Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help! computer is acting so strange!!


  • This topic is locked This topic is locked
11 replies to this topic

#1 wikiderr

wikiderr

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 16 February 2014 - 01:42 PM

As suggested, I have run ADW and I cant find rogue killer, link provided was dead. I can run hijack this if you would like that as well. Please help, this is my business computer.

 

# AdwCleaner v3.018 - Report created 16/02/2017 at 26:29:30
# Updated 28/01/2014 by Xplode
# Operating System : Microhacked Windows XP Service Pack 8 (128 bits)
# Username : Gene - IGLOO-TL36-DB
# Running from : C:\Documents and Settings\Gene\My Documents\Quick Book Retail 2012\MOLLYWOP\DEEPISSUES\KLEENEX\PORN\VIDOES\EXPLICITVIDEOS\BLACKONBLACK\BLACKBLOWJOBS\CUMSHOTSTOBLACKFACES\Downloads\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Gene\Application Data\Mozilla\Firefox\Profiles\aq2nok9w.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Documents and Settings\Gene\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [6745 octets] - [03/02/2014 16:26:05]
AdwCleaner[R1].txt - [1097 octets] - [03/02/2014 16:34:07]
AdwCleaner[R2].txt - [4385 octets] - [16/02/2014 13:27:18]
AdwCleaner[S0].txt - [6980 octets] - [03/02/2014 16:27:01]
AdwCleaner[S1].txt - [1159 octets] - [03/02/2014 16:35:45]
AdwCleaner[S2].txt - [4215 octets] - [16/02/2014 13:29:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4275 octets] ##########

`



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 16 February 2014 - 02:36 PM





Hello wikiderr

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 wikiderr

wikiderr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 17 February 2014 - 09:17 PM

Hey, just downloaded this and i am scanning now. Will post when done, maybe wont be till morning. Its a business computer.



#4 wikiderr

wikiderr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 17 February 2014 - 09:21 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014
Ran by Gene at 2014-02-17 21:18:38
Running from C:\Documents and Settings\Gene\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky PURE 3.0 (Disabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Kaspersky PURE 3.0 (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (Version: 11.0.06 - Adobe Systems Incorporated)
ARO 2012 (Version: 8.0 - Support.com)
Ask Toolbar (Version: 12.10.0.18 - APN, LLC) <==== ATTENTION
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG SafeGuard toolbar (Version: 17.3.1.91 - AVG Technologies)
Broadcom Gigabit Integrated Controller (Version: 9.02.06 - Broadcom Corporation)
CCleaner (Version: 4.01 - Piriform)
Cheat Engine 6.2 (Version:  - Dark Byte)
Convert Files for Free (Version: 7.12 - Convert Files for Free)
Crystal Reports XI Release 2 .NET 2005 Server (Version: 11.5.0.0 - Business Objects)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
H264 Video Codec (Version:  - T,DP5)
HiJackThis (Version: 1.0.0 - Trend Micro)
HP Customer Participation Program 10.0 (Version: 10.0 - HP)
HP LaserJet P2050 Series 6.0 (Version: 6.0 - HP)
hppFonts (Version: 001.001.00061 - Hewlett-Packard) Hidden
hppQFolderP2050 (Version: 1.00.0000 - Hewlett-Packard) Hidden
hppusgP2050 (Version: 1.1.0.1 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543 - )
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java 7 Update 9 (Version: 7.0.90 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky PURE 3.0 (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (Version: 13.0.2.558 - Kaspersky Lab) Hidden
LogMeIn (Version: 4.1.2600 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mitchell1 DataProtection (Version: 2.10.0000 - Mitchell 1)
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0 - Microsoft Corporation)
PL-2303 USB-to-Serial (Version:  - )
QuickBooks (Version: 20.0.4001.807 - Intuit Inc.) Hidden
QuickBooks (Version: 21.0.4013.904 - Intuit Inc.) Hidden
QuickBooks Premier: Accountant Edition 2010 (Version: 20.0.4001.807 - Intuit Inc.)
QuickBooks Premier: Retail Edition 2011 (Version: 21.0.4013.904 - Intuit Inc.)

ServerEntrance(Version: 1.00) Hidden
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
ShopKey Professional SE - Host (Version: 6.4.608 - Snap-on)
ShopKey Professional SE - Workstation (Version: 6.4.608 - Snap-on)
ShopKeyPro (Version:  - )
SK5DotCom (Version:  - )
Splashtop Streamer (Version: 2.3.0.2 - Splashtop Inc.)
Splashtop Streamer (Version: 2.3.0.2 - Splashtop Inc.) Hidden
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SUPERAntiSpyware (Version: 5.6.1018 - SUPERAntiSpyware.com)
TeamViewer 8 (Version: 8.0.18051 - TeamViewer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (Version:  - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Format SDK Hotfix - KB891122 (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WinZip (Version:  11.0  (7313) - WinZip Computing LP)

==================== Restore Points  =========================

20-11-2013 12:25:43 System Checkpoint
21-11-2013 12:49:50 System Checkpoint
22-11-2013 14:16:34 System Checkpoint
23-11-2013 14:56:24 System Checkpoint
24-11-2013 15:55:18 System Checkpoint
25-11-2013 16:56:23 System Checkpoint
26-11-2013 17:55:19 System Checkpoint
27-11-2013 18:16:00 System Checkpoint
27-11-2013 18:30:10 Installed Windows XP KB942288-v3.
27-11-2013 18:54:26 Removed Microsoft SQL Server 2008 R2 Setup (English)
27-11-2013 19:05:19 Installed Host.
27-11-2013 19:08:24 Installed Mitchell1 DataProtection.
27-11-2013 19:12:59 Installed Workstation.
28-11-2013 19:39:11 System Checkpoint
29-11-2013 20:25:55 System Checkpoint
30-11-2013 20:39:12 System Checkpoint
01-12-2013 21:38:10 System Checkpoint
02-12-2013 21:46:17 System Checkpoint
03-12-2013 21:47:22 System Checkpoint
04-12-2013 22:02:25 System Checkpoint
05-12-2013 22:46:16 System Checkpoint
06-12-2013 23:46:17 System Checkpoint
08-12-2013 00:46:17 System Checkpoint
09-12-2013 01:46:17 System Checkpoint
10-12-2013 02:46:17 System Checkpoint
11-12-2013 03:46:17 System Checkpoint
12-12-2013 03:47:22 System Checkpoint
12-12-2013 08:00:14 Software Distribution Service 3.0
13-12-2013 08:25:02 System Checkpoint
14-12-2013 08:00:14 Software Distribution Service 3.0
14-12-2013 15:17:16 Printer Driver LogMeIn Printer Driver Installed
15-12-2013 15:24:01 System Checkpoint
16-12-2013 15:38:54 System Checkpoint
17-12-2013 15:44:57 System Checkpoint
18-12-2013 16:05:47 System Checkpoint
19-12-2013 17:01:56 System Checkpoint
20-12-2013 17:56:39 System Checkpoint
21-12-2013 19:11:52 System Checkpoint
22-12-2013 19:56:39 System Checkpoint
23-12-2013 20:15:25 System Checkpoint
24-12-2013 20:55:34 System Checkpoint
26-12-2013 14:43:43 System Checkpoint
27-12-2013 15:01:49 System Checkpoint
28-12-2013 16:01:49 System Checkpoint
29-12-2013 16:05:13 System Checkpoint
30-12-2013 16:25:33 System Checkpoint
31-12-2013 16:33:11 System Checkpoint
01-01-2014 17:33:09 System Checkpoint
02-01-2014 18:06:38 System Checkpoint
03-01-2014 19:06:38 System Checkpoint
04-01-2014 20:06:38 System Checkpoint
05-01-2014 21:06:38 System Checkpoint
06-01-2014 22:07:43 System Checkpoint
07-01-2014 22:09:15 System Checkpoint
08-01-2014 23:03:36 System Checkpoint
09-01-2014 23:03:52 System Checkpoint
11-01-2014 00:02:47 System Checkpoint
12-01-2014 01:02:47 System Checkpoint
13-01-2014 01:03:15 System Checkpoint
14-01-2014 01:15:56 System Checkpoint
15-01-2014 01:28:46 System Checkpoint
15-01-2014 08:00:14 Software Distribution Service 3.0
16-01-2014 08:24:35 System Checkpoint
17-01-2014 09:25:40 System Checkpoint
18-01-2014 10:24:35 System Checkpoint
19-01-2014 11:24:35 System Checkpoint
20-01-2014 11:36:36 System Checkpoint
20-01-2014 13:29:23 Installed Java 7 Update 51
20-01-2014 13:33:26 Removed Java 7 Update 51
20-01-2014 13:34:04 Installed Java 7 Update 51
20-01-2014 13:38:31 Installed Java 7 Update 9
21-01-2014 14:24:25 System Checkpoint
22-01-2014 14:25:31 System Checkpoint
23-01-2014 03:07:53 Printer Driver LogMeIn Printer Driver Installed
24-01-2014 03:24:25 System Checkpoint
25-01-2014 04:24:26 System Checkpoint
26-01-2014 05:24:26 System Checkpoint
27-01-2014 06:23:40 System Checkpoint
28-01-2014 06:24:25 System Checkpoint
29-01-2014 07:24:24 System Checkpoint
30-01-2014 08:24:24 System Checkpoint
31-01-2014 09:25:29 System Checkpoint
01-02-2014 10:24:24 System Checkpoint
02-02-2014 11:24:24 System Checkpoint
03-02-2014 11:35:07 System Checkpoint
04-02-2014 08:00:15 Software Distribution Service 3.0
05-02-2014 08:38:16 System Checkpoint
05-02-2014 21:58:17 Installed HiJackThis
06-02-2014 22:31:00 System Checkpoint
07-02-2014 23:29:57 System Checkpoint
09-02-2014 00:29:58 System Checkpoint
10-02-2014 01:29:57 System Checkpoint
11-02-2014 01:45:28 System Checkpoint
12-02-2014 02:24:45 System Checkpoint
12-02-2014 19:20:33 First Restore Point
13-02-2014 08:00:16 Software Distribution Service 3.0
14-02-2014 08:42:11 System Checkpoint
15-02-2014 09:05:12 System Checkpoint
16-02-2014 10:05:12 System Checkpoint
17-02-2014 10:37:15 System Checkpoint

==================== Hosts content: ==========================

2004-08-12 08:19 - 2011-10-18 07:59 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\genes automotive LLC 1366841813.job => C:\Program Files\Intuit\QuickBooks 2011\AutoBackupEXE.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{94D0C952-B02E-4A32-A0B1-E675C3273914}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2014-01-28 05:27 - 2014-01-28 05:27 - 00252928 _____ () C:\Program Files\Convert Files for Free\ConvertFilesforFreeUpdt.exe
2013-05-17 18:16 - 2013-05-17 18:16 - 00269128 _____ () C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00021320 _____ () C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-19 23:18 - 2005-07-19 23:18 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00348488 _____ () C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00126792 _____ () C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00176968 _____ () C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00042824 _____ () C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
2013-05-17 18:17 - 2013-05-17 18:17 - 00101704 _____ () C:\Program Files\Intuit\QuickBooks 2011\ReportBridge.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00070472 _____ () C:\Program Files\Intuit\QuickBooks 2011\QB2WPFBridge.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00070984 _____ () C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetBridge.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00093512 _____ () C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetInterop.dll
2013-05-17 15:17 - 2013-11-08 00:23 - 00092672 _____ () C:\Program Files\Intuit\QuickBooks 2011\Webification.dll
2013-11-08 00:22 - 2013-11-08 00:23 - 00382464 _____ () C:\Program Files\Intuit\QuickBooks 2011\FtuEngine.dll
2013-05-17 18:16 - 2013-05-17 18:16 - 00058184 _____ () C:\Program Files\Intuit\QuickBooks 2011\htmlhelper.dll
2013-11-15 16:26 - 2014-02-16 08:29 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-05 00:55 - 2014-02-05 00:55 - 16287624 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\WINDOWS\pss\QuickBooks_Standard_21.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AROReminder => C:\Program Files\ARO 2012\ARO.exe -rem
MSCONFIG\startupreg: HPUsageTracking => "c:\Program Files\HP\HP UT\bin\hppusg.exe" "c:\Program Files\HP\HP UT\"
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"

==================== Faulty Device Manager Devices =============

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 09:17:44 PM) (Source: Application Error) (User: )
Description: Faulting application frst.exe, version 3.3.10.2, faulting module frst.exe, version 3.3.10.2, fault address 0x00020025.
Processing media-specific event for [frst.exe!ws!]

Error: (02/17/2014 09:16:28 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (02/17/2014 09:01:27 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (02/17/2014 08:46:27 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (02/17/2014 08:31:27 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (02/17/2014 08:16:27 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (02/17/2014 08:01:26 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (02/17/2014 07:46:26 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (02/17/2014 07:31:26 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object

Error: (02/17/2014 07:16:26 PM) (Source: ConvertFilesforFree) (User: )
Description: Can't parse JSON update object


System errors:
=============
Error: (02/16/2014 01:33:03 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.3.0 service failed to start due to the following error:
%%2

Error: (02/16/2014 01:33:03 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Mitchell1 DataProtection Backup Controller service to connect.

Error: (02/16/2014 01:33:03 PM) (Source: Service Control Manager) (User: )
Description: The LoadUserProfile call failed with the following error:
%%2

Error: (02/16/2014 01:33:03 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Mitchell1 DataProtection Application Backup service to connect.

Error: (02/12/2014 04:09:37 PM) (Source: 0) (User: )
Description: 192.168.44.734:C0:59:07:CC:11

Error: (02/12/2014 04:09:37 PM) (Source: 0) (User: )
Description: 192.168.44.734:C0:59:07:CC:11

Error: (02/12/2014 04:09:06 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.44.9 for the Network Card with network address 00137211F825 has been
denied by the DHCP server 192.168.44.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/12/2014 02:28:15 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Mitchell1 DataProtection Backup Controller service to connect.

Error: (02/12/2014 02:28:15 PM) (Source: Service Control Manager) (User: )
Description: The LoadUserProfile call failed with the following error:
%%2

Error: (02/12/2014 02:28:15 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Mitchell1 DataProtection Application Backup service to connect.


Microsoft Office Sessions:
=========================
Error: (02/17/2014 09:17:44 PM) (Source: Application Error)(User: )
Description: frst.exe3.3.10.2frst.exe3.3.10.200020025

Error: (02/17/2014 09:16:28 PM) (Source: ConvertFilesforFree)(User: )
Description: Can't parse JSON update object

Error: (02/17/2014 09:01:27 PM) (Source: ConvertFilesforFree)(User: )
Description: Can't parse JSON update object

Error: (02/17/2014 08:46:27 PM) (Source: ConvertFilesforFree)(User: )
Description: Can't parse JSON update object

Error: (02/17/2014 08:31:27 PM) (Source: ConvertFilesforFree)(User: )
Description: Can't parse JSON update object

Error: (02/17/2014 08:16:27 PM) (Source: ConvertFilesforFree)(User: )
Description: Can't parse JSON update object

Error: (02/17/2014 08:01:26 PM) (Source: ConvertFilesforFree)(User: )
Description: Can't parse JSON update object

Error: (02/17/2014 07:46:26 PM) (Source: ConvertFilesforFree)(User: )
Description: Can't parse JSON update object

Error: (02/17/2014 07:31:26 PM) (Source: ConvertFilesforFree)(User: )
Description: Can't parse JSON update object

Error: (02/17/2014 07:16:26 PM) (Source: ConvertFilesforFree)(User: )
Description: Can't parse JSON update object


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 2038.07 MB
Available physical RAM: 825.5 MB
Total Pagefile: 3929.01 MB
Available Pagefile: 2456.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:431.98 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: DD224908)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 17 February 2014 - 10:28 PM



Hello wikiderr

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 wikiderr

wikiderr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 19 February 2014 - 05:21 PM

# AdwCleaner v3.019 - Report created 19/02/2014 at 17:13:14
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Gene - DELL-GX520
# Running from : C:\Documents and Settings\Gene\My Documents\Quick Book Retail 2012\MOLLYWOP\DEEPISSUES\KLEENEX\PORN\VIDOES\EXPLICITVIDEOS\BLACKONBLACK\BLACKBLOWJOBS\CUMSHOTSTOBLACKFACES\Downloads\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Gene\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Gene\Application Data\AVG SafeGuard toolbar
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Gene\Application Data\Mozilla\Firefox\Profiles\aq2nok9w.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Documents and Settings\Gene\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6745 octets] - [03/02/2014 16:26:05]
AdwCleaner[R1].txt - [1097 octets] - [03/02/2014 16:34:07]
AdwCleaner[R2].txt - [4385 octets] - [16/02/2014 13:27:18]
AdwCleaner[R3].txt - [2538 octets] - [19/02/2014 17:11:54]
AdwCleaner[S0].txt - [6980 octets] - [03/02/2014 16:27:01]
AdwCleaner[S1].txt - [1159 octets] - [03/02/2014 16:35:45]
AdwCleaner[S2].txt - [4355 octets] - [16/02/2014 13:29:30]
AdwCleaner[S3].txt - [2503 octets] - [19/02/2014 17:13:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2563 octets] ##########
 

this is my ADW log, i am scanning with junkware as we speak.



#7 wikiderr

wikiderr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 19 February 2014 - 05:45 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Gene on Wed 02/19/2014 at 17:23:15.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\Gene\Application Data\mozilla\firefox\profiles\aq2nok9w.default\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/19/2014 at 17:39:05.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 19 February 2014 - 05:53 PM


Hello wikiderr

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 wikiderr

wikiderr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 21 February 2014 - 05:26 PM

Hello, I am trying to run combofix. I have tried several different ways, I have tried as administrator, on safe mode, on a different user account. It will run and lock my computer up, it will get to the point of restarting my computer, and upon boot my PC locks upon boot.

 

Any suggestions?



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 21 February 2014 - 09:08 PM


Hello wikiderr

I would like you to try this to see if combofix will run

combofix
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 27 February 2014 - 08:50 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:54 PM

Posted 03 March 2014 - 07:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users