Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

~*~Mixed Bag of Problems~*~

This is a discussion on ~*~Mixed Bag of Problems~*~ within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi, everyone! I have had a lot of problems with my computer lately and I'm hoping someone would be able


Closed Thread
 
Thread Tools Search this Thread
Old 06-19-2012, 01:03 AM   #1
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7


Red Faced

Hi, everyone! I have had a lot of problems with my computer lately and I'm hoping someone would be able to help me out. The most pressing issue right now is that my e-mail is sending out Spam links when I'm not even on my computer. The first time it happened, I changed my password, but tonight the e-mails were sent out again.

Secondly, my computer cannot install Windows updates. I had previously posted about this problem and was told to post it here. I did, but no one responded. Since I'm posting about the e-mails, I figured I would post about this, also.

I also have a problem where my laptop's battery will not charge. I've tried another charger and it worked for a very short while and then stopped. I only began having this problem when I had malware/virus issues earlier. Is there any way to fix this?

When I first ran .DDS, my computer gave me a blue screen. Upon restart, it scanned fine. The results are pasted below.

The first time I ran GMER, the program froze and shut down. I ran it with minimal check marks as suggested and it ran fine.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Maria Tabitha at 1:04:44 on 2012-06-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1911.970 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: convergysworkathome.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{07FA0DAF-E116-4E80-9FCA-B238BDB81DF7} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{07FA0DAF-E116-4E80-9FCA-B238BDB81DF7}\34F6D6D616E6465627D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\maria tabitha\appdata\roaming\mozilla\firefox\profiles\tl76ao4b.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2010-11-18 17648]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-10 490840]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-9-25 81920]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-1-11 439632]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-6-3 1664304]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-11-18 43888]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-4-3 29472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-11-18 146528]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-25 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-9-25 232960]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-11 654408]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-11-18 2320920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-11-18 134144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-10 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-9-25 171520]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-31 1343400]
.
=============== Created Last 30 ================
.
2012-06-19 07:04:29 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-06-19 07:04:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-06-19 07:04:29 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-06-19 07:04:29 117728 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-06-19 07:04:28 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-06-19 07:04:25 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-19 07:04:25 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-16 20:08:54 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dfe4ddc4-fe86-4ec7-912a-a5c4a84a24ff}\mpengine.dll
2012-06-11 02:04:03 -------- d-----w- c:\programdata\PC Optimizer Pro
2012-06-11 01:58:29 -------- d-----w- c:\users\maria tabitha\appdata\local\Ilivid Player
2012-06-11 01:56:45 -------- d-----w- c:\program files\Searchqu Toolbar
2012-06-11 01:47:20 -------- d-----w- c:\users\maria tabitha\appdata\local\Google
.
==================== Find3M ====================
.
2012-04-04 21:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 23:28:26 52224 ----a-w- c:\windows\system32\wltrynt.dll
2012-04-03 23:28:26 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2012-04-03 23:28:26 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2012-04-03 23:28:25 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-04-03 23:28:22 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-04-03 23:28:22 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-04-03 23:28:22 4517888 ----a-w- c:\windows\system32\bcmttls.dll
2012-04-03 23:28:22 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-04-03 23:28:22 1032192 ----a-w- c:\windows\system32\BCMLogon.dll
2012-04-03 17:22:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 17:22:29 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 126.15 ===============
Attached Files
File Type: zip Attach.zip (4.4 KB, 64 views)
TabbyCat725 is offline  
Sponsored Links
Advertisement
 
Old 06-21-2012, 10:15 PM   #2
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



Bump me up, up, up, please!
TabbyCat725 is offline  
Old 06-21-2012, 10:26 PM   #3
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hi TabbyCat,

I do see several problems here and I'm sorry your previous thread had been overlooked.

Please download Farbar Service Scanner and run it on the computer with the issue
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Sponsored Links
Advertisement
 
Old 06-21-2012, 10:30 PM   #4
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



Hi, Ried! Thank you so much for responding so quickly!

