Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

"System message - write fault error" virus


  • This topic is locked This topic is locked
62 replies to this topic

#1 Guest_uncanandienerrant_*

Guest_uncanandienerrant_*

  • Guests
  • OFFLINE
  •  

Posted 17 November 2012 - 01:20 AM

Hello, recently my browser closed by itself and my computer received a tonne of "system message - write fault error" pop ups, which has left me with some missing items on the start menu. When I close all the pop ups my computer restarts. Furthermore, I have no access to the internet connection whatsoever. On another computer in the house I tried to remedy the internet problem by going into safe mode with networking and then opening the browser and unchecking the proxy button but to no avail. Here's a screen shot (I took this about an hour ago) of my desktop below so you'll know better what you're dealing with. Thank you and I hope you can help!


Posted Image

Edit: Windows OS is Windows 7

Edited by uncanandienerrant, 17 November 2012 - 05:15 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico

Posted 17 November 2012 - 06:14 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Guest_uncanandienerrant_*

Guest_uncanandienerrant_*

  • Guests
  • OFFLINE
  •  

Posted 17 November 2012 - 09:20 AM

Hello Gringo, I really appreciate the help.

1. DDS reports


DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.7.2
Run by Owner at 21:24:21 on 2012-11-17
.
============== Running Processes ================
.
C:\Program Files (x86)\R-Wipe&Clean\RwcTaskService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\ybwRwMvwhonwLB.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [AdobeBridge] <no file>
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [ybwRwMvwhonwLB.exe] C:\ProgramData\ybwRwMvwhonwLB.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://msnau.oberon-media.com/online2/MSN_INTL_AUSTRALIA/bookwormadventures/popcaploader_v10.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{60A44026-6005-4815-A2B2-11D699CB21F1} : DHCPNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
TCP: Interfaces\{D92D2E27-93B6-4F5B-8EAE-D576EC6F3052} : DHCPNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
TCP: Interfaces\{E8E5989A-AB41-40EF-A9A0-9FFD85C8AEED} : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\20nr07rt.default-1351992801877\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R? AVEO;USB2.0 PC Camera
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? FLEXnet Licensing Service 64;FLEXnet Licensing Service 64
R? HipShieldK;McAfee Inc. HipShieldK
R? mfencrk;McAfee Inc. mfencrk
R? nmwcdnsucx64;Nokia USB Flashing Generic
R? nmwcdnsux64;Nokia USB Flashing Phone Parent
R? R-ImageDisk;R-ImageDisk
R? RTL8167;Realtek 8167 NT Driver
R? RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver
R? s0016bus;Sony Ericsson Device 0016 driver (WDM)
R? s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter
R? s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver
R? s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
R? s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
R? s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface
R? s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
R? Sony Ericsson PCCompanion;Sony Ericsson PCCompanion
R? SwitchBoard;SwitchBoard
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? WSDScan;WSD Scan Support via UMB
S? Akamai;Akamai NetSession Interface
S? AMD External Events Utility;AMD External Events Utility
S? AppleCharger;AppleCharger
S? BCUService;Browser Configuration Utility Service
S? cfwids;McAfee Inc. cfwids
S? HECIx64;Intel® Management Engine Interface
S? HomeNetSvc;McAfee Home Network
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? McMPFSvc;McAfee Personal Firewall
S? McNaiAnn;McAfee VirusScan Announcer
S? mcpltsvc;McAfee Platform Services
S? McProxy;McAfee Proxy Service
S? McPvDrv;McPvDrv Driver
S? mfeavfk;McAfee Inc. mfeavfk
S? mfecore;McAfee Anti-Malware Core
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfencbdc;McAfee Inc. mfencbdc
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? MOBKbackup;McAfee Online Backup
S? MOBKFilter;MOBKFilter
S? NAUpdate;Nero Update
S? PxHlpa64;PxHlpa64
S? R-Wipe and Clean Task Service;R-Wipe and Clean Task Service
S? Realtek8185;Realtek8185
S? UNS;Intel® Management & Security Application User Notification Service
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2012-11-17 11:29:35 -------- d--h--w- C:\Users\Owner\AppData\Local\{2D928627-445C-47B9-A8A0-B3476CE7F78C}
2012-11-17 04:58:05 -------- d--h--w- C:\Users\Owner\AppData\Local\{6DFB2EF0-4AF4-4B63-A6F9-A5A999153C1C}
2012-11-17 02:50:06 -------- d--h--w- C:\Users\Owner\AppData\Local\{66A84337-1965-40A3-A5CB-3CB5D193F155}
2012-11-17 01:06:49 -------- d--h--w- C:\Users\Owner\AppData\Local\{0C3492D0-52F6-4B09-88F7-FAEBDE4D6E5E}
2012-11-16 16:24:06 38224 ---ha-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-11-16 16:24:02 -------- d--h--w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-16 16:06:37 441856 ---ha-w- C:\ProgramData\ybwRwMvwhonwLB.exe
2012-11-16 02:21:52 -------- d--h--w- C:\Users\Owner\AppData\Local\{2AE13C2B-34C2-46E1-AB71-2CE8276AD723}
2012-11-15 13:34:04 -------- d--h--w- C:\Users\Owner\AppData\Local\{3052297F-2648-471A-A7BE-3B2C74F01FA5}
2012-11-10 08:29:52 -------- d--h--w- C:\Program Files\Perfect Uninstaller
2012-11-10 03:46:40 -------- d--h--w- C:\Program Files (x86)\McAfeeMOBK
2012-11-10 03:46:21 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2012-11-10 03:46:17 197264 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2012-11-10 03:46:17 -------- d--h--w- C:\Program Files (x86)\McAfee Online Backup
2012-11-10 03:46:02 74120 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2012-11-10 03:46:01 -------- d--h--w- C:\Users\Owner\AppData\Local\McAfee File Lock
2012-11-10 03:45:44 -------- d--h--w- C:\Program Files (x86)\McAfee.com
2012-11-10 03:45:37 -------- d--h--w- C:\Program Files (x86)\Common Files\McAfee
2012-11-10 03:44:42 -------- d--h--w- C:\Program Files\McAfee.com
2012-11-10 03:44:42 -------- d--h--w- C:\Program Files\McAfee
2012-11-10 03:27:08 177680 ----a-w- C:\Windows\System32\mfevtps.exe
2012-11-10 03:27:07 -------- d--h--w- C:\Program Files\Common Files\McAfee
2012-11-09 23:29:32 -------- d--h--w- C:\Users\Owner\AppData\Local\{F28E6D7E-AD48-4061-B19F-4C0DAE4A5105}
2012-11-07 03:04:57 -------- d--h--w- C:\Users\Owner\AppData\Local\{E0C2D3CF-966F-4EBD-B294-063940A61AD6}
2012-11-02 02:17:33 -------- d--h--w- C:\Users\Owner\AppData\Local\{7FF7BA21-CD35-4F23-B67D-3653DAB830B1}
2012-10-29 00:30:30 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-10-29 00:27:26 339392 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-10-29 00:25:16 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-10-29 00:24:14 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-10-29 00:23:24 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-10-29 00:23:02 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-10-28 00:24:17 -------- d--h--w- C:\Users\Owner\AppData\Local\{C6D6913B-D89B-4398-9A26-3DC43E1016D3}
2012-10-27 12:04:45 73696 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2012-10-27 12:04:45 261600 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\updated\components\browsercomps.dll
2012-10-27 12:04:45 18912 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2012-10-27 07:13:09 -------- d--h--w- C:\Users\Owner\AppData\Local\{C892AAC0-E71E-4267-AAA2-7CA3BE46891B}
2012-10-24 08:40:28 -------- d--h--w- C:\ProgramData\Xilisoft
2012-10-24 08:40:28 -------- d--h--w- C:\Program Files (x86)\Xilisoft
2012-10-21 14:45:13 -------- d--h--w- C:\Users\Owner\AppData\Local\{1ABDDFDB-82CD-46E2-B1C0-6ABA69301669}
2012-10-20 06:20:46 -------- d--h--w- C:\Users\Owner\AppData\Local\{5F39472E-8D7F-4D91-BE6E-10BAC989ECC6}
.
==================== Find3M ====================
.
2012-10-09 02:09:27 73656 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 02:09:27 696760 ---ha-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-27 22:28:08 10544 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2012-09-27 22:28:02 97208 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2012-09-27 22:27:56 329104 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2012-08-31 13:22:45 95208 ---ha-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 13:22:41 821736 ---ha-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-31 13:22:41 746984 ---ha-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 21:27:48.64 ===============


.
==== Installed Programs ======================
.
µTorrent
101 Kid's Brainy Games
2007 Microsoft Office Suite Service Pack 1 (SP1)
ACDSee Pro 3
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9 Pro Extended 64-bit Add-On
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe AIR
Adobe Anchor Service x64 CS4
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop Lightroom 3 64-bit
Adobe Premiere Elements 8.0
Adobe Setup
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Akamai NetSession Interface Service
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avanquest update
Avidemux 2.5 (32-bit)
blinkx beat
Bonjour
Browser Configuration Utility
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.1
Canon MX870 series MP Drivers
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CDBurnerXP
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
CorelDRAW Graphics Suite X5 - WT
CorelDRAW® Graphics Suite X5
Counter-Strike
D3DX10
DirectVobSub 2.40.3644 x64
e-tax 2012
Eureka's 1000 Games
Google Chrome
Google Earth
High-Definition Video Playback
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
iTunes
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 25
JDownloader 0.9
K-Lite Mega Codec Pack 7.7.0
Live TV
Magic ISO Maker v5.4 (build 0239)
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Online Backup
McAfee Total Protection
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
Nero 10 ClipartPack
Nero 10 Kwik Themes 1
Nero 10 Kwik Themes 2
Nero 10 Kwik Themes 3
Nero 10 Kwik Themes 4
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 10 PiP EffectPack 1
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero 10 Video TransitionPack 1
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10 Platinum HD
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NeroKwikMedia Help (CHM)
Nokia Connectivity Cable Driver
Nokia Suite
ON_OFF Charge B10.0301.1
PC Connectivity Solution
PDF Settings CS5
Perfect Uninstaller v6.3.3.9
PlayStation®Network Downloader
PlayStation®Store
Print Perfect Greeting Cards
PxMergeModule
QuickTime
R-Drive Image 4.7
R-Wipe&Clean 9.0
Real Alternative 1.8.4 Lite
Realtek Ethernet Controller Driver For Windows 7
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
REALTEK RTL8185 Wireless LAN Software
Realtime Landscaping Pro 5
ResearchSoft Direct Export Helper
Shared C Run-time for x64
SmartDraw 2009
SmartSound Quicktracks for Premiere Elements 8.0
Sony Ericsson PC Companion 2.01.173
Sony Ericsson Update Engine
SopCast 3.5.0
Steam
Subtitle Workshop 2.51
swMSM
Ultimate Reference Suite
USB2.0 PC Camera
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
VLC media player 2.0.1
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows7_Key_Changer 1.0.0
WinRAR 4.10 beta 4 (64-bit)
WinZip 12.0
Xilisoft Video Converter Ultimate
.
==== End Of File ===========================

2. Security check


Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 25
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
mcafee VIRUSS~1 mcvsshld.exe
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 17 November 2012 - 09:29 AM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Guest_uncanandienerrant_*

Guest_uncanandienerrant_*

  • Guests
  • OFFLINE
  •  

Posted 17 November 2012 - 09:57 AM

1. AdwCleaner


# AdwCleaner v2.007 - Logfile created 11/17/2012 at 22:46:43
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Deleted on reboot : C:\Program Files (x86)\QuestScan
Deleted on reboot : C:\ProgramData\QuestScan
Deleted on reboot : C:\Users\Owner\AppData\Local\Conduit
Deleted on reboot : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\Conduit
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default-1351992801877 [Profil par défaut]
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\20nr07rt.default-1351992801877\prefs.js

Deleted : user_pref("extensions.509e03f598e5f.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6603 octets] - [17/11/2012 22:46:43]

########## EOF - C:\AdwCleaner[S1].txt - [6663 octets] ##########


2. Rogue Killer

RogueKiller V8.3.0 [Nov 17 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 11/17/2012 22:52:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 26 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : ybwRwMvwhonwLB.exe (C:\ProgramData\ybwRwMvwhonwLB.exe) -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALS-002BA0 ATA Device +++++
--- User ---
[MBR] f8af0281e7a98969ad994080a82c9f5c
[BSP] 4fc329b683db431cdf2c49cb41979ae0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238372 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488392704 | Size: 715381 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6240cd7f1c01f6562ea18daf628ef05c
[BSP] 4fc329b683db431cdf2c49cb41979ae0 : Windows 7/8 MBR Code [possible maxSST in 2!]
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238372 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488392704 | Size: 715381 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1953495040 | Size: 10 Mo

Finished : << RKreport[2]_D_11172012_02d2252.txt >>
RKreport[1]_S_11172012_02d2252.txt ; RKreport[2]_D_11172012_02d2252.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico

Posted 17 November 2012 - 10:30 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Guest_uncanandienerrant_*

Guest_uncanandienerrant_*

  • Guests
  • OFFLINE
  •  

Posted 17 November 2012 - 10:56 AM

Hi, Gringo.

Which puppy iso file do I download precise, slacko or lucid?

Edit: Nevermind, you said the latest one.

Edited by uncanandienerrant, 17 November 2012 - 10:58 AM.


#8 Guest_uncanandienerrant_*

Guest_uncanandienerrant_*

  • Guests
  • OFFLINE
  •  

Posted 17 November 2012 - 12:16 PM

Hey Gringo I'm having trouble with changing the boot order. I had to press F12 at the restart to get into the boot menu, which looks like this;

Boot Menu

== Select a Boot First device ==
LS120
+ Hard Disk
CDROM
ZIP
USB-FDD
USB-ZIP
USB-CDROM
USB-HDD
Legacy Lan

up arrow down arrow: Move Enter: Accept ESC: Exit

What do I do next?

Edited by uncanandienerrant, 17 November 2012 - 12:19 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 17 November 2012 - 04:16 PM

I would probably try USB-HDD
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Guest_uncanandienerrant_*

Guest_uncanandienerrant_*

  • Guests
  • OFFLINE
  •  

Posted 17 November 2012 - 07:18 PM

Hi Gringo, so I now see on the screen on the bottom left sda1, sda2, sda3 and sdf1. When I click on sda3 there is no red cross, but it takes me to window as follows:

Pmount Puppy Drive Mounter
DO NOT REMOVE MOUNTED MEDIA
DRive usbdrv
ATA WDC WD10EALS-002
sda1 ntfs 232.8G 92.9G free UNMOUNT
sda2ntfs 698.6G 424.8G free UNMOUNT
sda3 ntfs 10M MOUNT

What do I do?

Edited by uncanandienerrant, 17 November 2012 - 07:19 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico

Posted 17 November 2012 - 07:22 PM

go ahead and skip SD3 - it is the bad partition



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Guest_uncanandienerrant_*

Guest_uncanandienerrant_*

  • Guests
  • OFFLINE
  •  

Posted 17 November 2012 - 07:49 PM

Okay I'm to the step where it says to double click on sdb1/ but I only see;
/..
cdrom
data
dvd
flash
floppy
msdos
ram1
sda1
sda2
sda3
sdf1
swap
zip

which one do I double click?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 17 November 2012 - 08:13 PM

it is going to be the USB drive

check them and if it is not there remove the USB and put it back in and see if you see it



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Guest_uncanandienerrant_*

Guest_uncanandienerrant_*

  • Guests
  • OFFLINE
  •  

Posted 17 November 2012 - 08:42 PM

Here's the screenshot.


Posted Image

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico

Posted 17 November 2012 - 10:19 PM

hello

I need you to boot back into GParted and this time I want you to right click on the second (SDA2) and select manage flags and the select boot
click on apply and boot back into windows to report back here

If you have trouble booting into windows I want you to do the same process for the third partition (SDA1)

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users