Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clueless ?


  • Please log in to reply
38 replies to this topic

#1 CJJensen

CJJensen

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:33 AM

Posted 21 January 2013 - 02:12 PM

I have been having computer probs for some time now. I can't get logged into or even get the computer to find internet sometimes .. took me 5 times of restarting this morning.
It says page not found or website not found. I am getting error messages at start up saying files are corrupt and nothing will update ?
Please help if you can ? I know very little about computers just enough to play on FB ... LOL
My laptop is Toshiba Satelite and it has Vista 32bit
Error messages won't copy?
Files come up different, but says: SynTPEnh.exe-corrupt file
c:|user|Guest|appData|local|microsoft
is corrupt and unreadable please run chkdsk utility
as soon as I click on it it disappears?
several different files show up that say that. I have tried trouble shooting and I download files and it loads but then says it cannot continue an error has occurred.
nothing will update it will save to file but always says it can't continue?

Edited by CJJensen, 21 January 2013 - 02:42 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 PM

Posted 21 January 2013 - 02:48 PM

Hello and welcome .... Can you do these step?



Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.



Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 CJJensen

CJJensen
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:33 AM

Posted 21 January 2013 - 04:01 PM

When I click the start I see no "Run" ?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 PM

Posted 21 January 2013 - 04:09 PM

Sorry in Vista
Press “Windows” and “R” keys simultaneously
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 CJJensen

CJJensen
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:33 AM

Posted 21 January 2013 - 04:18 PM

ok got that no proxy was checked .. try next step but don't see where to type it ? the search box ? and I press enter .. it does nothing ?

#6 CJJensen

CJJensen
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:33 AM

Posted 21 January 2013 - 04:21 PM

What is a dos window ?

#7 CJJensen

CJJensen
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:33 AM

Posted 21 January 2013 - 04:43 PM

Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Users\Guest>netshwinsockreset
'netshwinsockreset' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Guest>netsh\winsock\reset
The system cannot find the path specified.

C:\Users\Guest>netsh winsock reset
The requested operation requires elevation.


C:\Users\Guest>netsh>winsock>reset>
The syntax of the command is incorrect.

C:\Users\Guest> netsh winsock reset
The requested operation requires elevation.


C:\Users\Guest>

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 PM

Posted 21 January 2013 - 07:50 PM

OK, I see this is going to be a bit tricky.

Right click on the Desktop

Click on New then Shortcut

In the window that comes up,type cmd and click Next

In the new window that comes up,type cmd and click Finish

Now you have a shortcut on the desktop.

Right-click on the shortcut and choose Properties

In the new window,Select the Shortcut Tab, and click Advanced

In the new window,check the box Run as Administrator and click Ok

You now have a shortcut to the Command Prompt with Administator priviledges. Whenever you launch the shortcut your Command Prompt session will start in "C:\Windows\system32" instead of the normal "C:\Users":
This Black window is also known as the DOS widow.

So.... click on the shortcut
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


If you still have difficulty,let me know ,but try moving on thru the steps from..Reboot into Safe Mode with Networking

BTW love your hair :)

Edited by boopme, 21 January 2013 - 07:53 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 CJJensen

CJJensen
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:33 AM

Posted 22 January 2013 - 11:43 AM

I'm guessing this is the report you need ? I hope ?
Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/22/2013 09:22:22 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\TODDSrv.exe (PID: 3904) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* C:\Windows\System32\cngaudit.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll : 11,776 : 11/02/2006 00:46 AM : 7f15b4953378c8b5161d65c26d5fed4d [Pos Repl]

* C:\Windows\System32\ctfmon.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe : 8,704 : 11/02/2006 00:45 AM : 22bfd03df51065a9ed8d17f8fb72296b [Pos Repl]

* C:\Windows\System32\d3d8thk.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d8thk.dll : 11,264 : 11/02/2006 00:46 AM : cd6da5770cae9d5e6e86722e17b442e0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6002.18005_none_c438e5b15de80145\d3d8thk.dll : 11,264 : 11/02/2006 00:46 AM : cd6da5770cae9d5e6e86722e17b442e0 [Pos Repl]

* C:\Windows\System32\dllhost.exe [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.0.6000.16386_none_41ed2cb9f696f0a2\dllhost.exe : 7,168 : 11/02/2006 00:45 AM : be01e566d1f569aab32d0335613e1eea [Pos Repl]

* C:\Windows\System32\drivers\parport.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_44880ea7\parport.sys : 79,360 : 01/20/2008 07:23 PM : 8a79fdf04a73428597e2caf9d0d67850 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\parport.sys : 79,360 : 11/02/2006 07:51 AM : 0fa9b5055484649d63c303fe404e5f4d [Pos Repl]
+-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\parport.sys : 79,360 : 01/20/2008 07:23 PM : 8a79fdf04a73428597e2caf9d0d67850 [Pos Repl]

* C:\Windows\System32\drivers\parvdm.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_44880ea7\parvdm.sys : 8,704 : 01/20/2008 07:23 PM : 6c580025c81caf3ae9e3617c22cad00e [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\parvdm.sys : 8,704 : 11/02/2006 07:51 AM : 4f9a6a8a31413180d0fcb279ad5d8112 [Pos Repl]
+-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\parvdm.sys : 8,704 : 01/20/2008 07:23 PM : 6c580025c81caf3ae9e3617c22cad00e [Pos Repl]

* C:\Windows\System32\drivers\pcmcia.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_1259a379\pcmcia.sys : 167,528 : 11/02/2006 07:51 AM : e6f3fb1b86aa519e7698ad05e58b04e5 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_5be8d19f\pcmcia.sys : 177,640 : 04/11/2009 07:32 AM : 3bb2244f343b610c29c98035504c9b75 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_78f9157e\pcmcia.sys : 179,256 : 01/20/2008 07:23 PM : b7c5a8769541900f6dfa6fe0c5e4d513 [Pos Repl]
+-> C:\Windows\winsxs\x86_pcmcia.inf_31bf3856ad364e35_6.0.6001.18000_none_85cbd1df9b464e00\pcmcia.sys : 179,256 : 01/20/2008 07:23 PM : b7c5a8769541900f6dfa6fe0c5e4d513 [Pos Repl]
+-> C:\Windows\winsxs\x86_pcmcia.inf_31bf3856ad364e35_6.0.6002.18005_none_87b74aeb9868194c\pcmcia.sys : 177,640 : 04/11/2009 07:32 AM : 3bb2244f343b610c29c98035504c9b75 [Pos Repl]

* C:\Windows\System32\drivers\serenum.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_44880ea7\serenum.sys : 17,920 : 01/20/2008 07:23 PM : ce9ec966638ef0b10b864ddedf62a099 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\serenum.sys : 17,920 : 11/02/2006 07:51 AM : 68e44e331d46f0fb38f0863a84cd1a31 [Pos Repl]
+-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serenum.sys : 17,920 : 01/20/2008 07:23 PM : ce9ec966638ef0b10b864ddedf62a099 [Pos Repl]

* C:\Windows\System32\drivers\serial.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys : 83,456 : 01/20/2008 07:23 PM : 6d663022db3e7058907784ae14b69898 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_9d4661e2\serial.sys : 83,456 : 11/02/2006 07:51 AM : c70d69a918b178d3c3b06339b40c2e1b [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_44880ea7\serial.sys : 83,456 : 01/20/2008 07:23 PM : 6d663022db3e7058907784ae14b69898 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\serial.sys : 83,456 : 11/02/2006 07:51 AM : c70d69a918b178d3c3b06339b40c2e1b [Pos Repl]
+-> C:\Windows\winsxs\x86_hiddigi.inf_31bf3856ad364e35_6.0.6001.18000_none_955c449145dbf667\serial.sys : 83,456 : 01/20/2008 07:23 PM : 6d663022db3e7058907784ae14b69898 [Pos Repl]
+-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serial.sys : 83,456 : 01/20/2008 07:23 PM : 6d663022db3e7058907784ae14b69898 [Pos Repl]

* C:\Windows\System32\drivers\sfloppy.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys : 13,312 : 01/20/2008 07:23 PM : c33bfbd6e9e41fcd9ffef9729e9faed6 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys : 13,312 : 11/02/2006 07:51 AM : 46ed8e91793b2e6f848015445a0ac188 [Pos Repl]
+-> C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys : 13,312 : 01/20/2008 07:23 PM : c33bfbd6e9e41fcd9ffef9729e9faed6 [Pos Repl]

* C:\Windows\System32\ksuser.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none_e8019c5c974c4491\ksuser.dll : 4,608 : 11/02/2006 07:46 AM : 919cc2a0476d5a6a4c935d4b88e29912 [Pos Repl]

* C:\Windows\System32\linkinfo.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.0.6000.16386_none_362e7020a86900de\linkinfo.dll : 22,016 : 11/02/2006 07:34 AM : 24f90aefebe601d427cb4511e74cdcb6 [Pos Repl]

* C:\Windows\System32\msimg32.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.0.6000.16386_none_7535161f1f2100ed\msimg32.dll : 4,608 : 11/02/2006 07:46 AM : 2ec53b5a351c4d443896dbad117f7e82 [Pos Repl]

* C:\Windows\System32\msprivs.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.0.6000.16386_none_09e22f167e7ac9b3\msprivs.dll : 2,048 : 11/02/2006 07:18 AM : abe9eea1eabea0711610a637a7b1c25d [Pos Repl]

* C:\Windows\System32\rasadhlp.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasadhlp.dll : 10,240 : 11/02/2006 07:46 AM : a7d525e5c0d91c8c1d84c6bcd25ad77d [Pos Repl]

* C:\Windows\System32\sfc.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll : 4,608 : 11/02/2006 07:46 AM : f4e1aa5d59c849a4ab47e895dc76b9c8 [Pos Repl]

* C:\Windows\System32\ws2help.dll [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\ws2help.dll : 4,608 : 11/02/2006 07:44 AM : 17c0671bf57057108a6d949510ee42c8 [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

20 out of 14414 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 01/22/2013 09:28:33 AM
Execution time: 0 hours(s), 6 minute(s), and 10 seconds(s)

)h and BTW Thanks :) LOL

Edited by CJJensen, 22 January 2013 - 11:43 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 PM

Posted 22 January 2013 - 12:01 PM

Good job and you're welcome. Can you run the Tdsskiller and MBAM scans now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 CJJensen

CJJensen
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:33 AM

Posted 22 January 2013 - 12:16 PM

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.22.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Guest :: USER-PC [administrator]

Protection: Enabled

1/22/2013 10:05:06 AM
mbam-log-2013-01-22 (10-05-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232606
Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 CJJensen

CJJensen
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:33 AM

Posted 22 January 2013 - 12:27 PM

TDSSkiller ran but can't seem to copy report ?? it said nothing found.
Also when I restarted computer with the one task I kept getting the same thing server or page not found so I had to restart again and didn't do the safe mode then I got in and did the rest of the steps...

Edited by CJJensen, 22 January 2013 - 12:34 PM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 PM

Posted 22 January 2013 - 01:11 PM

OK from regular mode..Run RKill again and then MBAM again.

Now run these last 2,

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 CJJensen

CJJensen
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:33 AM

Posted 22 January 2013 - 02:49 PM

# AdwCleaner v2.107 - Logfile created 01/22/2013 at 12:38:12
# Updated 21/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Guest - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\Guest\Downloads\AdwCleaner(2).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Inbox Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\izc7c0i0.default-1339833874089\prefs.js

[OK] File is clean.

File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rob7sxd0.default\prefs.js

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rob7sxd0.default\user.js ... Deleted !

Deleted : user_pref("extensions.vshareus@toolbar.update.enabled", false);
Deleted : user_pref("vshareus.install.date", "1292716800000");
Deleted : user_pref("vshareus.install.finished", "1.0.0");
Deleted : user_pref("vshareus.install.guid", "{b32e18c9-87ec-4b60-837e-d7e5e066eed9}");
Deleted : user_pref("vshareus.install.isHidden", true);
Deleted : user_pref("vshareus.install.laststatreq", "1310083200000");
Deleted : user_pref("vshareus.install.overlayVersion", 1);

-\\ Google Chrome v24.0.1312.52

File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4151 octets] - [22/01/2013 12:32:08]
AdwCleaner[S1].txt - [4107 octets] - [22/01/2013 12:38:12]

########## EOF - C:\AdwCleaner[S1].txt - [4167 octets] ##########

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 PM

Posted 22 January 2013 - 03:01 PM

Ok got a lot of junk off there. How is it running after the ESET scan?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users