Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus from link


  • This topic is locked This topic is locked
6 replies to this topic

#1 Debgothad

Debgothad

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 17 March 2013 - 10:52 PM

Got a suspicious email and click on a link. Found out sender's computer is possibly infected.

Logs posted by Oh My!
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19401 BrowserJavaVersion: 1.6.0_22
Run by Debbie at 20:46:08 on 2013-03-17
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1976.826 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\DAILYB~2\bar\1.bin\2vbarsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DailyBibleGuide\bar\1.bin\2vbrmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Users\Debbie\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\DAILYB~2\bar\1.bin\2vmedint.exe
C:\PROGRA~1\DAILYB~2\bar\1.bin\2vmedint.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=XMxdm003YYus&ptb=E153EB44-36AC-470B-87F9-0604E28E4D39
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: <No Name>: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - c:\program files\dailybibleguide\bar\1.bin\2vSrcAs.dll
BHO: Search Assistant BHO: {0631bff0-6846-48ca-982d-d62d7f376e97} - c:\program files\dailybibleguide\bar\1.bin\2vSrcAs.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Toolbar BHO: {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - c:\program files\dailybibleguide\bar\1.bin\2vbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DailyBibleGuide: {2A942AB7-2073-49BC-A7E1-77E93835889A} - c:\program files\dailybibleguide\bar\1.bin\2vbar.dll
TB: DailyBibleGuide: {2a942ab7-2073-49bc-a7e1-77e93835889a} - c:\program files\dailybibleguide\bar\1.bin\2vbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DailyBibleGuide Browser Plugin Loader] c:\progra~1\dailyb~2\bar\1.bin\2vbrmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\corelr~1.lnk - c:\program files\corel\wordperfect office 2000\register\Remind32.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BD23C23A-44F7-4BEF-AE69-ECF25B5C3098} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: GoToAssist Express Customer - <no file>
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\debbie\appdata\roaming\mozilla\firefox\profiles\y9s7cshc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm003YYus&ptnrS=XMxdm003YYus&si=CJi93tjn9KoCFQVrgwodahxS5Q&ptb=E153EB44-36AC-470B-87F9-0604E28E4D39&psa=&ind=2011082916&st=kwd&n=77deb0a4&searchfor=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\dailybibleguide\bar\1.bin\NP2vStub.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\debbie\appdata\roaming\mozilla\firefox\profiles\y9s7cshc.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\plugins\np-mswmp.dll
FF - plugin: c:\users\debbie\appdata\roaming\mozilla\firefox\profiles\y9s7cshc.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 18:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-08-29 08:25; 2vffxtbr@DailyBibleGuide.com; c:\program files\dailybibleguide\bar\1.bin
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R2 DailyBibleGuideService;DailyBibleGuideService;c:\progra~1\dailyb~2\bar\1.bin\2vbarsvc.exe [2011-8-29 42504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-1-11 809296]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-20 988216]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-20 399416]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-12-8 2440120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-15 106656]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-03-13 19:09:24 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 19:09:23 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-28 02:49:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-02 09:18:13 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 09:12:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-02 09:12:13 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 09:11:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-02-02 09:11:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-02-02 07:37:34 385024 ----a-w- c:\windows\system32\html.iec
2013-02-02 05:52:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-05 05:26:01 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26:01 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28:18 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38:50 2048512 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:47:06.97 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2009 7:10:08 PM
System Uptime: 3/17/2013 6:26:34 AM (14 hours ago)
.
Motherboard: Acer | | CathedralPeak
Processor: Intel® Pentium® Dual CPU T3200 @ 2.00GHz | U2E1 | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 65.874 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP854: 2/17/2013 6:14:00 PM - Scheduled Checkpoint
RP855: 2/19/2013 7:03:18 PM - Scheduled Checkpoint
RP856: 2/25/2013 1:43:35 PM - Scheduled Checkpoint
RP857: 3/4/2013 12:44:43 PM - Scheduled Checkpoint
RP858: 3/7/2013 12:37:00 PM - Scheduled Checkpoint
RP859: 3/8/2013 9:14:29 AM - Scheduled Checkpoint
RP860: 3/9/2013 12:33:36 PM - Scheduled Checkpoint
RP861: 3/12/2013 7:57:42 PM - Windows Update
RP862: 3/14/2013 11:43:55 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
123 Free Solitaire 2008 v6.0
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4
AnswerWorks Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AusLogics Registry Defrag
AVS Media Player 3.1
AVS4YOU Software Navigator 1.3
Bonjour
Bonjour Print Services
Brother MFL-Pro Suite
CCleaner (remove only)
Cisco Connect
Corel Applications
Coupon Printer for Windows
CutePDF Writer 2.7
DailyBibleGuide
Defraggler (remove only)
Diet Analysis Plus 8.0
DJ_AIO_03_F4200_Software_Min
doPDF 7.2 printer
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet F4200 All-In-One Driver 11.0 03
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 22
Juniper Networks Network Connect 6.3.0
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Juniper Terminal Services Client
LiveUpdate 3.3 (Symantec Corporation)
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
PaperPort Image Printer
Picasa 3
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Scan
ScanSoft PaperPort 11
Secunia PSI (2.0.0.1002)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sonic Activation Module
Spybot - Search & Destroy
Stardock Impulse
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.1
WIDCOMM Bluetooth Software
.
==== Event Viewer Messages From Past Week ========
.
3/17/2013 7:22:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/13/2013 8:20:04 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 17 March 2013 - 11:43 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 17 March 2013 - 10:57 PM

Greetings Jeff and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 17 March 2013 - 11:14 PM

Hi Jeff,

Although there are more steps for us to take, at first glance I do not see anything of real concern.

Please run these programs for me and post the results. This will give us a better snapshot inside your computer.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • aswMBR log
  • OTL log
  • Extra log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Debgothad

Debgothad
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 19 March 2013 - 02:01 PM

I'm having difficulty running OTL, it keeps going non-responsive.  I'll keep trying. Here are the rest:
# AdwCleaner v2.115 - Logfile created 03/17/2013 at 21:24:26
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista ™ Business Service Pack 2 (32 bits)
# User : Debbie - DEBBIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Debbie\Downloads\

adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\DailyBibleGuideEI
Folder Deleted : C:\Users\Debbie\AppData\Local\PackageAware
Folder Deleted : C:\Users\Debbie\AppData\LocalLow\DailyBibleGuideEI
Folder Deleted : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\y9s7cshc.default\CT3196716
Folder Deleted : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\y9s7cshc.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
Folder Deleted : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\y9s7cshc.default\extensions\2vffxtbr@DailyBibleGuide.com
Folder Deleted : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\y9s7cshc.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DailyBibleGuideEI
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19401

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=XMxdm003YYus&ptb=E153EB44-36AC-470B-87F9-0604E28E4D39 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\y9s7cshc.default\prefs.js

C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\y9s7cshc.default\user.js ... Deleted !

Deleted : user_pref("CT3196716.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3196716.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3196716.1000234.TWC_TMP_city", "NEWBURY PARK");
Deleted : user_pref("CT3196716.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3196716.1000234.TWC_locId", "USCA0760");
Deleted : user_pref("CT3196716.1000234.TWC_location", "Newbury Park, CA");
Deleted : user_pref("CT3196716.1000234.TWC_region", "US");
Deleted : user_pref("CT3196716.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3196716.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3196716.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"76°F\",\"temperat[...]
Deleted : user_pref("CT3196716.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3196716.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3196716.FirstTime", "true");
Deleted : user_pref("CT3196716.FirstTimeFF3", "true");
Deleted : user_pref("CT3196716.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3196716.RevertSettingsEnabled", false);
Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]
Deleted : user_pref("CT3196716.UserID", "UN24964415370087856");
Deleted : user_pref("CT3196716.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3196716.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3196716.cb_experience_000", "33");
Deleted : user_pref("CT3196716.cb_firstuse0100", "1");
Deleted : user_pref("CT3196716.cbcountry_001", "US");
Deleted : user_pref("CT3196716.cbfirsttime", "Wed Aug 15 2012 17:30:09 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3196716.enableAlerts", "always");
Deleted : user_pref("CT3196716.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3196716.event_data", "%5B%5D");
Deleted : user_pref("CT3196716.fired_events", "");
Deleted : user_pref("CT3196716.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3196716.fixPageNotFoundErrorByUser", "TRUE");
Deleted : user_pref("CT3196716.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3196716.fixUrls", true);
Deleted : user_pref("CT3196716.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]
Deleted : user_pref("CT3196716.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3196716.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3196716.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3196716.isNewTabEnabled", true);
Deleted : user_pref("CT3196716.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3196716.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3196716.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3196716.key_date", "15");
Deleted : user_pref("CT3196716.keyword", true);
Deleted : user_pref("CT3196716.lastVersion", "10.14.65.43");
Deleted : user_pref("CT3196716.migrateAppsAndComponents", true);
Deleted : user_pref("CT3196716.search.searchAppId", "129755756826636815");
Deleted : user_pref("CT3196716.search.searchCount", "0");
Deleted : user_pref("CT3196716.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3196716.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3196716.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3196716.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3196716.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3196716.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3196716.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345077002792");
Deleted : user_pref("CT3196716.serviceLayer_services_appTracking_lastUpdate", "1345077004683");
Deleted : user_pref("CT3196716.serviceLayer_services_appsMetadata_lastUpdate", "1345077002635");
Deleted : user_pref("CT3196716.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345077003555");
Deleted : user_pref("CT3196716.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345599376348");
Deleted : user_pref("CT3196716.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352650310376");
Deleted : user_pref("CT3196716.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358440096754");
Deleted : user_pref("CT3196716.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359324352790");
Deleted : user_pref("CT3196716.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360632521387");
Deleted : user_pref("CT3196716.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363573939775");
Deleted : user_pref("CT3196716.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13450[...]
Deleted : user_pref("CT3196716.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13450[...]
Deleted : user_pref("CT3196716.serviceLayer_services_optimizer_lastUpdate", "1345077003729");
Deleted : user_pref("CT3196716.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345077003619");
Deleted : user_pref("CT3196716.serviceLayer_services_searchAPI_lastUpdate", "1345077002143");
Deleted : user_pref("CT3196716.serviceLayer_services_serviceMap_lastUpdate", "1363533517891");
Deleted : user_pref("CT3196716.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345077003113");
Deleted : user_pref("CT3196716.serviceLayer_services_toolbarSettings_lastUpdate", "1363573939235");
Deleted : user_pref("CT3196716.serviceLayer_services_translation_lastUpdate", "1363533518318");
Deleted : user_pref("CT3196716.settingsINI", true);
Deleted : user_pref("CT3196716.smartbar.CTID", "CT3196716");
Deleted : user_pref("CT3196716.smartbar.Uninstall", "0");
Deleted : user_pref("CT3196716.smartbar.homepage", true);
Deleted : user_pref("CT3196716.smartbar.isHidden", true);
Deleted : user_pref("CT3196716.smartbar.toolbarName", "WiseConvert ");
Deleted : user_pref("CT3196716.startPage", "userChanged");
Deleted : user_pref("CT3196716.toolbarBornServerTime", "16-8-2012");
Deleted : user_pref("CT3196716.toolbarCurrentServerTime", "18-3-2013");
Deleted : user_pref("CT3196716.upgradeFromClearSBVersion", true);
Deleted : user_pref("CT3196716.url_history0001", "hxxp://powerequipment.honda.com/generators/models/eu3000is#s[...]
Deleted : user_pref("CT3196716_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3196716");
Deleted : user_pref("extensions.DailyBibleGuide.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/ope[...]
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm003YYus&ptn[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "BLIGO95VXH9ZJSIAYCA6AL8PF+K82WKMXZBL03PO473WQAQJ/O2FJDDM7Z5UXQKNDXM[...]
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [10257 octets] - [17/03/2013 21:24:26]

########## EOF - C:\AdwCleaner[S1].txt - [10318 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows Vista ™ Business x86
Ran by Debbie on Sun 03/17/2013 at 21:35:39.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Successfully deleted the following from C:\Users\Debbie\AppData\Roaming\mozilla\firefox\profiles\y9s7cshc.default\prefs.js

user_pref("CT3196716.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fmail.google.com%2Fmail%2F%3Ftab%3Dwm%23inbox%2F13d7ba50533abc69\",
user_pref("extensions.DailyBibleGuide.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=XMxdm003YYus&ptnrS=XMxdm003YYus&si=CJi93tjn9KoCFQVrgwodahx
user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm003YYus&ptnrS=XMxdm003YYus&si=CJi93tjn9KoCFQVrgwodahxS5Q&ptb=E153EB44-36AC-470B-87F9-0
Emptied folder: C:\Users\Debbie\AppData\Roaming\mozilla\firefox\profiles\y9s7cshc.default\minidumps [391 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/17/2013 at 21:39:16.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-17 21:47:37
-----------------------------
21:47:37.273    OS Version: Windows 6.0.6002 Service Pack 2
21:47:37.273    Number of processors: 2 586 0xF0D
21:47:37.273    ComputerName: DEBBIE-PC  UserName: Debbie
21:47:55.946    Initialize success
21:49:37.804    AVAST engine defs: 13031701
21:50:06.118    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:50:06.118    Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 3
21:50:06.149    Disk 0 MBR read successfully
21:50:06.149    Disk 0 MBR scan
21:50:06.180    Disk 0 Windows VISTA default MBR code
21:50:06.196    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
21:50:06.212    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       142625 MB offset 20482048
21:50:06.227    Disk 0 scanning sectors +312578048
21:50:06.305    Disk 0 scanning C:\Windows\system32\drivers
21:50:20.018    Service scanning
21:50:51.608    Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
21:50:52.622    Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
21:50:58.284    Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
21:50:58.362    Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
21:50:59.720    Modules scanning
21:51:11.388    Disk 0 trace - called modules:
21:51:11.420    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
21:51:11.435    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853ecac8]
21:51:11.435    3 CLASSPNP.SYS[87fa78b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8517bb98]
21:51:12.278    AVAST engine scan C:\Windows
21:51:16.880    AVAST engine scan C:\Windows\system32
21:55:18.648    AVAST engine scan C:\Windows\system32\drivers
21:55:35.184    AVAST engine scan C:\Users\Debbie
22:02:17.196    AVAST engine scan C:\ProgramData
22:03:24.604    Scan finished successfully
22:04:55.234    Disk 0 MBR has been saved successfully to "C:\Users\Debbie\Desktop\MBR.dat"
22:04:55.281    The log file has been saved successfully to "C:\Users\Debbie\Desktop\aswMBR.txt"
cleardot.gif

 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 19 March 2013 - 06:14 PM

Please attempt to run OTL in Safe Mode.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 21 March 2013 - 02:29 PM

At the request of the user this thread is being closed.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 21 March 2013 - 02:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users