Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unbootable computer


  • Please log in to reply

#16
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
I wouldn't recommend any kind of registry cleaner / fixer / tweaker etc. as the only thing they can provide you are problems

I'm investigating something according your MBR, I'll post shortly :)
  • 0

Advertisements


#17
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
I am now experiencing something weird


If there is a link which i want to open in a new tab or window i right click 'open in new tab' or just click on it itself
and my internet will crash this will happen with everything.. it started happening yesterday but i thought nothing of it.
  • 0

#18
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
Your computer is clean as far as I can tell, most probably you are encountering these problems due to low memory:

1.90 Gb Total Physical Memory | 0.18 Gb Available Physical Memory | 9.39% Memory free


We can do some things to help this, but let's run some checks first:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next:

Please run a full scan with your antivirus (Avast) and remove anything that it founds. Post the log here
You can find the log here:
Posted Image
  • 0

#19
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
The mbam log was clean


I dont have the time for the avast scan

its been a hour and not even 1%
  • 0

#20
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
You can start it before bed time and leave it working overnight
It's just to verify that these issues aren't caused by malware
  • 0

#21
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
itll take too long i dont want the laptop to overheat


cant i run combofix or something

Edited by nortan360, 17 August 2011 - 03:45 PM.

  • 0

#22
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Ok then

Your issues are most probably due to low memory, you could do this:

STARTUP DISABLE

To try and ease the startup try this

Download Startup Control Panel here
Instal and you will find a startup icon in the control panel - run this
  • In the HKLM tab, you may disable (be careful --> "disable") all the entries except your security software
  • In the HKCU tab, you may disable all entries.
  • In the StartUp tab, you may disable all entries.
Note : if you notice that some programs no longer run, you can enable them again by running Startup Control Panel, selecting the entry and choosing Run Now.
If you are in doubt with something, don't hesitate to ask :)

TEMPORARY FILES CLEANER - DISK DEFRAGMENTER

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download Flush Flash from Here and follow the easy to use instructions on the same page


Next:

Follow this guide to update your system and to get Internet Explorer 9

After you install Internet Explorer 9, read here on how to reset Internet Explorer settings

Next:

Read here on how to reset firewall settings


Next:

Finally try not running multiple programs together.
After you follow all these, tell me how's your computer running and if there are any other problems
  • 0

#23
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Every website i go to seems to be covered in ads?



Unable to download anything because internet explorer stops working...


Ive managed to download TFC which wont run

Edited by nortan360, 17 August 2011 - 04:07 PM.

  • 0

#24
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Can you post a screenshot of a website that is showing these adds?
Read here how to take a screen shot
  • 0

#25
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
I know youtube and facebook have ads but never this many..
  • 0

Advertisements


#26
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
The symptons are getting worse
Now iexplorer gets internet explorer has stopped working when i try to run it

Im doing malware removal training on another forum 247Fixes if youve heard of it
so i know some knowledge on malware.
  • 0

#27
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Don't follow my previous post for now, let's try some other things

Please uninstall the following programs:

Free Ride Games Player
Java™ SE Development Kit 6 Update 23
RegClean Pro
Messenger Plus! 5
TeamViewer 5
Java™ SE Runtime Environment 6
Java™ SE Development Kit 6
Java™ SE Development Kit 6 Update 24


Install Java Java SE Runtime Environment 7 and Java SE Development Kit 7


Next:


I see you have downloaded ComboFix as Gerorge.exe on your Desktop. If you ran it, then there should be a log named ComboFix.txt in C:\. If it's there then post it here. If it's not there then delete george.exe from your Desktop as it's outdated and run a fresh one:



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2010/03/10 22:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
    FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
    O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)

    :Services

    :Reg

    :Files
    C:\Program Files\Free Ride Games

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Next:

You can use these programs to prevent adds from appearing:

Simple Adblock (for IE)
AdBlock Plus (For FF)


Also download and run Speedy Fox

Run it anytime you make changes to Firefox or its extensions.


Next:

  • Double-click My Computer, and then right-click the hard disk that you want to check. C:
  • Click Properties, and then click Tools.
  • Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed
  • Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
  • Click Yes to schedule the disk check, but don't restart yet.


  • Right click on (My) Computer and select Manage
  • Then click the Event Viewer.
  • Select Windows Logs.
  • Right click on System and Clear Log, Clear.
  • Repeat for Application. Reboot.
  • The disk check will run and will probably take an hour or more to finish.


Next:

Click Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


Next:

  • Please download the Event Viewer Tool by Vino Rosso and save it to your Desktop
  • Right-click VEW.exe and Run AS Administrator
  • Under 'Select log to query', select:
    System
  • Under 'Select type to list', select:
    Error
    Warning
  • Then use the 'Number of events' as follows:
  • Click the radio button for 'Number of events'
  • Type 20 in the 1 to 20 box
  • Then click the Run button.
  • Notepad will open with the output log.
  • Please post the Output log in your next reply then repeat but select Application.



Next:
  • Get Process Explorer
  • Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).
  • Close all other programs.
  • Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
  • Wait a minute for things to settle down.
  • File, Save As, Save.
  • Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Next:

  • Download Speccy (Look in the upper right for the Download Latest Version button)
  • Download, Save and Install it.
  • Run Speccy by right clicking and Run As Administrator.
  • When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives.
  • OK. Attach the file to your next post.

  • 0

#28
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
ComboFix 11-08-18.01 - LENOVO 18/08/2011 12:56:18.5.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.1943.927 [GMT 1:00]
Running from: c:\users\LENOVO\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Object\bho_project.dll
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 12:08 . 2011-08-18 12:09 -------- d-----w- c:\users\LENOVO\AppData\Local\temp
2011-08-18 12:08 . 2011-08-18 12:08 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-08-18 12:08 . 2011-08-18 12:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-18 12:08 . 2011-08-18 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-17 10:31 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AF3A294-2491-4E1D-8555-0F43304203B9}\mpengine.dll
2011-08-16 20:51 . 2011-08-16 20:51 -------- d-----w- c:\users\LENOVO\AppData\Roaming\Systweak
2011-08-16 20:50 . 2011-08-18 12:08 -------- d-----w- c:\program files\Object
2011-08-16 20:50 . 2011-07-07 12:26 17280 ----a-w- c:\windows\system32\roboot.exe
2011-08-16 20:50 . 2011-08-16 20:50 -------- d-----w- c:\program files\RegClean Pro
2011-08-15 21:48 . 2011-08-15 21:48 -------- d-----w- c:\users\LENOVO\AppData\Roaming\JGsoft
2011-08-15 21:47 . 2011-08-15 21:47 -------- d-----w- c:\program files\JGsoft
2011-08-15 21:47 . 2011-05-16 02:33 67312 ----a-w- c:\windows\UnDeployV.exe
2011-08-10 20:00 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 20:00 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:00 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-08 19:23 . 2011-08-18 11:48 -------- d-----w- c:\users\LENOVO\AppData\Roaming\.minecraft
2011-07-27 17:16 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-27 17:16 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 18:52 . 2010-09-02 00:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2010-09-02 00:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-08-25 16:06 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-08-25 16:06 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-01 21:39 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-08-25 16:07 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-08-25 16:07 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-08-25 16:07 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-08-25 16:07 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-08-25 16:07 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-18 17:54 . 2011-06-18 17:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 13:45 . 2011-05-08 19:28 187328 ----a-w- c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2011-06-17 13:40 . 2011-05-08 19:27 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-06-15 11:07 . 2011-01-19 00:59 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-05-24 18:14 . 2010-08-25 16:45 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-26 61728]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-04-22 49976]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-04-15 660768]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-10 435560]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-12-10 181608]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes2\iTunesHelper.exe" [2011-06-07 421160]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-02 273544]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk
backup=c:\windows\pss\ShortKeys 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 3.lnk
backup=c:\windows\pss\ShortKeys 3.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 16:51 421160 ----a-w- c:\program files\iTunes2\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 10:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-06-15 19:03 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-02 00:01 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-27 106496]
R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 204800]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-21 4208208]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-01-29 20520]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-27 1676536]
S2 DDNIOEMService;DDNIOEMService;c:\program files\DDNI\SBITS\DDNIOEMService.exe [2007-09-28 162280]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-27 98304]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-04-15 66848]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-09-19 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-09-19 54784]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-27 482176]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-08-14 220152]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-09 3715072]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853308285-865056411-922338472-1000Core.job
- c:\users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 17:30]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1853308285-865056411-922338472-1000UA.job
- c:\users\LENOVO\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 17:30]
.
2010-08-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2011-08-17 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-08-16 12:26]
.
2011-08-17 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-08-16 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\xqbyuseu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: [email protected] - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-RunOnce-MessengerPlusLiveUninstall - c:\users\LENOVO\AppData\Local\Temp\MsgPlusUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-18 13:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
[0] 0x00000212
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP0000007C8CF93F66D2BD0D6F 524288 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1853308285-865056411-922338472-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DA3DD5C5-2F6F-E749-D4A2-0D91BDF20D27}*]
"hahipkcgcajjaeco"=hex:6a,61,66,64,6b,64,61,61,68,64,63,70,68,6f,62,69,6b,6d,
68,68,00,00
"iafbhlgohffmfmhbmf"=hex:63,61,63,65,65,63,00,7f
"iabjjmomdcemelfdgo"=hex:6a,61,66,64,6b,64,61,61,68,64,63,70,68,6f,62,69,6b,6d,
68,68,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-18 13:15:20
ComboFix-quarantined-files.txt 2011-08-18 12:15
ComboFix2.txt 2011-05-08 15:29
.
Pre-Run: 33,944,027,136 bytes free
Post-Run: 33,693,900,800 bytes free
.
Current=10 Default=10 Failed=1 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
- - End Of File - - 8514D45192E035D67714D09633892372
  • 0

#29
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
OTL keeps freezing would you like me to carry on with the steps since GMER found a hidden file?
  • 0

#30
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Yes. Did you uninstall Free Ride Games Player before running OTL fix?
If you did and it's still freezing, run this fix instead:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
    O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)

    :Services

    :Reg

    :Files
    C:\Program Files\Free Ride Games
    c:\program files\Object

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Then follow with the rest of my previous post.

Just to let you know, we've found the culprit... For some reason it wasn't showed on the logs...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP