Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a Virus and can't open any picture, word document or some apps.


  • This topic is locked This topic is locked
52 replies to this topic

#1 dadda03

dadda03

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 09 October 2013 - 06:29 PM

For a few months now i've been trying to fix my girlfriend laptop but can't cause i don't know to remove the virus so i need some help.

Attached Files



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:18 PM

Posted 11 October 2013 - 11:35 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.


Edited by jntkwx, 11 October 2013 - 11:35 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 dadda03

dadda03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 13 October 2013 - 08:04 AM

Here is the dds.txt you were asking for jntkwx



DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16506  BrowserJavaVersion: 10.40.2
Run by Shanelle at 19:07:56 on 2013-10-09
MicrosoftÆ Windows Vistaô Home Premium   6.0.6002.2.1252.1.1033.18.1917.911 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: avast! Antivirus *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Toshiba\IVP\ISM\pinger.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /Manual
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HSON] "c:\program files\toshiba\tbs\HSON.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANgA3ADAAMAA5ADEAMwAxADkALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwAyAC0ARgA5AE0AMQAwAEIAKwAyAC0ARABEAFQAKwAyADYANgA4ADAALQBYAE8AOQArADEALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEEAVAArADIALQBGADkAMABNADEAMgBBACsAMQAtAEYAOQAwAE0AMQAyAEEAQgArADEALQBVADkANQArADEALQBGADkAMABNADEAMgBBAFQAQgArADEALQBGADkAMABUAEIAKwAyAA"&"prod=90"&"ver=9.0.901
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0642EFCB-8E53-40C6-82BB-3788A1190ACD} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{88BE46EB-472D-4370-BBC5-715F8051ECC7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D60A57B2-7E72-4A44-A743-DF54276A62BD} : DHCPNameServer = 68.87.77.130 68.87.72.130 68.87.75.194
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-10-2 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-10-2 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-10-2 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-10-2 177864]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [2013-10-2 104752]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-10-2 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-2 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-2 369584]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-12-13 20392]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-2-25 490840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-10-2 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-2 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-2 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-10-2 137960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-30 21504]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-12-13 650160]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-12-13 650160]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2013-4-29 167424]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-8-22 7168]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-22 29744]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 23040]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-10-09 22:51:33 7328304 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6fafdc21-2a76-429f-b7c8-c743ebc8d698}\mpengine.dll
2013-10-09 22:48:58 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{85c8fd60-adb9-47ce-93c4-fd8597c6357f}\mpengine.dll
2013-10-05 01:57:31 -------- d-----w- c:\program files\Cobian Backup 8
2013-10-05 01:24:23 -------- d-----w- c:\programdata\Oracle
2013-10-05 01:23:45 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-10-05 01:23:44 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-05 01:23:14 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-05 00:12:52 -------- d-----w- C:\AdwCleaner
2013-10-04 23:31:32 -------- d-----w- c:\windows\ERUNT
2013-10-04 22:40:48 7328304 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-03 00:11:08 -------- d-----w- C:\ca67fd282b8b89a2b0ce5f
2013-10-03 00:10:32 -------- d-----w- c:\windows\CheckSur
2013-10-02 22:48:29 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-10-02 22:48:28 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-10-02 22:48:27 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-10-02 22:48:26 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-02 22:48:26 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-02 22:48:26 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-02 22:48:25 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-02 22:47:04 41664 ----a-w- c:\windows\avastSS.scr
2013-10-02 22:47:02 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-10-02 22:46:21 -------- d-----w- c:\program files\AVAST Software
2013-10-02 22:46:00 -------- d-----w- c:\programdata\AVAST Software
2013-09-17 21:15:38 -------- d-----w- c:\windows\system32\MRT
2013-09-12 23:46:21 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{39e16af7-fc4d-4647-ab8b-f20691c8e6f7}\gapaengine.dll
2013-09-12 23:27:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-12 23:27:23 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-09-12 23:27:19 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-12 23:27:18 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-09-12 23:26:35 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-12 23:26:12 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-09-12 23:26:07 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-12 23:26:04 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-12 23:25:57 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-12 23:25:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-09-12 23:25:54 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-09-12 23:25:47 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-12 23:21:01 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-09-12 23:20:59 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-09-12 23:20:59 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-09-12 23:20:58 98304 ----a-w- c:\windows\system32\cryptnet.dll
.
==================== Find3M  ====================
.
2013-10-02 19:19:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-02 19:19:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 08:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-31 10:00:20 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-31 09:52:44 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-31 09:48:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-31 09:48:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-31 09:45:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-17 17:02:31 4167680 ----a-w- c:\program files\GUTDC60.tmp
2013-05-04 17:17:33 0 ----a-w- c:\program files\GUTBDF2.tmp
.
============= FINISH: 19:09:39.32 ===============

Attached Files

  • Attached File  dds.txt   17.47KB   1 downloads

Edited by jntkwx, 13 October 2013 - 10:11 AM.
Including log in post (easier to read)


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:18 PM

Posted 13 October 2013 - 10:19 AM

dadda03,

In the future, please just copy and paste logs directly into your reply instead of attaching them. They're easier to read that way.

 

Some other ground rules:

  • Do not run any other tool untill instructed to do so!
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything else while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

First, I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
 
Therefore please go to Programs and Features in the Control Panel and uninstall either Avast or Microsoft Security Essentials.

 

Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (If you're not sure how to do this, please let me know.

Please include the C:\ComboFix.txt in your next reply for further review.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 dadda03

dadda03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 13 October 2013 - 08:23 PM

ComboFix 13-10-13.02 - Shanelle 10/13/2013  20:53:41.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1917.1222 [GMT -4:00]
Running from: c:\users\Shanelle\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-14 to 2013-10-14  )))))))))))))))))))))))))))))))
.
.
2013-10-14 01:08 . 2013-10-14 01:09 -------- d-----w- c:\users\Shanelle\AppData\Local\temp
2013-10-14 01:08 . 2013-10-14 01:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-10-14 01:08 . 2013-10-14 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-13 17:19 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{527ADE9A-1EDD-48AD-A3D8-6EE9923738BE}\mpengine.dll
2013-10-13 16:56 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4249C3FE-C68B-4D01-9B6B-6511CE23976F}\mpengine.dll
2013-10-11 20:06 . 2013-10-11 20:07 -------- d-----w- C:\356ef94b088b34268ff26e7d4b99
2013-10-09 22:52 . 2013-07-20 10:44 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 22:52 . 2013-08-27 01:28 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-10-09 22:52 . 2013-08-27 01:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-09 22:52 . 2013-08-27 01:28 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-10-09 22:52 . 2013-08-27 02:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-09 22:52 . 2013-08-27 02:47 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-09 22:52 . 2013-08-27 02:47 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-10-09 22:52 . 2013-08-27 02:47 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-10-09 22:52 . 2013-08-27 01:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-09 22:52 . 2013-08-27 01:32 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-10-09 22:48 . 2013-07-03 02:33 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-09 22:48 . 2013-07-03 02:10 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-05 01:57 . 2013-10-09 22:36 -------- d-----w- c:\program files\Cobian Backup 8
2013-10-05 01:24 . 2013-10-05 01:24 -------- d-----w- c:\programdata\Oracle
2013-10-05 01:23 . 2013-10-05 01:22 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-10-05 01:23 . 2013-10-05 01:22 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-05 01:23 . 2013-10-05 01:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-05 00:12 . 2013-10-05 00:20 -------- d-----w- C:\AdwCleaner
2013-10-04 23:31 . 2013-10-04 23:31 -------- d-----w- c:\windows\ERUNT
2013-10-03 00:11 . 2013-10-03 00:11 -------- d-----w- C:\ca67fd282b8b89a2b0ce5f
2013-10-03 00:10 . 2013-10-03 00:10 -------- d-----w- c:\windows\CheckSur
2013-10-02 22:48 . 2013-08-30 07:47 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-02 22:46 . 2013-10-02 22:46 -------- d-----w- c:\program files\AVAST Software
2013-10-02 22:46 . 2013-10-13 15:41 -------- d-----w- c:\programdata\AVAST Software
2013-09-17 21:15 . 2013-10-13 16:32 -------- d-----w- c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 00:18 . 2012-05-02 01:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-10 00:18 . 2011-07-28 02:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-12 23:12 . 2013-09-12 23:46 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39E16AF7-FC4D-4647-AB8B-F20691C8E6F7}\gapaengine.dll
2013-08-07 08:22 . 2009-11-19 04:38 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 04:09 . 2013-09-12 23:26 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-18 10:42 . 2012-08-23 03:17 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-17 19:41 . 2013-09-12 23:26 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-16 04:35 . 2013-09-12 23:26 615936 ----a-w- c:\windows\system32\themeui.dll
2013-05-17 17:02 . 2013-05-17 17:02 4167680 ----a-w- c:\program files\GUTDC60.tmp
2013-05-04 17:17 . 2013-04-24 15:03 0 ----a-w- c:\program files\GUTBDF2.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-10 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-05-22 23:32 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-05-22 17:50 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 03:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
2009-12-09 15:26 346040 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 04:01 448080 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2007-03-29 17:39 411192 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 03:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLA52BB5C7
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ   wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ   WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-04 23:13 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 00:18]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 01:16]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 01:16]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-13 21:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-10-13  21:15:11
ComboFix-quarantined-files.txt  2013-10-14 01:15
ComboFix2.txt  2013-10-13 19:09
.
Pre-Run: 129,015,287,808 bytes free
Post-Run: 128,982,110,208 bytes free
.
- - End Of File - - 41616BFD044D5060A39C852446DDE168
5B5E648D12FCADC244C1EC30318E1EB9
 

Attached Files

  • Attached File  log.txt   12.42KB   0 downloads


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:18 PM

Posted 14 October 2013 - 10:27 AM

How is the computer running now?
 

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 dadda03

dadda03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 14 October 2013 - 06:46 PM

# AdwCleaner v3.007 - Report created 14/10/2013 at 19:40:09
# Updated 09/10/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Shanelle - SHANELLE-PC
# Running from : C:\Users\Shanelle\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16514
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\Shanelle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2625 octets] - [04/10/2013 20:13:18]
AdwCleaner[R1].txt - [1562 octets] - [14/10/2013 19:16:11]
AdwCleaner[R2].txt - [1422 octets] - [14/10/2013 19:40:10]
AdwCleaner[S0].txt - [2724 octets] - [04/10/2013 20:20:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1542 octets] ##########


#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:18 PM

Posted 14 October 2013 - 07:37 PM

Go ahead and run adwCleaner again, this time clicking the Clean button.

 

 

How is your computer running now?


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 dadda03

dadda03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 14 October 2013 - 08:24 PM

Still the same still cant open up word and when I try to it says "there is not enough or disk space to run Word" and all my word documents along with the pictures have 0 bytes



#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:18 PM

Posted 14 October 2013 - 08:30 PM

Ok, this may be hardware related rather than malware related.

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the <ENTER> key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 dadda03

dadda03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 16 October 2013 - 05:40 PM

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          10/16/2013 3:31:47 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Shanelle-PC
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is SQ004513V03.
 
A disk check has been scheduled.
Windows will now check the disk.                         
Unable to initialize an extent list for attribute type 0x80 with
instance tag 0x4.
Deleting corrupt attribute record (128, "")
from file record segment 28.
  240256 file records processed.                                  
 
  1060 large file records processed.                            
 
  0 bad file records processed.                              
 
  0 EA records processed.                                    
 
  74 reparse records processed.                               
 
  312462 index entries processed.                                 
 
  0 unindexed files processed.                               
 
  240256 security descriptors processed.                          
 
Cleaning up 7837 unused index entries from index $SII of file 0x9.
Cleaning up 7837 unused index entries from index $SDH of file 0x9.
Cleaning up 7837 unused security descriptors.
Inserting data attribute into file 28.
  36105 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
  35795344 USN bytes processed.                                     
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  240240 files processed.                                         
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  32425708 free clusters processed.                                 
 
Free space verification is complete.
Windows has made corrections to the file system.
 
 193820671 KB total disk space.
  63622284 KB in 171818 files.
    133320 KB in 36105 indexes.
         0 KB in bad sectors.
    362231 KB in use by the system.
     65536 KB occupied by the log file.
 129702836 KB available on disk.
 
      4096 bytes in each allocation unit.
  48455167 total allocation units on disk.
  32425709 allocation units available on disk.
 
Internal Info:
80 aa 03 00 3e 2c 03 00 94 89 05 00 00 00 00 00  ....>,..........
b9 85 00 00 4a 00 00 00 00 00 00 00 00 00 00 00  ....J...........
42 00 00 00 e2 73 ef 76 b0 84 2f 00 b0 7c 2f 00  B....s.v../..|/.
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-10-16T19:31:47.000Z" />
    <EventRecordID>58843</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Shanelle-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is SQ004513V03.
 
A disk check has been scheduled.
Windows will now check the disk.                         
Unable to initialize an extent list for attribute type 0x80 with
instance tag 0x4.
Deleting corrupt attribute record (128, "")
from file record segment 28.
  240256 file records processed.                                  
 
  1060 large file records processed.                            
 
  0 bad file records processed.                              
 
  0 EA records processed.                                    
 
  74 reparse records processed.                               
 
  312462 index entries processed.                                 
 
  0 unindexed files processed.                               
 
  240256 security descriptors processed.                          
 
Cleaning up 7837 unused index entries from index $SII of file 0x9.
Cleaning up 7837 unused index entries from index $SDH of file 0x9.
Cleaning up 7837 unused security descriptors.
Inserting data attribute into file 28.
  36105 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
  35795344 USN bytes processed.                                     
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  240240 files processed.                                         
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  32425708 free clusters processed.                                 
 
Free space verification is complete.
Windows has made corrections to the file system.
 
 193820671 KB total disk space.
  63622284 KB in 171818 files.
    133320 KB in 36105 indexes.
         0 KB in bad sectors.
    362231 KB in use by the system.
     65536 KB occupied by the log file.
 129702836 KB available on disk.
 
      4096 bytes in each allocation unit.
  48455167 total allocation units on disk.
  32425709 allocation units available on disk.
 
Internal Info:
80 aa 03 00 3e 2c 03 00 94 89 05 00 00 00 00 00  ....&gt;,..........
b9 85 00 00 4a 00 00 00 00 00 00 00 00 00 00 00  ....J...........
42 00 00 00 e2 73 ef 76 b0 84 2f 00 b0 7c 2f 00  B....s.v../..|/.
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:18 PM

Posted 16 October 2013 - 05:45 PM

Are you still having trouble opening Word documents?

 

If you are, what version of Word do you have?


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 dadda03

dadda03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 16 October 2013 - 05:50 PM

Microsoft Office Word 2007, when I click on the word document the title is Microsoft Office Word 12.0 then it says there is not enough memory or disk space to run word. 



#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:01:18 PM

Posted 16 October 2013 - 05:54 PM

Ok, let me do some more research and I'll reply back soon.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 dadda03

dadda03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 16 October 2013 - 05:57 PM

Ok take your time.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users