Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help with virus [Closed]


  • This topic is locked This topic is locked

#16
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • 0

Advertisements


#17
JonnRC

JonnRC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
It doesn't allow me to go onto that site to download, just like going on any antivirus or microsoft sites, managed to download it off other computer



MiniToolBox by Farbar Version: 25-11-2012
Ran by paul (administrator) on 21-12-2012 at 19:34:09
Running from "C:\Users\paul\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
Realtek 8185 Extensible 802.11b/g Wireless Device = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : paul-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek 8185 Extensible 802.11b/g Wireless Device #2
Physical Address. . . . . . . . . : 00-16-0A-1C-77-DD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 6C-F0-49-50-41-36
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::28af:109b:7503:194b%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 21 December 2012 17:56:28
Lease Expires . . . . . . . . . . : 22 December 2012 17:56:27
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 242020425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-BD-4A-F5-6C-F0-49-50-41-36
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-8F-FF-D9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::58f:ffd9(Preferred)
Link-local IPv6 Address . . . . . : fe80::7c14:7bd:d2f3:34b3%16(Preferred)
IPv4 Address. . . . . . . . . . . : 5.143.255.217(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : 21 December 2012 17:36:49
Lease Expires . . . . . . . . . . : 21 December 2012 19:37:56
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 310016402
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-BD-4A-F5-6C-F0-49-50-41-36
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{FF9D7809-B06E-42FB-B6E7-551B22AC0ADE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:243f:3282:a97f:6362(Preferred)
Link-local IPv6 Address . . . . . : fe80::243f:3282:a97f:6362%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{4BA9274C-22E9-4BFB-BBAE-25424E0C64B2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:802::100e
173.194.34.160
173.194.34.168
173.194.34.167
173.194.34.161
173.194.34.166
173.194.34.169
173.194.34.163
173.194.34.162
173.194.34.164
173.194.34.165
173.194.34.174


Pinging google.com [173.194.34.167] with 32 bytes of data:
Reply from 173.194.34.167: bytes=32 time=26ms TTL=52
Reply from 173.194.34.167: bytes=32 time=26ms TTL=52

Ping statistics for 173.194.34.167:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 26ms, Average = 26ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=271ms TTL=45
Reply from 98.139.183.24: bytes=32 time=207ms TTL=44

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 207ms, Maximum = 271ms, Average = 239ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
18...00 16 0a 1c 77 dd ......Realtek 8185 Extensible 802.11b/g Wireless Device #2
10...6c f0 49 50 41 36 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
16...7a 79 05 8f ff d9 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.143.255.217 9256
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 10
5.0.0.0 255.0.0.0 On-link 5.143.255.217 9256
5.143.255.217 255.255.255.255 On-link 5.143.255.217 9256
5.255.255.255 255.255.255.255 On-link 5.143.255.217 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.3 266
192.168.0.3 255.255.255.255 On-link 192.168.0.3 266
192.168.0.255 255.255.255.255 On-link 192.168.0.3 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.3 266
224.0.0.0 240.0.0.0 On-link 5.143.255.217 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.3 266
255.255.255.255 255.255.255.255 On-link 5.143.255.217 9256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fb:243f:3282:a97f:6362/128
On-link
16 276 2620:9b::/64 On-link
16 276 2620:9b::/96 On-link
16 276 2620:9b::58f:ffd9/128 On-link
10 266 fe80::/64 On-link
16 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::243f:3282:a97f:6362/128
On-link
10 266 fe80::28af:109b:7503:194b/128
On-link
16 276 fe80::7c14:7bd:d2f3:34b3/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 266 ff00::/8 On-link
16 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/21/2012 06:19:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.0.0.126, time stamp: 0xf36bac23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000200
Faulting process id: 0x175c
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (12/21/2012 06:18:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.0.0.126, time stamp: 0xf36bac23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000200
Faulting process id: 0x14c0
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (12/21/2012 06:18:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.0.0.126, time stamp: 0xf36bac23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000200
Faulting process id: 0xd28
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (12/21/2012 06:17:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.0.0.126, time stamp: 0xf36bac23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000200
Faulting process id: 0x1268
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (12/21/2012 06:17:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.0.0.126, time stamp: 0xf36bac23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000200
Faulting process id: 0x1310
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (12/21/2012 06:16:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.0.0.126, time stamp: 0xf36bac23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000200
Faulting process id: 0xf40
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (12/21/2012 06:08:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.0.0.126, time stamp: 0xf36bac23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000200
Faulting process id: 0x1354
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (12/21/2012 06:08:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 6.0.0.126, time stamp: 0xf36bac23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000200
Faulting process id: 0x10e8
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (12/21/2012 05:46:40 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/21/2012 09:23:14 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).


System errors:
=============
Error: (12/21/2012 05:47:05 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.2246.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/21/2012 05:39:38 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (12/21/2012 05:38:51 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Error: (12/21/2012 05:38:13 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1053

Error: (12/21/2012 05:38:11 PM) (Source: Service Control Manager) (User: )
Description: The Application Virtualization Client service failed to start due to the following error:
%%1053

Error: (12/21/2012 05:38:11 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.

Error: (12/21/2012 09:34:39 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/21/2012 09:34:18 AM) (Source: Application Popup) (User: )
Description: \??\C:\Gotcha22390G\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/21/2012 09:32:23 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/21/2012 09:23:14 AM) (Source: DCOM) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}


Microsoft Office Sessions:
=========================
Error: (12/21/2012 06:19:44 PM) (Source: Application Error)(User: )
Description: Skype.exe6.0.0.126f36bac23unknown0.0.0.000000000c000000500000200175c01cddfa7ba97e019C:\Program Files (x86)\Skype\Phone\Skype.exeunknownfe1c3b29-4b9a-11e2-825f-6cf049504136

Error: (12/21/2012 06:18:14 PM) (Source: Application Error)(User: )
Description: Skype.exe6.0.0.126f36bac23unknown0.0.0.000000000c00000050000020014c001cddfa787733cf4C:\Program Files (x86)\Skype\Phone\Skype.exeunknownc875508d-4b9a-11e2-825f-6cf049504136

Error: (12/21/2012 06:18:02 PM) (Source: Application Error)(User: )
Description: Skype.exe6.0.0.126f36bac23unknown0.0.0.000000000c000000500000200d2801cddfa78076f555C:\Program Files (x86)\Skype\Phone\Skype.exeunknownc14d3d59-4b9a-11e2-825f-6cf049504136

Error: (12/21/2012 06:17:29 PM) (Source: Application Error)(User: )
Description: Skype.exe6.0.0.126f36bac23unknown0.0.0.000000000c000000500000200126801cddfa76ccd40f0C:\Program Files (x86)\Skype\Phone\Skype.exeunknownadaeacae-4b9a-11e2-825f-6cf049504136

Error: (12/21/2012 06:17:16 PM) (Source: Application Error)(User: )
Description: Skype.exe6.0.0.126f36bac23unknown0.0.0.000000000c000000500000200131001cddfa764e66ed2C:\Program Files (x86)\Skype\Phone\Skype.exeunknowna5d0db62-4b9a-11e2-825f-6cf049504136

Error: (12/21/2012 06:16:59 PM) (Source: Application Error)(User: )
Description: Skype.exe6.0.0.126f36bac23unknown0.0.0.000000000c000000500000200f4001cddfa759384d5aC:\Program Files (x86)\Skype\Phone\Skype.exeunknown9b9d7895-4b9a-11e2-825f-6cf049504136

Error: (12/21/2012 06:08:29 PM) (Source: Application Error)(User: )
Description: Skype.exe6.0.0.126f36bac23unknown0.0.0.000000000c000000500000200135401cddfa62afae53dC:\Program Files (x86)\Skype\Phone\Skype.exeunknown6b816e42-4b99-11e2-825f-6cf049504136

Error: (12/21/2012 06:08:08 PM) (Source: Application Error)(User: )
Description: Skype.exe6.0.0.126f36bac23unknown0.0.0.000000000c00000050000020010e801cddfa61cfe1b8fC:\Program Files (x86)\Skype\Phone\Skype.exeunknown5f7e9b53-4b99-11e2-825f-6cf049504136

Error: (12/21/2012 05:46:40 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/21/2012 09:23:14 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c


CodeIntegrity Errors:
===================================
Date: 2012-12-21 09:34:18.080
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha22390G\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-21 09:34:18.049
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha22390G\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-21 04:32:05.719
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-21 04:32:05.680
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-21 04:32:05.640
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-21 04:32:05.601
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-20 23:09:11.834
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-20 23:09:11.796
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-20 23:09:11.759
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-20 23:09:11.721
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Gotcha\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.3.300.268)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
AMD Accelerated Video Transcoding (Version: 12.5.100.20928)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70928.1539)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
applicationupdater
ARMA 2
ARMA 2: Operation Arrowhead
µTorrent (Version: 2.2.1)
Bandisoft MPEG-1 Decoder
Baron Samedi's Submods Compilation V5.0
Battlefield 2™ (Version: 1.00.0000)
Battlefield 3™ (Version: 1.4.0.0)
Battleground Europe
BattlEye for OA Uninstall
BF3 Alpha Trial (Version: 1.0.0.0)
Bonjour (Version: 3.0.0.10)
Bugfixer for Baron Samedi's Submods Compilation V5.0
Button Manager (Version: 5.3.0.2)
Capsule (Version: 1.0.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0928.1532.26058)
Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058)
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (Version: 2012.0928.1532.26058)
ccc-utility64 (Version: 2012.0928.1532.26058)
CCC Help Chinese Standard (Version: 2012.0928.1531.26058)
CCC Help Chinese Traditional (Version: 2012.0928.1531.26058)
CCC Help Czech (Version: 2012.0928.1531.26058)
CCC Help Danish (Version: 2012.0928.1531.26058)
CCC Help Dutch (Version: 2012.0928.1531.26058)
CCC Help English (Version: 2012.0928.1531.26058)
CCC Help Finnish (Version: 2012.0928.1531.26058)
CCC Help French (Version: 2012.0928.1531.26058)
CCC Help German (Version: 2012.0928.1531.26058)
CCC Help Greek (Version: 2012.0928.1531.26058)
CCC Help Hungarian (Version: 2012.0928.1531.26058)
CCC Help Italian (Version: 2012.0928.1531.26058)
CCC Help Japanese (Version: 2012.0928.1531.26058)
CCC Help Korean (Version: 2012.0928.1531.26058)
CCC Help Norwegian (Version: 2012.0928.1531.26058)
CCC Help Polish (Version: 2012.0928.1531.26058)
CCC Help Portuguese (Version: 2012.0928.1531.26058)
CCC Help Russian (Version: 2012.0928.1531.26058)
CCC Help Spanish (Version: 2012.0928.1531.26058)
CCC Help Swedish (Version: 2012.0928.1531.26058)
CCC Help Thai (Version: 2012.0928.1531.26058)
CCC Help Turkish (Version: 2012.0928.1531.26058)
CCleaner (Version: 3.18)
Company of Heroes: Tales of Valor
CorsixTH 0.01 (Version: 0.01)
Counter-Strike: Global Offensive
Counter-Strike: Global Offensive - SDK
Creative Music Server (Version: 1.01)
Creative System Information (Version: 1.10)
Creative WaveStudio 7 (Version: 7.14)
DAEMON Tools Lite (Version: 4.40.2.0131)
Dawn Of Fantasy (Version: 1.0.0.0)
Dawn of War - Soulstorm (Version: 1.00.0000)
Desura (Version: 100.53)
Desura: No More Room in [bleep] (Version: Open Beta)
Deus Ex: Human Revolution
Diablo III (Version: 1.0.1.9558)
Dolby Digital Live Pack (Version: 3.03)
Dragon Age: Origins (Version: 1.04)
Dual-Core Optimizer (Version: 1.1.4.0169)
Dystopia
EA Installer (Version: 2.2.0.62)
EA Shared Game Component: Activation (Version: 2.2.0)
EA Shared Game Component: Activation (Version: 2.2.0.62)
Emergency 4 (Version: 1.02.001)
Empire of the Ants
Empire: Total War
ESET NOD32 Antivirus (Version: 5.0.95.0)
ESN Sonar (Version: 0.70.4)
Europe in Conflict 1.3 (Version: 1.3)
EVE Online (remove only)
F.lux
Fallen Earth (Version: 1.9)
Fallout 3 - Game of the Year Edition
Fallout 3 (Version: 1.00.0000)
Fallout Mod Manager 0.13.21
Fallout: New Vegas
Far Cry 3 (Version: 1.03)
Fort Zombie (Version: 1.0.7)
Fraps
FTL version 1.01 (Version: 1.01)
Game Cam 2.54.0.47 (Version: 2.54.0.47)
gamelauncher-ps2-live
GameRanger
GamersFirst LIVE!
Ghost Recon Online (Version: 1.26.1332.1)
Guild Wars 2
Hawken
Heroes & Generals (Version: 1.0.4.4)
HP Webcam Software Suite (Version: )
Impulse® (Version: 3.29)
iTunes (Version: 10.6.3.25)
Java 7 Update 10 (Version: 7.0.100)
Java Auto Updater (Version: 2.1.9.0)
League of Legends (Version: 1.02.0000)
Livestream Procaster (Version: 20.0.151)
LogMeIn Hamachi (Version: 2.1.0.210)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
ManiaPlanet
Mass Effect (Version: 1.2.20608.0)
Mass Effect 2 (Version: 1.2.1604.0)
Mass Effect™ 3 (Version: 1.04.0.0)
Medieval II Total War (Version: 1.03.000)
Medieval II Total War : Kingdoms : Americas (Version: 1.05.000)
Medieval II Total War : Kingdoms : Britannia (Version: 1.05.000)
Medieval II Total War : Kingdoms : Crusades (Version: 1.05.000)
Medieval II Total War : Kingdoms : Teutonic (Version: 1.05.000)
Mercenaries 2: World in Flames™ (Version: 2.0.1.0)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Home and Business 2010 - English (Version: 14.0.6114.5002)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Might & Magic Heroes VI (Version: 1.8)
Mount & Blade: With Fire and Sword
Mozilla Firefox (3.6.10) (Version: 3.6.10 (en-GB))
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
Mozilla Firefox 17.0.1 (x86 en-GB) (Version: 17.0.1)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble(PR edition) and Murmur(PR edition) (Version: 1.1.8)
Napoleon: Total War
Natural Selection 2
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.11.1111)
OpenAL
Origin (Version: 8.5.0.4554)
PC Connectivity Solution (Version: 8.15.0.0)
Pirate Galaxy (Version: 1000175.0.0.0)
PlanetSide 2
PlanetSide 2 Beta
PlanetSide: Aftershock (Version: 1.00.000)
Project Reality: ARMA2 (Version: v0.15 BETA)
ProtectDisc Driver, Version 11 (Version: 11.0.0.14)
PunkBuster Services (Version: 0.993)
PVSonyDll (Version: 1.00.0001)
QPAD MK-85
QuickTime (Version: 7.66.73.0)
Resident Evil 5
RIFT (Version: 1.0.0)
Rome - Total War™ (Version: 1.0)
Rome - Total War™ (Version: 1.2)
Rome Total War - patch 1.3 (Version: 1.3)
RuneScape Launcher 1.2.2 (Version: 1.2.2)
S.T.A.L.K.E.R. - Clear Sky (Version: 1.0010)
Silent Hunter 5 (Version: 1.2.0)
Sins of a Solar Empire - Trinity
Six Updater (Version: 2.09.7016)
Skype Click to Call (Version: 5.6.8442)
Skype™ 6.0 (Version: 6.0.126)
Sound Blaster Recon3D PCIe (Version: 1.00.22)
Sound Blaster Recon3D PCIe Extras (Version: 1.0)
Star Wars Battlefront II (Version: 1.0)
Star Wars Empire at War (Version: 1.0)
Star Wars Empire at War Forces of Corruption (Version: 1.0)
Star Wars Galactic Battlegrounds: Saga
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (Version: 1.00.0000)
Star Wars: The Old Republic (Version: 1.00)
StarCraft II (Version: 1.5.3.23260)
StarCraft II Beta (Version: 2.0.0.23925)
Starship Troopers
Station Launcher (Version: 1.01.9000)
Stronghold 3
Stronghold Kingdoms (Version: Stronghold Kingdoms (Installer v1.17))
SUPERAntiSpyware (Version: 4.40.1002)
System Requirements Lab
System Requirements Lab (Version: 4.1.72.0)
System Requirements Lab CYRI (Version: 4.4.26.0)
TeamSpeak 2 RC2 (Version: 2.0.32.60)
TeamSpeak 3 Client (Version: 3.0.8)
The American Revolution Mod
The Binding of Isaac
The Lord of the Rings: War in the North
THE SETTLERS - Rise of an Empire (Version: 1.00.0000)
The War Z version alpha (Version: alpha)
Third Age - Total War 2.0 (Part1of2)
Third Age - Total War 2.0 (Part2of2)
Third Age - Total War 3.0 (Part 1of2)
Third Age - Total War 3.0 (Part 2of2)
Thrustmaster Force Feedback Driver (Version: 1.FFD.2009)
TortoiseSVN 1.6.10.19898 (64 bit) (Version: 1.6.19898)
Total War: SHOGUN 2
Train Simulator 2013
Tt eSPORTS SHOCK Spin HD
Tt eSPORTS THERON (Version: 1.0.0)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Uplay (Version: 2.0)
Ustream Producer (Version: 1.0.0202)
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.11 (Version: 1.1.11)
War of the Roses
War Thunder Launcher 1.0.1.73
Warcraft III
Warhammer® 40,000®: Dawn of War® II – Retribution™ Beta
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR archiver
World in Conflict (Version: 1.0.0.0)
World of Tanks - Common Test
World of Tanks v.0.7.2
World of Warplanes
Xfire (remove only)
XSplit (Version: 1.1.1209.0601)
Zombie Panic Source

========================= Devices: ================================

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.


========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 8190.49 MB
Available physical RAM: 5887.48 MB
Total Pagefile: 16379.18 MB
Available Pagefile: 13868.19 MB
Total Virtual: 4095.88 MB
Available Virtual: 3939.66 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:141.77 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:465.76 GB) (Free:94.71 GB) NTFS

========================= Users: ========================================

User accounts for \\PAUL-PC

Administrator ASPNET Guest
paul

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

Edited by JonnRC, 21 December 2012 - 01:34 PM.

  • 0

#18
JonnRC

JonnRC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Bump, windows command processor pop up has stopped, but the other things are still there, IE is freezing more and the computer is slower asell.
  • 0

#19
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
1.Download Malwarebytes Anti-Rootkit from the link to the right. - http://www.malwareby.../products/mbar/
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
  • 0

#20
JonnRC

JonnRC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
All the problems i've had seem to have gone away after using MWB anti rootkit, will keep a look out to see if anything pops up in the next little while. Thanks alot for taking the time to help me out :)
  • 0

#21
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 29
Vuze
Vuze Remote Toolbar
Yontoo 1.10.02
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#22
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#23
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#24
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP