AM

Posted 31 August 2012 - 06:36 AM

tnspeck,

It's been at least 72 hours since your last post.

If you need more time, just let me know.

If you do not reply within 48 hours, this topic will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users