Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer will not allow me to DL OTL [Closed]


  • This topic is locked This topic is locked

#1
Browneyedgirl79

Browneyedgirl79

    Member

  • Member
  • PipPipPip
  • 120 posts
This computer will not allow me to DL the OTL needed to post my file. Can anyone tell me what I would need to do to get it DLed?

When I click my ctrl alt del it is showing me that I have many things running but I don't.

Error says
The publisher of OTL_exe(1) couldn't be verified.

Edited by Browneyedgirl79, 06 January 2013 - 05:21 PM.

  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi and welcome back to Geeks to Go. :)

Could you inform myself which exact Operating System is in use please and also what makes you think your machine may be infected with malware/any particular symptoms etc ?
  • 0

#3
Browneyedgirl79

Browneyedgirl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Hi and thank you for the reply.

The OS is windows 7 (toshiba satellite laptop)

The virus protector that was on there said 27 threats found and I can hear advertisements and things
Talking but nothings on my screen. If I press control alt del and look under process it shows about 8 things open but won't allow me to "end process"

Thanks in advance.
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

thank you for the reply

You're welcome and thank you for the clarification also!

Lets proceed as follows shall we....please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Scan with DDS:

Please download DDS and save it to your desktop from here.

Alternate downloads are here or here.

  • Disable any script blocker, and then double click on DDS to run the tool.
  • When done, DDS will open two logs:
  • DDS.txt <-- Will be opened
  • Attach.txt <-- Will be minimized
  • Both logs will also be on your desktop.
  • Please post the contents of these two Notepad files in your next reply.
Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate downloads are here or here.

  • Quit all running programs.
  • Double-click on RogueKiller.exe to start the application.
  • Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
  • Now click on the Scan tab back in the RogueKiller main window.
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com
  • Please post the contents of the RKreport.txt in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Both DDS logs. <-- Post them individually please, IE: one Log per post/reply.
  • RogueKiller Log.

  • 0

#5
Browneyedgirl79

Browneyedgirl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
How is you computer performing now, any further symptoms and or problems encountered?

When I go to ctrl alt del I can still see that it says I have things running that I don't. Why would it do this? I can ever hear talking like an advertisement. Makes my CPU usage run high as well.





DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by KathyJo at 19:04:14 on 2013-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2379 [GMT -5:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Users\KathyJo\AppData\Roaming\comsrvr.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\$Recycle.Bin\S-1-5-18\$56e02f73c73e341c1909583710acfd43\U
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uDefault_Page_URL = hxxp://start.toshiba.com
mStart Page = hxxp://www.yahoo.com/?ilc=8
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
uProxyOverride = <local>
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [InboxToolbar] "C:\PROGRA~2\INBOXT~1\Inbox.exe" /STARTUP
uRun: [COMServer] "C:\Users\KathyJo\AppData\Roaming\comsrvr.exe" a
uRun: [TOSHIBA] rundll32 "C:\Users\KathyJo\AppData\Local\VirtualStore\TOSHIBA\otkexjn.dll",DllRegisterServerW
uRun: [fingperf] rundll32 "C:\Users\KathyJo\AppData\Local\Temp\ctfmtend.dll",CreateProcessNotify
uRun: [chariles] rundll32 "C:\Users\KathyJo\AppData\Local\Temp\ctfmtend64.dll",CreateProcessNotify
uRun: [ldhls] rundll32.exe "C:\Users\KathyJo\AppData\Roaming\ldhls.dll",AStatus
uRun: [dping] "C:\windows\System32\rundll32.exe" "C:\Users\KathyJo\AppData\Roaming\dping.dll",Method_Self
uRun: [mdmgf] "C:\windows\System32\rundll32.exe" "C:\Users\KathyJo\AppData\Roaming\mdmgf.dll",set_tIME
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D4C2D12B-CF18-4E66-B9FA-6A9A76D39313} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D4C2D12B-CF18-4E66-B9FA-6A9A76D39313}\E4544574541425 : DHCPNameServer = 10.0.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-10-2 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-10-2 1129120]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120926.001\IDSviA64.sys [2012-9-26 513184]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\0604000.009\symnets.sys [2012-10-2 405624]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe [2012-10-2 138272]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-12-4 132056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-1-5 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-5 2656280]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-1-5 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-1-5 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-1-5 1109096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-1-5 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120]
S1 ccSet_N360;Norton 360 Settings Manager;C:\windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-10-2 167072]
S1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-10-2 190072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-1-5 243712]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-06 02:24:35 -------- d-----w- C:\ProgramData\C889C3A01449A29C0000C888FB1DA92C
2013-01-06 02:24:30 315392 ----a-w- C:\Users\KathyJo\AppData\Roaming\mdmgf.dll
2013-01-06 02:24:06 545792 ----a-w- C:\Users\KathyJo\AppData\Roaming\dping.dll
2013-01-06 02:23:16 171008 ----a-w- C:\Users\KathyJo\AppData\Roaming\ldhls.dll
2012-12-25 15:30:42 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B197FC67-A770-4808-B723-E462974CCB63}\mpengine.dll
2012-12-21 12:22:37 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-21 12:22:37 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-21 12:22:37 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-21 12:22:36 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-11 23:51:37 2048 ----a-w- C:\windows\SysWow64\tzres.dll
.
==================== Find3M ====================
.
2012-12-28 00:40:15 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-28 00:40:15 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-10-28 01:07:05 14336 ----a-w- C:\Users\KathyJo\AppData\Roaming\comsrvr.exe
2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
.
============= FINISH: 19:05:11.77 ===============

Edited by Browneyedgirl79, 07 January 2013 - 06:19 PM.

  • 0

#6
Browneyedgirl79

Browneyedgirl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/15/2012 2:11:07 PM
System Uptime: 1/7/2013 6:58:37 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Pentium® CPU B960 @ 2.20GHz | CPU | 792/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 237.843 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: BHDrvx64
Device ID: ROOT\LEGACY_BHDRVX64\0000
Manufacturer:
Name: BHDrvx64
PNP Device ID: ROOT\LEGACY_BHDRVX64\0000
Service: BHDrvx64
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Norton 360 Settings Manager
Device ID: ROOT\LEGACY_CCSET_N360\0000
Manufacturer:
Name: Norton 360 Settings Manager
PNP Device ID: ROOT\LEGACY_CCSET_N360\0000
Service: ccSet_N360
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Iron Driver
Device ID: ROOT\LEGACY_SYMIRON\0000
Manufacturer:
Name: Symantec Iron Driver
PNP Device ID: ROOT\LEGACY_SYMIRON\0000
Service: SymIRON
.
==== System Restore Points ===================
.
RP68: 11/30/2012 9:59:22 AM - Windows Modules Installer
RP69: 11/30/2012 11:23:10 AM - Windows Update
RP71: 12/1/2012 9:45:24 AM - Windows Modules Installer
RP72: 12/4/2012 7:33:05 AM - Windows Update
RP74: 12/11/2012 6:51:05 PM - Windows Update
RP75: 12/12/2012 9:54:51 AM - Windows Update
RP77: 12/12/2012 3:12:36 PM - Windows Defender Checkpoint
RP79: 12/14/2012 11:06:54 PM - Windows Defender Checkpoint
RP80: 12/18/2012 3:27:46 PM - Windows Update
RP82: 12/21/2012 7:22:18 AM - Windows Modules Installer
RP84: 12/22/2012 9:55:53 AM - Windows Defender Checkpoint
RP85: 12/25/2012 10:30:18 AM - Windows Update
RP86: 1/2/2013 8:12:46 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Amazon Links
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 3
Conexant HD Audio
D3DX10
FATE - The Traitor Soul
Google Chrome
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 25
Junk Mail filter update
[email protected] 1.0
Letters from Nowhere 2
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Norton 360
Norton PC Checkup
PC Power Speed 1.0.0.24
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RollerCoaster Tycoon 3: Platinum
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Skype Launcher
Synaptics Pointing Device Driver
Tales of Lagoona
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
1/7/2013 6:58:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 SymIRON
1/7/2013 6:58:53 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/7/2013 6:58:52 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
1/7/2013 6:58:52 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/7/2013 6:58:52 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/7/2013 6:57:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/7/2013 6:56:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
1/7/2013 6:55:07 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 6:55:07 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 6:55:07 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2013 6:55:07 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2013 6:55:07 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 6:55:07 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2013 6:55:07 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2013 6:55:07 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 6:55:07 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2013 6:55:07 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2013 9:28:46 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error: "5" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1/6/2013 2:31:13 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
1/6/2013 2:18:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
1/6/2013 2:18:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
1/3/2013 5:27:45 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
1/3/2013 5:27:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
1/1/2013 10:34:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
  • 0

#7
Browneyedgirl79

Browneyedgirl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
I ran this roguekiller and posted here for you, however I did not click any of the actions on the side such as delete or fix. Did I need to?


RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KathyJo [Admin rights]
Mode : Scan -- Date : 01/07/2013 19:12:00

¤¤¤ Bad processes : 10 ¤¤¤
[SUSP PATH] comsrvr.exe -- C:\Users\KathyJo\AppData\Roaming\comsrvr.exe -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\KathyJo\AppData\Local\VirtualStore\TOSHIBA\otkexjn.dll -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\KathyJo\AppData\Local\VirtualStore\TOSHIBA\otkexjn.dll -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\KathyJo\AppData\Roaming\ldhls.dll -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\KathyJo\AppData\Roaming\dping.dll -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\KathyJo\AppData\Roaming\ldhls.dll -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\KathyJo\AppData\Roaming\mdmgf.dll -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\KathyJo\AppData\Roaming\dping.dll -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\KathyJo\AppData\Roaming\mdmgf.dll -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 19 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : COMServer ("C:\Users\KathyJo\AppData\Roaming\comsrvr.exe" a) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : TOSHIBA (rundll32 "C:\Users\KathyJo\AppData\Local\VirtualStore\TOSHIBA\otkexjn.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : fingperf (rundll32 "C:\Users\KathyJo\AppData\Local\Temp\ctfmtend.dll",CreateProcessNotify) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : chariles (rundll32 "C:\Users\KathyJo\AppData\Local\Temp\ctfmtend64.dll",CreateProcessNotify) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : ldhls (rundll32.exe "C:\Users\KathyJo\AppData\Roaming\ldhls.dll",AStatus) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : dping ("C:\Windows\System32\rundll32.exe" "C:\Users\KathyJo\AppData\Roaming\dping.dll",Method_Self) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : mdmgf ("C:\Windows\System32\rundll32.exe" "C:\Users\KathyJo\AppData\Roaming\mdmgf.dll",set_tIME) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1537241598-2099410523-1389680630-1000[...]\Run : COMServer ("C:\Users\KathyJo\AppData\Roaming\comsrvr.exe" a) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1537241598-2099410523-1389680630-1000[...]\Run : TOSHIBA (rundll32 "C:\Users\KathyJo\AppData\Local\VirtualStore\TOSHIBA\otkexjn.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1537241598-2099410523-1389680630-1000[...]\Run : fingperf (rundll32 "C:\Users\KathyJo\AppData\Local\Temp\ctfmtend.dll",CreateProcessNotify) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1537241598-2099410523-1389680630-1000[...]\Run : chariles (rundll32 "C:\Users\KathyJo\AppData\Local\Temp\ctfmtend64.dll",CreateProcessNotify) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1537241598-2099410523-1389680630-1000[...]\Run : ldhls (rundll32.exe "C:\Users\KathyJo\AppData\Roaming\ldhls.dll",AStatus) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1537241598-2099410523-1389680630-1000[...]\Run : dping ("C:\Windows\System32\rundll32.exe" "C:\Users\KathyJo\AppData\Roaming\dping.dll",Method_Self) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1537241598-2099410523-1389680630-1000[...]\Run : mdmgf ("C:\Windows\System32\rundll32.exe" "C:\Users\KathyJo\AppData\Roaming\mdmgf.dll",set_tIME) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1537241598-2099410523-1389680630-1000\$56e02f73c73e341c1909583710acfd43\n) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$56e02f73c73e341c1909583710acfd43\n) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$56e02f73c73e341c1909583710acfd43\n) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$56e02f73c73e341c1909583710acfd43\n --> FOUND
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-1537241598-2099410523-1389680630-1000\$56e02f73c73e341c1909583710acfd43\n --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$56e02f73c73e341c1909583710acfd43\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1537241598-2099410523-1389680630-1000\$56e02f73c73e341c1909583710acfd43\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$56e02f73c73e341c1909583710acfd43\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1537241598-2099410523-1389680630-1000\$56e02f73c73e341c1909583710acfd43\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$56e02f73c73e341c1909583710acfd43\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1537241598-2099410523-1389680630-1000\$56e02f73c73e341c1909583710acfd43\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3275GSX +++++
--- User ---
[MBR] c14a194e47a70f624d48fac8dd35e444
[BSP] 35cff5c93c53e5a466e70c6c8ff31d64 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289747 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596475904 | Size: 13997 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01072013_02d1912.txt >>
RKreport[1]_S_01072013_02d1912.txt

Edited by Browneyedgirl79, 07 January 2013 - 06:23 PM.

  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi,

I have bad news I'm afraid. :(

One or more of the identified infections is the extremely severe Zero Access Rootkit plus undoubtedly other comprising malware!

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine(anything I try may not be successful) but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
  • 0

#9
Browneyedgirl79

Browneyedgirl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Thanks for the help. I'll take it into a computer shop today.
  • 0

#10
Browneyedgirl79

Browneyedgirl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Do you think if I were to just reformat the computer it would be "safe" again?

Does this mean someone "has" hacked into the machine?
  • 0

#11
Browneyedgirl79

Browneyedgirl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
I'm sorry for making another post but I can't find edit a post from my phone. I just have another question. Could this virus get onto my other computers through my wifi (modem)

This laptop is my sisters and I was just trying to help her out. I'm going to have her take it to a comp repair shop.
  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Thanks for the help. I'll take it into a computer shop today.

You're welcome, actually no need to do so at it appears your sister's machine has what is known as a Recovery Partition which in turn can be invoked and which is defacto a reformat and reinstallation of the Windows Operating System. So basically once this has been done the machine will back to as it was the first time it was booted it up.

I will however need to know which exact modal of what appears to be a Toshiba machine so I can in turn provide the correct advice/instructions etc.

Do you think if I were to just reformat the computer it would be "safe" again?

Aye indeed it will be as no evidence the actual Recovery Partition is compromised.

Does this mean someone "has" hacked into the machine?

A distinct possibility given the identified malware.

I just have another question. Could this virus get onto my other computers through my wifi (modem)

No evidence of such and the actual TCPIP stack on the infected machine does not appear to be compromised, so unlikely the Modem/Router will be. Though for your peace of mind you could always reset it and apply a new admin password for example.
  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP