Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow response, Freezes, Tool bar extras [Solved]


  • This topic is locked This topic is locked

#16
Emma Grace

Emma Grace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's the one dated 08.03

I'm running another now if you want an updated one instead.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-02 23:46:58
-----------------------------
23:46:58.313 OS Version: Windows 6.0.6002 Service Pack 2
23:46:58.313 Number of processors: 2 586 0x6B02
23:46:58.314 ComputerName: OUTLAW-PC UserName: Outlaw
23:47:16.315 Initialize success
23:47:17.181 AVAST engine defs: 12080201
23:47:35.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:47:35.860 Disk 0 Vendor: WDC_WD3200AAJS-00B4A0 01.03A01 Size: 305245MB BusType: 3
23:47:35.878 Disk 0 MBR read successfully
23:47:35.882 Disk 0 MBR scan
23:47:35.887 Disk 0 unknown MBR code
23:47:35.891 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
23:47:35.905 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 116076 MB offset 30734336
23:47:35.926 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 174161 MB offset 268457984
23:47:35.933 Disk 0 scanning sectors +625139712
23:47:36.025 Disk 0 scanning C:\Windows\system32\drivers
23:47:47.025 Service scanning
23:48:05.914 Modules scanning
23:48:17.993 Disk 0 trace - called modules:
23:48:18.017 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8408e1e8]<<
23:48:18.023 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ad0240]
23:48:18.029 3 CLASSPNP.SYS[877a98b3] -> nt!IofCallDriver -> [0x84ad7918]
23:48:18.035 5 acpi.sys[8072b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ab2770]
23:48:18.042 \Driver\atapi[0x83c7a960] -> IRP_MJ_CREATE -> 0x8408e1e8
23:48:19.289 AVAST engine scan C:\Windows
23:48:28.655 AVAST engine scan C:\Windows\system32
23:53:24.053 AVAST engine scan C:\Windows\system32\drivers
23:53:38.411 AVAST engine scan C:\Users\Outlaw
00:05:34.595 AVAST engine scan C:\ProgramData
00:07:54.646 Scan finished successfully
01:10:37.595 Disk 0 MBR has been saved successfully to "C:\Users\Outlaw\Documents\MBR.dat"
01:10:37.615 The log file has been saved successfully to "C:\Users\Outlaw\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-03 12:13:11
-----------------------------
12:13:11.673 OS Version: Windows 6.0.6002 Service Pack 2
12:13:11.673 Number of processors: 2 586 0x6B02
12:13:11.675 ComputerName: OUTLAW-PC UserName: Outlaw
12:13:12.581 Initialize success
12:13:12.669 AVAST engine defs: 12080300
12:13:14.792 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:13:14.795 Disk 0 Vendor: WDC_WD3200AAJS-00B4A0 01.03A01 Size: 305245MB BusType: 3
12:13:14.811 Disk 0 MBR read successfully
12:13:14.814 Disk 0 MBR scan
12:13:14.818 Disk 0 unknown MBR code
12:13:14.821 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
12:13:14.838 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 116076 MB offset 30734336
12:13:14.859 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 174161 MB offset 268457984
12:13:14.866 Disk 0 scanning sectors +625139712
12:13:14.932 Disk 0 scanning C:\Windows\system32\drivers
12:13:26.335 Service scanning
12:13:42.530 Modules scanning
12:13:47.577 Disk 0 trace - called modules:
12:13:47.591 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8409b1e8]<<
12:13:47.592 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ad0030]
12:13:47.592 3 CLASSPNP.SYS[877a28b3] -> nt!IofCallDriver -> [0x84ad7918]
12:13:47.593 5 acpi.sys[807246bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84aae5e0]
12:13:47.593 \Driver\atapi[0x83c7a960] -> IRP_MJ_CREATE -> 0x8409b1e8
12:13:48.289 AVAST engine scan C:\Windows
12:13:51.321 AVAST engine scan C:\Windows\system32
12:16:30.874 AVAST engine scan C:\Windows\system32\drivers
12:16:42.456 AVAST engine scan C:\Users\Outlaw
12:25:33.518 AVAST engine scan C:\ProgramData
12:27:18.550 Scan finished successfully
12:28:59.841 Disk 0 MBR has been saved successfully to "C:\Users\Outlaw\Documents\MBR.dat"
12:28:59.847 The log file has been saved successfully to "C:\Users\Outlaw\Documents\aswMBR.txt"
  • 0

Advertisements


#17
Emma Grace

Emma Grace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
updated

also note: when I search for file "mbr.dat" it only comes back as "OTL.txt" and "aswMBR.txt" So I'm not sure if this is the log you are looking for.




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-02 23:46:58
-----------------------------
23:46:58.313 OS Version: Windows 6.0.6002 Service Pack 2
23:46:58.313 Number of processors: 2 586 0x6B02
23:46:58.314 ComputerName: OUTLAW-PC UserName: Outlaw
23:47:16.315 Initialize success
23:47:17.181 AVAST engine defs: 12080201
23:47:35.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:47:35.860 Disk 0 Vendor: WDC_WD3200AAJS-00B4A0 01.03A01 Size: 305245MB BusType: 3
23:47:35.878 Disk 0 MBR read successfully
23:47:35.882 Disk 0 MBR scan
23:47:35.887 Disk 0 unknown MBR code
23:47:35.891 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
23:47:35.905 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 116076 MB offset 30734336
23:47:35.926 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 174161 MB offset 268457984
23:47:35.933 Disk 0 scanning sectors +625139712
23:47:36.025 Disk 0 scanning C:\Windows\system32\drivers
23:47:47.025 Service scanning
23:48:05.914 Modules scanning
23:48:17.993 Disk 0 trace - called modules:
23:48:18.017 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8408e1e8]<<
23:48:18.023 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ad0240]
23:48:18.029 3 CLASSPNP.SYS[877a98b3] -> nt!IofCallDriver -> [0x84ad7918]
23:48:18.035 5 acpi.sys[8072b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ab2770]
23:48:18.042 \Driver\atapi[0x83c7a960] -> IRP_MJ_CREATE -> 0x8408e1e8
23:48:19.289 AVAST engine scan C:\Windows
23:48:28.655 AVAST engine scan C:\Windows\system32
23:53:24.053 AVAST engine scan C:\Windows\system32\drivers
23:53:38.411 AVAST engine scan C:\Users\Outlaw
00:05:34.595 AVAST engine scan C:\ProgramData
00:07:54.646 Scan finished successfully
01:10:37.595 Disk 0 MBR has been saved successfully to "C:\Users\Outlaw\Documents\MBR.dat"
01:10:37.615 The log file has been saved successfully to "C:\Users\Outlaw\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-03 12:13:11
-----------------------------
12:13:11.673 OS Version: Windows 6.0.6002 Service Pack 2
12:13:11.673 Number of processors: 2 586 0x6B02
12:13:11.675 ComputerName: OUTLAW-PC UserName: Outlaw
12:13:12.581 Initialize success
12:13:12.669 AVAST engine defs: 12080300
12:13:14.792 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:13:14.795 Disk 0 Vendor: WDC_WD3200AAJS-00B4A0 01.03A01 Size: 305245MB BusType: 3
12:13:14.811 Disk 0 MBR read successfully
12:13:14.814 Disk 0 MBR scan
12:13:14.818 Disk 0 unknown MBR code
12:13:14.821 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
12:13:14.838 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 116076 MB offset 30734336
12:13:14.859 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 174161 MB offset 268457984
12:13:14.866 Disk 0 scanning sectors +625139712
12:13:14.932 Disk 0 scanning C:\Windows\system32\drivers
12:13:26.335 Service scanning
12:13:42.530 Modules scanning
12:13:47.577 Disk 0 trace - called modules:
12:13:47.591 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8409b1e8]<<
12:13:47.592 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ad0030]
12:13:47.592 3 CLASSPNP.SYS[877a28b3] -> nt!IofCallDriver -> [0x84ad7918]
12:13:47.593 5 acpi.sys[807246bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84aae5e0]
12:13:47.593 \Driver\atapi[0x83c7a960] -> IRP_MJ_CREATE -> 0x8409b1e8
12:13:48.289 AVAST engine scan C:\Windows
12:13:51.321 AVAST engine scan C:\Windows\system32
12:16:30.874 AVAST engine scan C:\Windows\system32\drivers
12:16:42.456 AVAST engine scan C:\Users\Outlaw
12:25:33.518 AVAST engine scan C:\ProgramData
12:27:18.550 Scan finished successfully
12:28:59.841 Disk 0 MBR has been saved successfully to "C:\Users\Outlaw\Documents\MBR.dat"
12:28:59.847 The log file has been saved successfully to "C:\Users\Outlaw\Documents\aswMBR.txt"
  • 0

#18
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
The file is here:

C:\Users\Outlaw\Documents\MBR.dat

Please attach it to your next post.
  • 0

#19
Emma Grace

Emma Grace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
thanks

Attached Files

  • Attached File  MBR.dat   512bytes   28 downloads

  • 0

#20
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


Step 2.


Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 3.


Please post:

adwCleaner log
mbam log



Also please give me an update on how the computer is running.
  • 0

#21
Emma Grace

Emma Grace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
# AdwCleaner v1.800 - Logfile created 08/06/2012 at 07:59:58
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Outlaw - OUTLAW-PC
# Running from : C:\Users\Outlaw\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\Outlaw\AppData\Roaming\Mozilla\Firefox\Profiles\xkvslzcz.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Outlaw\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "path": "C:\\Users\\Outlaw\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

-\\ Opera v [Unable to get version]

File : C:\Users\Outlaw\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [33019 octets] - [02/08/2012 23:27:13]
AdwCleaner[S2].txt - [1603 octets] - [03/08/2012 11:59:25]
AdwCleaner[S3].txt - [1320 octets] - [06/08/2012 07:59:58]

########## EOF - C:\AdwCleaner[S3].txt - [1448 octets] ##########
  • 0

#22
Emma Grace

Emma Grace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Still had some lagging and the OTL program stopped responding several times (before this last round of instructions)


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Outlaw :: OUTLAW-PC [administrator]

8/6/2012 8:08:30 AM
mbam-log-2012-08-06 (08-08-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212634
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Outlaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.

(end)

Edited by Emma Grace, 06 August 2012 - 07:37 AM.

  • 0

#23
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.
  • 0

#24
Emma Grace

Emma Grace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Outlaw [Admin rights]
Mode: Scan -- Date: 08/06/2012 09:37:14

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Outlaw\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1661878680-1354857675-3093604309-1000[...]\Run : cdloader ("C:\Users\Outlaw\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-00B4A0 ATA Device +++++
--- User ---
[MBR] 90a6de7967bc0d43dbe88cc9c97fc4bf
[BSP] afdcb56475e68652421fa588edadccef : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 15005 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30734336 | Size: 116076 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268457984 | Size: 174161 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#25
Emma Grace

Emma Grace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Outlaw [Admin rights]
Mode: Remove -- Date: 08/06/2012 09:37:59

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Outlaw\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-00B4A0 ATA Device +++++
--- User ---
[MBR] 90a6de7967bc0d43dbe88cc9c97fc4bf
[BSP] afdcb56475e68652421fa588edadccef : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 15005 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30734336 | Size: 116076 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268457984 | Size: 174161 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

Advertisements


#26
Emma Grace

Emma Grace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Outlaw [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/06/2012 09:40:18

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 2 / Fail 0
User folder: Success 99 / Fail 0
My documents: Success 7 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 801 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#27
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.


  • Open MalwareBytes' and click the Update tab and click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program is updated, click the Scanner tab, and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0

#28
Emma Grace

Emma Grace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Outlaw :: OUTLAW-PC [administrator]

8/6/2012 2:00:43 PM
mbam-log-2012-08-06 (14-00-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212582
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#29
Emma Grace

Emma Grace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e2f7c438c7e51549a7034de3465afcf0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-06 09:37:19
# local_time=2012-08-06 04:37:19 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 10030283 10030283 0 0
# compatibility_mode=5892 16776573 100 100 0 180890012 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=225064
# found=2
# cleaned=2
# scan_time=6554
C:\Users\Outlaw\Downloads\DAEMONToolsPro510-0333 (1).exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Outlaw\Downloads\DAEMONToolsPro510-0333.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#30
Emma Grace

Emma Grace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.0.1.152
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP