Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes found some stuff, seems to be stuck. How can I safely delete files?


  • This topic is locked This topic is locked
24 replies to this topic

#1 Lastm4nstanding

Lastm4nstanding

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 April 2014 - 04:27 AM

HKLM\SOFTWARE\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

HKLM\SOFTWARE\InstallIQ

HKLM\SOFTWARE\SWEETTIM|simapp_id

HKLM\SOFTWARE\SWEETIM

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc

C:\Users\Getsuneko\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

These are what it found.

 

Currently it is stuck at the Heuristic Analysis Scan. Been at "Objects Scanned: 227524" for about 4 hours now.

 

The Virus doesn't seem to be working now that it picked it up, but it hasn't quarrentiend or removed the proplem files.

 

Thoughts?


Edited by hamluis, 21 April 2014 - 08:04 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 April 2014 - 04:28 AM

Gonna leave all this on over-night, gonna check in the morning.



#3 spc3rd

spc3rd

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:07:10 AM

Posted 21 April 2014 - 05:31 AM

Hi Lastm4nstanding and welcome to the BC Forums! :welcome:

 

There do appear to be issues (given the scan results you've reported).  I would suggest that you create a post in the "Am I Infected" sub-forum, as problems of this nature are not generally handled in the Windows 7 sub-forum.  (link to "Am I Infected sub-forum is shown below).  There are specially-trained BC staff members who can best assist you with these type problems.  (Please ensure you mention your original post here and also indicate what version of MBAM you are presently using).

 

http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

 

Also, be sure to read the pinned information topics at the very top of the sub-forum - very important to do so!

 

Best regards & good luck!


Edited by spc3rd, 21 April 2014 - 06:06 AM.

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:10 AM

Posted 21 April 2014 - 08:04 AM

No need to create new topic, I moved to proper forum.

 

Louis



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:10 PM

Posted 21 April 2014 - 09:11 PM

Hello -

Did you ever get a log from Malwarebytes Anti-Malware, if so please post it.

Do you have the new 2.0.1 version of Malwarebytes program installed ??

Method for posting the log -

----------

•When completed click the down arrow on Export Log and select Text file (*.txt)
•Save the file to your desktop as MBAM
•Click Apply Actions then restart your computer if requested
•Copy and past the contents of MBAM.txt in your reply.

 

Also please run these programs. Save them to Desktop and Copy and Paste any logs -

 

First -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Download MiniToolBox, Save it to your desktop to run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
Click Go and copy / paste the result (Result.txt).

 

Next -

Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Please post the small RKill log back here

 

 

Important: Do not reboot your computer until you complete the next step.

 

Now

Download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
Vista / Windows 7 / 8 users right-click and select Run As Administrator
• Click on the Scan button (only once)
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
•Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.

NOW -
• If you're ready to clean it all up.....click the Clean button (only once)

You must click OK to start and OK to agree to a reboot.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• NOTE : To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Also -

* Please download Junkware Removal Tool to your desktop.

If required Temporarily Disable Your Anti-virus while the program runs.
* Run the tool by double-clicking it.
* If you are using Windows Vista, 7, or 8, right click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

NOTE :AdwCleaner and Junkware Removal Tool are programs that search for and delete Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer.



#6 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 April 2014 - 10:02 PM

Thank you, will do all of this now.

 

Sorry about posting in the wrong forum. I'll make a post there with all the information Mr. Noknojon requested.

 

Thank you for moving the Topic, Mr. Louis. =3


Edited by Lastm4nstanding, 21 April 2014 - 10:21 PM.


#7 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 April 2014 - 10:20 PM

The first link no longer works...

 

The anti-Malware got rid of those files I was speaking of, but the computer still tries to close that task manager and when I get on facebook it tries to close the page out. It also won't allow me to use the right click menu. I can get around this by using the tab and the arrow keys for a short time, but it soon closes as well.

 

Then there are times like now when it works with perfect clairity. I really don't understand what's wrong.

 

As soon as I can get to the program from the first link, I will make all the nessissary scans and posts.


Edited by Lastm4nstanding, 21 April 2014 - 10:24 PM.


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:10 PM

Posted 21 April 2014 - 10:51 PM

The first link no longer works...

Thanks for that. I have contacted Screen317 and he is currently revising the program.

 

Ignore that one and please continue -



#9 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 April 2014 - 11:20 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Getsuneko (administrator) on 21-04-2014 at 23:05:01
Running from "C:\Users\Getsuneko\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom 43224AG 802.11a/b/g/draft-n Wi-Fi Adapter = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Jikonori
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-26-82-64-48-99
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom 43224AG 802.11a/b/g/draft-n Wi-Fi Adapter
   Physical Address. . . . . . . . . : 00-26-82-64-48-99
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9591:149f:fa4f:6517%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, April 21, 2014 12:46:44 PM
   Lease Expires . . . . . . . . . . : Tuesday, April 22, 2014 12:46:45 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 385885826
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-B1-BA-1E-C8-0A-A9-24-92-F2
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : C8-0A-A9-24-92-F2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4009:803::1008
      173.194.46.97
      173.194.46.104
      173.194.46.101
      173.194.46.102
      173.194.46.98
      173.194.46.105
      173.194.46.100
      173.194.46.96
      173.194.46.110
      173.194.46.103
      173.194.46.99


Pinging google.com [74.125.225.131] with 32 bytes of data:
Reply from 74.125.225.131: bytes=32 time=23ms TTL=55
Reply from 74.125.225.131: bytes=32 time=17ms TTL=55

Ping statistics for 74.125.225.131:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 23ms, Average = 20ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=65ms TTL=49
Reply from 98.139.183.24: bytes=32 time=42ms TTL=49

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 42ms, Maximum = 65ms, Average = 53ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...00 26 82 64 48 99 ......Microsoft Virtual WiFi Miniport Adapter
 16...00 26 82 64 48 99 ......Broadcom 43224AG 802.11a/b/g/draft-n Wi-Fi Adapter
 11...c8 0a a9 24 92 f2 ......NVIDIA nForce Networking Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    276
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 16    276 fe80::/64                On-link
 16    276 fe80::9591:149f:fa4f:6517/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/21/2014 08:46:24 PM) (Source: Application Hang) (User: )
Description: The program soffice.bin version 4.0.9714.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f94

Start Time: 01cf5d99f63084a0

Termination Time: 324

Application Path: C:\Program Files\OpenOffice 4\program\soffice.bin

Report Id:

Error: (04/21/2014 00:46:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 00:28:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 00:28:03 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (04/21/2014 00:28:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_FontCache, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: fntcache.dll, version: 6.2.9200.16492, time stamp: 0x50f31969
Exception code: 0xc0000006
Fault offset: 0x0000d8ad
Faulting process id: 0x41c
Faulting application start time: 0xsvchost.exe_FontCache0
Faulting application path: svchost.exe_FontCache1
Faulting module path: svchost.exe_FontCache2
Report Id: svchost.exe_FontCache3

Error: (04/20/2014 11:34:15 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\NlsData0009.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\Windows\System32\NlsData0009.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (04/20/2014 11:34:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0
Faulting module name: NLSData0009.dll, version: 6.1.7600.16385, time stamp: 0x4a5bda89
Exception code: 0xc0000006
Fault offset: 0x000a3f56
Faulting process id: 0x99c
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (04/20/2014 11:05:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2014 07:26:11 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (04/20/2014 07:26:11 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C


System errors:
=============
Error: (04/21/2014 02:39:47 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

Error: (04/21/2014 00:46:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/21/2014 00:46:48 PM) (Source: Service Control Manager) (User: )
Description: The Service Component of VO service failed to start due to the following error:
%%2

Error: (04/21/2014 00:46:41 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%2

Error: (04/21/2014 00:46:41 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%2

Error: (04/21/2014 00:46:41 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%2

Error: (04/21/2014 00:45:06 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (04/21/2014 00:45:06 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (04/21/2014 00:45:06 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (04/21/2014 00:45:06 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (04/21/2014 08:46:24 PM) (Source: Application Hang)(User: )
Description: soffice.bin4.0.9714.500f9401cf5d99f63084a0324C:\Program Files\OpenOffice 4\program\soffice.bin

Error: (04/21/2014 00:46:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 00:28:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 00:28:03 PM) (Source: Application Error)(User: )
Description: C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.datHost Process for Windows ServicesC00001853

Error: (04/21/2014 00:28:03 PM) (Source: Application Error)(User: )
Description: svchost.exe_FontCache6.1.7600.163854a5bc100fntcache.dll6.2.9200.1649250f31969c00000060000d8ad41c01cf5d86eea8b3a0C:\Windows\system32\svchost.exec:\windows\system32\fntcache.dll4aaa03c0-c97a-11e3-9fce-002682644899

Error: (04/20/2014 11:34:15 PM) (Source: Application Error)(User: )
Description: C:\Windows\System32\NlsData0009.dllMicrosoft Windows Search IndexerC00001853

Error: (04/20/2014 11:34:15 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7600.163854a5bcdd0NLSData0009.dll6.1.7600.163854a5bda89c0000006000a3f5699c01cf5d17288a58a0C:\Windows\system32\SearchIndexer.exeC:\Windows\System32\NLSData0009.dll313a3430-c90e-11e3-a3b6-c80aa92492f2

Error: (04/20/2014 11:05:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2014 07:26:11 PM) (Source: Winlogon)(User: )
Description: 0x000000000x00000001

Error: (04/20/2014 07:26:11 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x8007043C


=========================== Installed Programs ============================

µTorrent (Version: 3.4.1.30740)
Adobe AIR (Version: 4.0.0.1390)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 13 Plugin (Version: 13.0.0.182)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
ArcSoft WebCam Companion 3 (Version: 3.0.355)
AVG 2014 (Version: 14.0.3722)
AVG 2014 (Version: 14.0.4355)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.48.18)
DAEMON Tools Ultra (Version: 2.2.0.0226)
Dawn of War - Dark Crusade (Version: 1.00.0000)
Dawn Of War - Winter Assault (Version: 1.4)
DawnOfWar (Version: 1.00.00000)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Google Talk Plugin (Version: 5.2.4.18058)
HP Integrated Module with Bluetooth wireless technology (Version: 6.2.0.9602)
HP Support Solutions Framework (Version: 11.50.0012)
HP Wireless Assistant (Version: 3.50.10.1)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
League of Legends (Version: 3.0.0)
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
NVIDIA 3D Vision Controller Driver 320.49 (Version: 320.49)
NVIDIA 3D Vision Driver 320.49 (Version: 320.49)
NVIDIA Control Panel 320.49 (Version: 320.49)
NVIDIA Graphics Driver 320.49 (Version: 320.49)
NVIDIA HD Audio Driver 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2049)
OpenOffice 4.0.1 (Version: 4.01.9714)
Pando Media Booster (Version: 2.6.0.7)
Pascal Handset USB Driver
Razer Game Booster (Version: 4.2.45.0)
Skype™ 6.14 (Version: 6.14.104)
WinRAR 5.10 beta 1 (32-bit) (Version: 5.10.1)
World of Tanks
ZTE V768 Handset USB Driver (Version: 3.0.0.02)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 1789.97 MB
Available physical RAM: 897.58 MB
Total Pagefile: 3579.94 MB
Available Pagefile: 2181.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.26 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:138.01 GB) (Free:66.14 GB) NTFS
2 Drive d: (Sto2) (Fixed) (Total:10.84 GB) (Free:10.75 GB) NTFS
 



#10 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 April 2014 - 11:25 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/21/2014 11:23:50 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/21/2014 11:24:41 PM
Execution time: 0 hours(s), 0 minute(s), and 50 seconds(s)
 



#11 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 April 2014 - 11:53 PM

It keeps trying to close that adwcleaner.

How do I stop it?


Edited by Lastm4nstanding, 21 April 2014 - 11:54 PM.


#12 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 April 2014 - 11:57 PM

Think it might be done, won't let me generate the report. I can list all the items it's found thus far by hand though.

 

Closed it by acciedent. Running it again.


Edited by Lastm4nstanding, 22 April 2014 - 12:03 AM.


#13 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 22 April 2014 - 12:21 AM

# AdwCleaner v3.103 - Report created 22/04/2014 at 00:02:50
# Updated 21/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Getsuneko - JIKONORI
# Running from : C:\Users\Getsuneko\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack

***** [ Files / Folders ] *****

File Found : C:\END
Folder Found C:\Users\Getsuneko\AppData\Local\BrowserSafeguard
Folder Found C:\Users\Getsuneko\AppData\Local\SearchProtect
Folder Found C:\Users\Getsuneko\AppData\LocalLow\SiteRanker
Folder Found C:\Windows\system32\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilWebSparkle_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilWebSparkle_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Getsuneko\AppData\Roaming\Mozilla\Firefox\Profiles\ityjp7q4.default\prefs.js ]
 


Clean all?



#14 Lastm4nstanding

Lastm4nstanding
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 22 April 2014 - 12:54 AM

I just want someone to confirm before I do. Don't want to destroy anything important... xD



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:10 PM

Posted 22 April 2014 - 01:03 AM

Hi -

I would hit Clean, as these are generally adware and unwanted items.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1 < Infection <

Just as a quick look at them -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users