I just ran Farbar Service Scanner (it was super fast!!) and here's what it says:


Farbar Service Scanner Version: 19-06-2012 01
Ran by Maria Tabitha (administrator) on 21-06-2012 at 23:28:34
Running from "C:\Users\Maria Tabitha\Downloads"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 05:04] - [2011-09-29 09:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-06-13 17:18] - [2011-03-02 23:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 17:53] - [2009-07-13 19:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 17:54] - [2009-07-13 19:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 17:23] - [2009-07-13 19:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 17:24] - [2009-07-13 19:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-06-13 17:15] - [2010-12-20 23:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 18:15] - [2009-07-13 19:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 17:30] - [2009-07-13 19:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
TabbyCat725 is offline  
Old 06-21-2012, 10:34 PM   #5
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome.

I just finished reading through the first thread you had and sorry, I need for you to do one more thing before we proceed. (This won't take very long either)

Download SystemLook from one of the links below and save it to your desktop.

Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:
    :filefind
    netbt.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-21-2012, 10:47 PM   #6
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



I just ran it and here's what it says:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:44 on 21/06/2012 by Maria Tabitha
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"
No files found.

-= EOF =-
TabbyCat725 is offline  
Old 06-21-2012, 10:54 PM   #7
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



That's what I was afraid of.

Do you have the Windows 7 install disc?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-21-2012, 11:00 PM   #8
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



Uh oh. This does not look like good news. lol

Yes, I have the install disc.
TabbyCat725 is offline  
Old 06-21-2012, 11:11 PM   #9
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



No need to worry just yet.

netbt.sys is a critical Windows file and as you can see, it's missing on your machine. The NetBT service needs that driver file in order to function. I'm hoping to find a way to copy the file from your install disc, but I need to test it out myself first. :)

It's very late here and I need some sleep. We'll pick up where we left off, tomorrow.

In the meantime, change your password for your email to stop the spam. Make sure you give it a strong password.

Another thing I'd like for you to do while you're waiting for me, is to run an online scan to search for any remnants that may be lurking. Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked

  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-21-2012, 11:25 PM   #10
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



How would netbt.sys be missing if it's critical? Oooh, unless the virus that I had previously could somehow infect it and remove it, maybe?

I changed my password again. I tend to keep them very difficult using caps, numbers, and signs, so I'm not sure how I could get hacked. So far it hasn't sent anything out since. I was actually wondering if a System Restore would remove whatever could be on my computer to give it access to hack?

It's late here, too, so I'll either scan tonight or tomorrow. Thank you so so so much for your help! I appreciate it immensely! Sleep tight!!
TabbyCat725 is offline  
Old 06-21-2012, 11:56 PM   #11
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



While waiting for the scan to finish, I remembered that I'm still having the "Genuine Microsoft" pop up that you probably saw mentioned in my previous thread. Whenever I've attempted to install it, it doesn't work. We can add that to the list of problems. lol
TabbyCat725 is offline  
Old 06-22-2012, 01:37 AM   #12
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



The scan just finished. It says there were no infected files that were found, but some were automatically put into quarantine:

C:\Users\Maria Tabitha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\26ac7ea2-41e4d43f

C:\Users\Maria Tabitha\Downloads\asc-setup.exe

C:\Windows\System32\drivers\netbt.sys

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603... (I couldn't get it to extend the screen far enough to see the end of that one and there was no way to export these to a text file).

It says I can delete the quarantined files or restore them, so I'll just leave the window up until you respond.

Have a great day!!
TabbyCat725 is offline  
Old 06-22-2012, 05:52 AM   #13
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Quote:
C:\Windows\System32\drivers\netbt.sys

That's the file we need!

Restore that file.

After you've restored the file, download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-22-2012, 12:25 PM   #14
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



I restored the file, but I'm running into a problem with ComboFix. I've had it previously on my computer, but I thought I had deleted it. When I run ComboFix now, it gives me a log from when I used it before. Do I need to completely remove it and try again? If so, how do I uninstall it?
TabbyCat725 is offline  
Old 06-22-2012, 05:15 PM   #15
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Everytime you run ComboFix, the current run will be located at C:\ComboFix.txt. Previous runs get renamed and moved elsewhere.

If you ran ComboFix just now, still go ahead and post the C:\ComboFix.txt for me.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-22-2012, 06:54 PM   #16
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



I ran it and I'll post the log below. I don't think it's running properly. When I used it previously, it would scan on a blue screen, but when I double click it, it just acts like it's downloading something. A screen pops up and says it's backing up the registry. There's never an actual scan.

ComboFix 12-02-11.03 - Maria Tabitha 02/11/2012 17:18:13.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1911.1177 [GMT -7:00]
Running from: c:\users\Maria Tabitha\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB51465$
c:\windows\$NtUninstallKB51465$\1039332603\@
c:\windows\$NtUninstallKB51465$\1039332603\bckfg.tmp
c:\windows\$NtUninstallKB51465$\1039332603\cfg.ini
c:\windows\$NtUninstallKB51465$\1039332603\Desktop.ini
c:\windows\$NtUninstallKB51465$\1039332603\keywords
c:\windows\$NtUninstallKB51465$\1039332603\kwrd.dll
c:\windows\$NtUninstallKB51465$\1039332603\L\xadqgnnk
c:\windows\$NtUninstallKB51465$\1039332603\lsflt7.ver
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\3632772180
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 00:36 . 2012-02-12 00:39 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\temp
2012-02-12 00:36 . 2012-02-12 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 20:43 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16F0C64F-97B8-4922-9C93-92953242D415}\gapaengine.dll
2012-02-11 20:42 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25D8472A-F7AA-45BA-B1CD-BB3CF84D4E02}\mpengine.dll
2012-02-09 00:24 . 2012-02-09 01:34 -------- d-----w- C:\FRST
2012-02-03 05:47 . 2012-02-03 05:47 -------- d-----w- C:\_OTL
2012-02-02 07:25 . 2012-02-02 07:25 -------- d-----w- c:\users\Maria Tabitha\AppData\Roaming\Apple Computer
2012-01-26 10:37 . 2012-01-26 10:37 -------- d-----w- c:\programdata\Apple Computer
2012-01-26 10:33 . 2012-01-26 10:33 -------- d-----w- c:\program files\Common Files\Apple
2012-01-26 10:31 . 2012-01-26 10:31 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Apple
2012-01-26 10:31 . 2012-01-26 10:31 -------- d-----w- c:\program files\Apple Software Update
2012-01-26 10:31 . 2012-01-26 10:31 -------- d-----w- c:\programdata\Apple
2012-01-24 18:06 . 2011-10-05 00:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-11 23:05 . 2012-01-11 23:05 388096 ----a-r- c:\users\Maria Tabitha\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-11 03:12 . 2012-01-11 03:12 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-11 03:12 . 2012-01-11 03:12 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 03:12 . 2012-01-11 03:12 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-11 03:12 . 2012-01-11 03:12 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-11 03:12 . 2012-01-11 03:12 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 03:12 . 2012-01-11 03:12 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 03:12 . 2012-01-11 03:12 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 03:12 . 2012-01-11 03:12 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-11 03:12 . 2012-01-11 03:12 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-11 03:12 . 2012-01-11 03:12 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-06 04:19 . 2012-01-12 02:37 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-13 22:56 . 2011-12-13 22:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-13 22:56 . 2011-12-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-13 12:07 . 2011-07-30 06:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 22:24 . 2012-01-11 02:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:23 . 2011-12-14 19:45 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 02:43 . 2012-01-11 23:30 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 02:42 . 2012-01-11 23:20 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-23 02:41 . 2012-01-11 23:31 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2011-11-23 02:38 . 2012-01-11 23:32 105792 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-11-23 02:38 . 2012-01-11 23:32 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-23 01:20 . 2012-01-12 02:01 574424 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-11-23 01:20 . 2012-01-12 02:01 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-11-23 01:20 . 2012-01-12 02:01 54328 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-11-21 10:47 . 2012-01-06 23:40 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9A16CB8-D5B2-4913-AB87-806BD030B15A}\mpengine.dll
2011-11-19 14:06 . 2012-01-10 23:45 67072 ----a-w- c:\windows\system32\packager.dll
2011-11-17 05:41 . 2012-01-10 23:45 1288984 ----a-w- c:\windows\system32\ntdll.dll
2011-11-14 23:07 . 2012-01-11 23:37 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-14 23:07 . 2012-01-11 23:36 2246608 ----a-w- c:\windows\PCTBDCore.dll
2011-11-14 23:07 . 2012-01-11 23:36 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-14 23:06 . 2012-01-11 23:37 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-14 22:12 . 2012-01-11 23:21 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-14 22:12 . 2012-01-11 23:21 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-02-02 09:08 . 2012-01-07 01:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-11-18 5249024]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2011-11-23 2659256]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl6de5363f;MpKsl6de5363f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FD2E748-5113-4B27-922A-AFF331F0F9AE}\MpKsl6de5363f.sys [x]
R1 MpKsl9346043a;MpKsl9346043a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8CE9F11-07FD-4089-8F53-DF6FFA47CEFC}\MpKsl9346043a.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-11-23 35264]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-31 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-11-14 331880]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-10-08 341656]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-10-08 660992]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-07-09 17648]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-11-23 54328]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-11-23 574424]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2011-11-23 253096]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-11-23 185560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-11-14 546768]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [2011-11-23 402336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-07-09 43888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2011-09-28 56840]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2011-11-23 70536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: convergysworkathome.com\www
TCP: DhcpNameServer = 192.168.1.1 69.145.232.4 69.144.49.30
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Maria Tabitha\AppData\Roaming\Mozilla\Firefox\Profiles\tl76ao4b.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
SafeBoot-28303808.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4224)
c:\program files\PC Tools\PC Tools Security\pctgmhk.dll
c:\windows\System32\gameux.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\PC Tools\PC Tools Security\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-02-11 17:42:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 00:42
.
Pre-Run: 197,570,871,296 bytes free
Post-Run: 197,208,596,480 bytes free
.
- - End Of File - - FEF02E6FAB3F376D8DCFD87697090AEE
TabbyCat725 is offline  
Old 06-22-2012, 07:13 PM   #17
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You're right - this is the old log

Quote:
ComboFix 12-02-11.03 - Maria Tabitha 02/11/2012
I understand you had problems back in February, but I do need for you to download a fresh copy and properly disable the AV. Click the 'How to disable your Security Applications' link I've given you below, to find out how to disable AVG.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-23-2012, 07:38 PM   #18
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



I'm sorry my reply took so long! For some reason, I wasn't notified you had responded like I normally am.

How do I delete ComboFix? When I was first trying this when you suggested it, I put it in the recycle bin and downloaded it again, but still ended up with an old log.
TabbyCat725 is offline  
Old 06-23-2012, 08:26 PM   #19
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



If it's deleted, then that's all that needs to be done with it.

As long as ComboFix completes its run, a new log will be created at C:\Combofix.txt

Try again to run it. If you run into any problems, let me know. If not, post the contents of the log it produces.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-24-2012, 10:18 AM   #20
Registered Member
 
Join Date: Jan 2012
Location: Colorado
Posts: 148
OS: Windows 7



I think I have found the problem, but I don't know how to solve it. I realized I was just deleting the desktop shortcut. ComboFix downloaded originally in the OS (C:) drive folder area. I found it there after deleting the file that was on my desktop, but when I attempt to delete it, I receive a pop up that says, "The action can't be completed because the folder or a file in it is open in another program. Close the folder or file and try again."

I don't see it open anywhere so I'm not sure how to close it out so I can delete it.
TabbyCat725 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Laptop bag size
I couldn't find anywhere else to ask this than here in the laptop section. So here i go. I am going to buy myself a laptop and a laptop bag, i stand between two laptops so far: Toshiba Satellite C660-14X 15.6" HD Have 38.1 cm width, 25.4 cm depth, 3.6 cm height Toshiba Satellite L650D-155...
Strauts Laptop Support 2 08-01-2011 10:50 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:44 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts