TechSpot

Corrupt file errors & computer reboots about every 15 minutes without warning

By Not2bashful
Oct 21, 2014
  1. Since 10-20-2014 my computer has been giving me error messages and then after 15-20 min it reboots without any warning. The error messages I keep getting state that certain files ( ehtray.exe, crashplantray.exe) are corrupt files. Then in the body of the error message it states on them all that the following file is the issue Roxio Shared\9.0\DLL Shared.

    I updated and ran malwarebytes and here is a copy of the application log. After seeing other peoples logs I don't think this is the right log but not finding anything else for today's date in this section. Can you tell me if I copied the wrong thing?
    Thanks.


    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Update, 10/21/2014 10:14:29 AM, SYSTEM, LASHLEYHOME, Manual, Rootkit Database, 2014.8.21.1, 2014.10.20.1,
    Update, 10/21/2014 10:14:42 AM, SYSTEM, LASHLEYHOME, Manual, Malware Database, 2014.9.8.10, 2014.10.21.6,
    Update, 10/21/2014 10:25:34 AM, SYSTEM, LASHLEYHOME, Manual, Malware Database, 2014.10.21.6, 2014.10.21.7,

    (end)
     
  2. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    After reading the instructions again. I see that it says to copy to clipboard the scan log. The only logs that show up in my application logs are update logs. There are no scan logs available. Is there another way to find the scan logs?
     
  3. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    The exact error message reads: The file or directory C;\Program Files\Common Files\Roxio Shared\ 9.0\DLLShared is corrupt and unreadable. Please run the chkdsk utility. I have ran the chkdsk utility and nothing ever changes after doing it. The body of the error message always states this same message but the top part always states another file is corrupt such as Crashplan Tray.exe- corrupt file or ehtray.exe - corrupt file.
     
  4. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    I reran Malwarebytes and before it closed I copied the scan file since it doesn't seem to show up in the history later. Here is it:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/21/2014
    Scan Time: 11:29:28 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.10.21.08
    Rootkit Database: v2014.10.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: Lashley Home

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 366769
    Time Elapsed: 41 min, 26 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 37
    PUP.Optional.Extutil.A, C:\Users\Lashley Home\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [df78fd1a0478d85e4088de284ab9da26],
    PUP.Optional.Managera.A, C:\Users\Lashley Home\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [b4a38a8d16666accd2f7ee18a3600af6],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\CacheIcons, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\AddedAppDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\DefualtImages, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\DetectedAppDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\EngineFirstTimeDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\NewSearchProtectorDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\NewSearchProtectorDialog\images, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorBubbleDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorBubbleDialog\images, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorDialog\Images, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorRetakeoverDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\SearchProtectorRetakeoverDialog\Images, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\ToolbarFirstTimeDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\ToolbarFirstTimeDialog\images, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\ToolbarUntrustedAppsApprovalDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\UntrustedAddedAppDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\UntrustedAppApprovalDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Dialogs\UntrustedAppPendingDialog, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\EmailNotifier, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\ExternalComponent, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Logs, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\MyStuffApps, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\DynamicDialogs, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenLogin, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarSettings, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_en, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.ConnectDLC.A, C:\Users\Lashley Home\AppData\LocalLow\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation, , [5ef9fb1c77053204c99d16ff56ad54ac],
    PUP.Optional.WhiteSmoke.A, C:\Users\Lashley Home\AppData\LocalLow\WhiteSmoke_New, , [2c2b1502a0dc64d27ac2aa7032d1cd33],
    PUP.Optional.WhiteSmoke.A, C:\Users\Lashley Home\AppData\LocalLow\WhiteSmoke_New\SearchInNewTab, , [2c2b1502a0dc64d27ac2aa7032d1cd33],

    Files: 1
    PUP.Optional.Bandoo.A, C:\Users\Lashley Home\Desktop\Old Firefox Data\u18v3ypd.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}.xpi, , [acab8d8ac2baf442a59de055e1205ba5],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  5. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/28/2009 12:18:15 PM
    System Uptime: 10/21/2014 11:20:55 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0C142H
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2003/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 4.909 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 3.149 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    V: is FIXED (FAT) - 0 GiB total, 0.03 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Broadcom 802.11n Network Adapter
    Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_02261028&REV_03\FF4E002400
    Manufacturer: Broadcom
    Name: Broadcom 802.11n Network Adapter
    PNP Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_02261028&REV_03\FF4E002400
    Service: BCM43XX
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: facap, FastAccess Video Capture
    Device ID: ROOT\IMAGE\0001
    Manufacturer: Sensible Vision
    Name: facap, FastAccess Video Capture
    PNP Device ID: ROOT\IMAGE\0001
    Service: FACAP
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    3ivx MPEG-4 5.0.3 (remove only)
    7-Zip 9.20
    ABC Amber BlackBerry Converter
    AC3Filter (remove only)
    Adblock Plus for IE (32-bit)
    Adobe AIR
    Adobe Digital Editions 2.0
    Adobe Flash Player 14 ActiveX
    Adobe Flash Player 14 Plugin
    Adobe Reader XI
    Adobe Shockwave Player 12.0
    Adobe Shockwave Player 12.1
    Advanced Audio FX Engine
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Amazon Games & Software Downloader
    Amazon Kindle
    Amazon MP3 Downloader 1.0.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    ArcSoft Photo Book Screen Saver
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Brochures & Flyers
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Funhouse II
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Photo Prints
    ArcSoft Print Creations - Poster Creator
    ArcSoft Print Creations - Quick Photo Book
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    ArcSoft Print Creations ActiveX
    ArcSoft RAW Thumbnail Viewer
    ArcSoft Scan-n-Stitch Deluxe
    ArcSoft Video Downloader
    Audacity 1.3.12 (Unicode)
    Audacity 2.0.5
    Audible Download Manager
    AudibleManager
    Auslogics Duplicate File Finder
    AVerMedia MCE Encoder x86 3.2.1.84
    AVerMedia MiniCard Hybrid TV
    AVSDK5
    Banctec Service Agreement
    Bing Maps 3D
    Bing Rewards Client Installer
    BitPim 1.0.6
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Blackboard Collaborate Launcher
    blinkx beat
    Bonjour
    Bonjour Print Services
    BufferChm
    C5500
    Cards
    Catalina Savings Printer
    CCleaner
    CDDRV_Installer
    Clean Water Action TriMini Reminder by We-Care.com v5.0.2.2
    Compatibility Pack for the 2007 Office system
    Complete Care Business Service Agreement
    Complete Care Consumer Service Agreement
    Consumer In-Home Service Agreement
    CopyTrans Suite Remove Only
    CrashPlan
    Creative MediaSource 5
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Home Systems Service Agreement
    Dell Support Center
    Dell System Detect
    Dell Video Chat
    Dell Webcam Central
    Destination Component
    DeviceDiscovery
    DocProc
    Documents To Go Desktop for iPhone
    Dropbox
    Duplicate Photo Cleaner
    erLT
    Eusing Free Registry Cleaner
    Facebook Video Calling 1.2.0.287
    FastAccess
    FlipShare
    Free M4a to MP3 Converter 8.1
    Free YouTube to MP3 Converter Studio 8.2
    Freemake Video Downloader
    Gamers Unite! Snag Bar
    Google Chrome
    Google Drive
    Google Earth
    Google Update Helper
    GoToAssist 8.0.0.514
    GoToMeeting 5.3.0.1009
    GPBaseService2
    HitmanPro 3.7
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 12.0
    HP Imaging Device Functions 12.0
    HP Photosmart C5500 All-In-One Driver Software 12.0 Rel .4
    HP Photosmart Essential 3.5
    HP Smart Web Printing
    HP Solution Center 12.0
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    iCloud
    iExplorer 3.3.2.1
    iLivid
    Integrated Webcam Driver (1.00.04.0603)
    Intel(R) Graphics Media Accelerator Driver
    iolo technologies' System Mechanic Professional
    iPhone Backup Extractor
    iTunes
    iYogi Support Dock
    Java 7 Update 60
    Java Auto Updater
    Java(TM) 6 Update 5
    John Deere American Farmer Deluxe
    KhalInstallWrapper
    Legalsounds Download Manager
    Live! Cam Avatar Creator
    Logitech SetPoint
    Luxor
    LyricsFetcher v0.5.1
    Macro Recorder 5.6.5
    Malwarebytes Anti-Malware version 2.0.2.1012
    MarketResearch
    MediaButtons 1.0.1.4
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft Default Manager
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    MMI
    MobileMe Control Panel
    Motorola Driver Installation 4.2.0
    Mozilla Firefox 31.0 (x86 en-US)
    Mozilla Maintenance Service
    Mp3 Editor Pro v2.2.1
    MP3 Rocket
    Mplayer 0.6.9
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Netflix in Windows Media Center
    NETGEAR USB Control Center
    NirSoft IE PassView
    Norton Internet Security
    OCR Software by I.R.I.S. 12.0
    OfficeSharedAddInSetup
    OGA Notifier 2.0.0048.0
    OverDrive Media Console
    Photo Pos Pro
    Photopos Toolbar
    Photopos Toolbar (Remove Toolbar Only)
    PS_AIO_04_C5500_Software_Min
    QualXServ Service Agreement
    QuickTime 7
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    RehanFX Shader Transitions and Effects (ShaderTFX)
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Media Manager
    Roxio Update Manager
    Safari
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    SAMSUNG USB Driver for Mobile Phones
    Scan
    ScanSoft PaperPort Viewer 7.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    Shop for HP Supplies
    Skype Click to Call
    Skype™ 6.3
    Smart PDF Converter 6.3.0.485
    SmartWebPrinting
    SolutionCenter
    Sony Picture Utility
    Sound Blaster Audigy ADVANCED MB
    Spybot - Search & Destroy
    Stamps.com
    Stamps.com Application Support for Microsoft Word 2000-2010
    Stamps.com support for Microsoft Word 2000-2010
    Status
    SUPERAntiSpyware
    swMSM
    System Mechanic 14 Professional
    TidySongs
    Toolbox
    Total Defense PC Tune-Up 4.0.0.5
    TouchCopy 12
    TrayApp
    Trojan Killer
    TuneUp 3.0.7.0
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
    Verizon Wireless Software Upgrade Assistant - Samsung
    Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
    VoiceOver Kit
    Vuze
    WD My Cloud
    WD Quick View
    WD SmartWare
    WD SmartWare Installer
    WebReg
    WeFi 4.0.0.16
    WIDCOMM Bluetooth Software 6.1.0.4700
    Windows 7 Upgrade Advisor
    Windows Live ID Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    WinPcap 4.1.2
    Wondershare Video Editor(Build 4.1.2)
    Xilisoft iPhone SMS Backup
    XPS One Tour
    Xvid 1.2.2 final uninstall
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Software Update
    .
    ==== End Of File ===========================
     
  6. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16584 BrowserJavaVersion: 10.60.2
    Run by Lashley Home at 12:21:55 on 2014-10-21
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3292.1069 [GMT -6:00]
    .
    AV: System Shield *Enabled/Updated* {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: System Shield *Enabled/Updated* {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\CrashPlan\CrashPlanService.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
    C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
    C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iolo\System Mechanic Professional\iologovernor.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\MediaButtons.exe
    C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\DELLOSD.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Users\Lashley Home\AppData\Local\Apps\2.0\0XHOA97A.BN2\JWAD0JBN.M2J\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
    C:\Program Files\CrashPlan\CrashPlanTray.exe
    C:\Program Files\SetPoint\SetPoint.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uWindow Title = Internet Explorer provided by Dell
    uSearch Bar = Preserve
    uProxyOverride = <-loopback>
    BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\adblock plus for ie\AdblockPlus32.dll
    TB: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
    TB: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
    TB: Photopos Toolbar: {59509308-4e15-4619-8e8d-0154e1588cdd} - c:\program files\photopostb\photoposDx.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [DellSystemDetect] c:\users\lashley home\appdata\local\apps\2.0\0xhoa97a.bn2\jwad0jbn.m2j\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [MediaButtons] c:\windows\system32\MediaButtons.exe
    mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
    mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [FATrayAlert] c:\program files\sensible vision\fast access\FATrayMon.exe
    mRun: [FAStartup] <no file>
    dRun: [Bomgar_Cleanup_ZD6620630358] cmd.exe /C rd /S /Q "c:\programdata\iyogi-scc-52411f96" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD6620630358 /f
    dRun: [Bomgar_Cleanup_ZD15946410449] cmd.exe /C rd /S /Q "c:\programdata\bomgar-scc-0x53feb81d" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD15946410449 /f
    dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\setpoint\SetPoint.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mediab~1.lnk - c:\windows\system32\MediaButtons.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxps://secure.iolo.com/PURCHASE/WebResource.axd?d=PO7P-LiUBjyfGDiabIpF4fQExoDwbhOUWJ_W4YtJ_7kls_MShO2kWyWaeuTGxOJpZkbc1QaYKZxdi0XTIz9vutu_lVOhiFAz6nG6Ai_mtip3Vay2jcxaHSE2ukEZ70YimPNPDQ2&t=635424015650000000
    TCP: NameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{18FFEC72-9D64-47EE-A7E4-F6907A56E528} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{A47B25DE-BCEE-4F80-A891-6AE810A37C1B} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{ADC23A46-8D93-4FFC-A1F8-9681BCA75B96} : DHCPNameServer = 172.20.10.1
    TCP: Interfaces\{C313C20E-348F-40EA-BF45-3106AD24660E} : DHCPNameServer = 172.20.10.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: !SASWinLogon - <no file>
    Notify: FastAccess - c:\program files\sensible vision\fast access\FALogNot.dll
    Notify: GoToAssist - <no file>
    Notify: igfxcui - igfxdev.dll
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
    STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
    LSA: Notification Packages = scecli FAPassSync
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\lashley home\appdata\roaming\mozilla\firefox\profiles\66k5g7mv.default-1409941843299\
    FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\lashle~1\appdata\roaming\catali~2\npBcsKtTcHW.dll
    FF - plugin: c:\users\lashley home\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\lashley home\appdata\roaming\mozilla\plugins\np-mswmp.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\drivers\amp.sys [2014-3-25 139528]
    R2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\drivers\ampse.sys [2014-8-31 1386760]
    R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2009-4-28 932864]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-4-28 29736]
    R3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\drivers\cbfs3.sys [2013-7-19 299024]
    S3 15699;15699;c:\windows\system32\drivers\15699 [2013-9-23 9072]
    S3 19566;19566;c:\windows\system32\drivers\19566 [2013-9-23 9072]
    S3 30677;30677;c:\windows\system32\drivers\30677 [2013-9-23 9072]
    S3 31352;31352;c:\windows\system32\drivers\31352 [2013-9-24 9072]
    S3 31506;31506;c:\windows\system32\drivers\31506 [2013-9-24 9072]
    S3 32021;32021;c:\windows\system32\drivers\32021 [2013-9-23 9072]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-1-8 30312]
    .
    =============== File Associations ===============
    .
    FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-10-16 09:18:52 81560 ----a-w- c:\windows\system32\mscories.dll
    2014-10-16 09:18:52 156824 ----a-w- c:\windows\system32\mscorier.dll
    2014-10-16 09:18:52 1131664 ----a-w- c:\windows\system32\dfshim.dll
    2014-10-16 09:12:30 2054656 ----a-w- c:\windows\system32\win32k.sys
    2014-10-16 09:11:25 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
    2014-10-16 09:03:04 66560 ----a-w- c:\windows\system32\packager.dll
    2014-10-08 02:32:13 -------- d-sh--w- C:\found.009
    2014-10-01 20:44:05 -------- d-sh--w- C:\found.008
    2014-09-27 19:59:40 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2014-09-24 09:01:33 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2014-10-21 17:27:38 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-09-19 22:44:32 1810432 ----a-w- c:\windows\system32\jscript9.dll
    2014-09-19 22:38:15 1129472 ----a-w- c:\windows\system32\wininet.dll
    2014-09-19 22:37:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-09-19 22:36:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-09-19 22:35:46 421376 ----a-w- c:\windows\system32\vbscript.dll
    2014-09-19 22:34:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-09-19 22:34:22 11776 ----a-w- c:\windows\system32\mshta.exe
    2014-09-02 01:15:06 18872 ----a-w- c:\windows\system32\drivers\SPPD.sys
    2014-09-01 02:14:59 253176 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe
    2014-08-28 03:24:14 74703 ----a-w- c:\windows\system32\mfc45.dat
    2014-08-25 20:55:20 528384 ------w- c:\windows\system32\PosGRP.dll
    2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-13 05:57:14 41616 ----a-w- c:\windows\system32\iolobtdfg.exe
    2014-08-13 05:57:06 23568 ----a-w- c:\windows\system32\smrgdf.exe
    2014-08-13 05:41:18 2097984 ----a-w- c:\windows\system32\Incinerator32.dll
    2014-08-13 05:38:22 28256 ----a-w- c:\windows\system32\drivers\rawdsk3.sys
    2014-08-13 05:35:16 118784 ----a-w- c:\windows\system32\iavlsp.dll
    2014-08-13 05:35:14 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
    2014-08-13 05:35:10 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
    2014-08-13 05:35:10 56200 ----a-w- c:\windows\system32\offreg.dll
    2014-07-31 00:18:56 531496 ----a-w- c:\windows\system32\mcmpeg2mux.ax
    2014-07-31 00:18:56 375848 ----a-w- c:\windows\system32\mcm2ve.ax
    2014-07-31 00:18:56 257064 ----a-w- c:\windows\system32\mcl2ae.ax
    2014-07-31 00:18:56 244776 ----a-w- c:\windows\system32\mcmpgaout.dll
    2014-07-31 00:18:56 2140712 ----a-w- c:\windows\system32\mcmpgvout.004
    2014-07-31 00:18:56 20520 ----a-w- c:\windows\system32\mcmpgvout.dll
    2014-07-30 13:06:26 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
    2014-07-28 20:52:00 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
    2014-07-28 20:52:00 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2014-07-25 08:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    .
    ============= FINISH: 12:27:30.12 ===============
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] Uninstall iolo technologies' System Mechanic Professional.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    [​IMG] System Mechanic comes with some weak AV program called System Shield.
    I'd assume that it got uninstalled along with System Mechanic.
    In that case you don't have any AV program running.
    Install ONE of these:

    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
    You can keep it or you have to disable it before installing another AV program. How to...

    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    Update, run full scan, report on any findings.

    Next...

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  8. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    I am working on these items this afternoon. Thanks so much for replying to me Broni. I will get my results to you as soon as I get them done.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  10. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    Broni- sorry it took so long to reply. Last couple days has been computer hell for me. I can't get my computer to get past windows booting successfully. The user login screen just shows up as a black screen with a cursor. This time I can not get safe mode with networking to work either. I am just about to tears. Do you have any suggestions of what I could do to get the login screen to appear and windows desktop to load.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
    NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note:
      Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  12. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    Here's the FRST log. Thanks for helping me with this Broni. I am so frustrated! The spare computer I had has ended up with this same issue (instead of getting a log in screen it shows only black screen with white cursor. It will not go into safe mode. It is doing the EXACT same thing as my desktop that I am having you help me with. The only thing I know they have in common are.. I used Facebook while being on both computers and I had my iPhone that I was using as a hotspot via USB cable to each of them at the time they would shut off and rebooted without warning and then went into the black screen with cursor.) (Also my laptop never had issues with the corrupt file errors prior to do what it is doing. It was working great up until it shut off and rebooted) Could my iPhone have a virus or something and transferred it to the computer?) I will be opening up a new thread to get help with that computer. Thanks again Broni for everything.
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014
    Ran by SYSTEM on MINWINPC on 27-10-2014 09:14:09
    Running from G:\
    Platform: Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Recovery
    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
    HKLM\...\Run: [MediaButtons] => C:\Windows\System32\MediaButtons.exe [2482176 2008-08-29] ()
    HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
    HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
    HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
    HKLM\...\Run: [FATrayAlert] => C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe [98488 2011-04-23] (Sensible Vision )
    HKLM\...\Run: [FAStartup] => [X]
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-04] (Realtek Semiconductor)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    HKLM\...\Run: [iolo Startup] => C:\Program Files\iolo\Common\Lib\ioloLManager.exe [4449528 2014-08-12] (iolo technologies, LLC)
    HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
    Winlogon\Notify\FastAccess: C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll ()
    HKU\Default\...\Run: [ooVoo] => C\ooVoo.exe /minimized
    HKU\Default User\...\Run: [ooVoo] => C\ooVoo.exe /minimized
    HKU\Kids\...\Policies\system: [LogonHoursAction] 2
    HKU\Kids\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Lashley Home\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
    HKU\Lashley Home\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-06] (SUPERAntiSpyware)
    HKU\Lashley Home\...\Run: [DellSystemDetect] => C:\Users\Lashley Home\AppData\Local\Apps\2.0\0XHOA97A.BN2\JWAD0JBN.M2J\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-09-02] (Dell)
    HKU\Lashley Home\...\Policies\system: [LogonHoursAction] 2
    HKU\Lashley Home\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Lsa: [Notification Packages] scecli FAPassSync
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    BootExecute: autocheck smrgdf C:\Users\Lashley Home\AppData\Roaming\iolo\鐀༜鿰፥⺰Ǩ!ꮐፇĀĀϧ����†
    GroupPolicyUsers\S-1-5-21-1298243350-4168526417-2768172632-1001\User: Group Policy restriction detected <======= ATTENTION
    ========================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S4 AERTFilters; C:\Windows\system32\AERTSrv.exe [81920 2008-07-15] (Andrea Electronics Corporation)
    S3 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
    S4 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
    S2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [152576 2012-08-16] (CrashPlan)
    S4 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2009-04-28] (Creative Labs)
    S3 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2008-07-27] (Creative Technology Ltd)
    S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
    S4 FAService; C:\Program Files\Sensible Vision\Fast Access\FAService.exe [2412728 2011-04-23] (Sensible Vision )
    S4 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [455944 2010-05-14] ()
    S4 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-12] (Ellora Assets Corp.)
    S2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
    S4 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
    S4 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91392 2009-11-09] ()
    S3 PCPitstop Scheduling; C:\Program Files\Total Defense\PCPitstopScheduleService.exe [86656 2013-01-24] (PC Pitstop LLC)
    S3 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S4 SupportDockService.exe; C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [78336 2012-08-07] (iYogi Technical Services)
    S2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [97544 2014-03-25] (CYREN Inc.)
    S2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [97544 2014-03-25] (CYREN Inc.)
    S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [142600 2014-03-25] (CYREN Inc.)
    S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
    S2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
    S4 WefiEngSvc; C:\Program Files\WeFi\WefiEngSvc.exe [120152 2010-09-06] (WeFi)
    S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
    S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]
    S3 sprtsvc_dellsupportcenter; No ImagePath
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S3 15699; C:\Windows\System32\DRIVERS\15699 [9072 2013-09-23] ()
    S3 19566; C:\Windows\System32\DRIVERS\19566 [9072 2013-09-23] ()
    S3 30677; C:\Windows\System32\DRIVERS\30677 [9072 2013-09-23] ()
    S3 31352; C:\Windows\System32\DRIVERS\31352 [9072 2013-09-24] ()
    S3 31506; C:\Windows\System32\DRIVERS\31506 [9072 2013-09-23] ()
    S3 32021; C:\Windows\System32\DRIVERS\32021 [9072 2013-09-23] ()
    S2 AMP; C:\Windows\system32\Drivers\amp.sys [139528 2014-03-25] (CYREN Inc.)
    S2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1386760 2014-03-25] (CYREN Inc.)
    S3 AVerBDA6x; C:\Windows\System32\DRIVERS\AVerBDA716x.sys [932864 2008-07-29] (AVerMedia TECHNOLOGIES, Inc.)
    S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
    S3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14656 2008-04-27] ()
    S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-09-18] (EldoS Corporation)
    S3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [232832 2008-09-24] (Sensible Vision )
    S1 FileDisk; C:\Windows\System32\Drivers\FileDisk.sys [9341 2014-08-12] (iolo technologies, LLC (based on original work by Bo Brantén))
    S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [36040 2013-01-10] (AnchorFree Inc.)
    S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
    S2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
    S3 OA003Ufd; C:\Windows\System32\DRIVERS\OA003Ufd.sys [144672 2008-07-29] (Creative Technology Ltd.)
    S3 OA003Vid; C:\Windows\System32\DRIVERS\OA003Vid.sys [268736 2008-07-29] (Creative Technology Ltd.)
    S2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2014-08-12] (Raxco Software, Inc.)
    S1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28256 2014-08-12] (EldoS Corporation)
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-01-10] (Anchorfree Inc.)
    S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2014-07-30] (Windows (R) Win 7 DDK provider)
    S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-21] ()
    S1 bpxutwlc; \??\C:\Windows\system32\drivers\bpxutwlc.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S1 kkduspht; \??\C:\Windows\system32\drivers\kkduspht.sys [X]
    S3 NetgearUDSTcpBus; System32\Drivers\NetgearUDSTcpBus.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-10-27 09:14 - 2014-10-27 09:14 - 00000000 ____D () C:\FRST
    2014-10-26 15:34 - 2014-10-26 15:34 - 00000000 __SHD () C:\found.010
    2014-10-21 10:44 - 2014-10-21 10:44 - 00034808 _____ () C:\Windows\System32\Drivers\TrueSight.sys
    2014-10-21 10:44 - 2014-10-21 10:44 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-10-21 10:42 - 2014-10-21 10:42 - 00015028 _____ () C:\Users\Lashley Home\Documents\DDS 10-21-14.txt
    2014-10-21 10:42 - 2014-10-21 10:42 - 00011744 _____ () C:\Users\Lashley Home\Documents\Attach 10-21-14.txt
    2014-10-21 10:39 - 2014-10-21 10:39 - 15725144 _____ () C:\Users\Lashley Home\Downloads\RogueKiller.exe
    2014-10-21 10:28 - 2014-10-21 10:28 - 00011744 _____ () C:\Users\Lashley Home\Desktop\attach.txt
    2014-10-21 10:28 - 2014-10-21 10:27 - 00015028 _____ () C:\Users\Lashley Home\Desktop\dds.txt
    2014-10-21 09:48 - 2014-10-21 09:48 - 00688992 ____R (Swearware) C:\Users\Lashley Home\Downloads\dds.com
    2014-10-21 08:47 - 2014-10-21 08:47 - 00000385 _____ () C:\10-21-2014 Malware Database.txt
    2014-10-21 08:47 - 2014-10-21 08:47 - 00000385 _____ () C:\10-21-2014 malware database 2.txt
    2014-10-21 08:46 - 2014-10-21 08:46 - 00000385 _____ () C:\Users\Lashley Home\Desktop\10-21-2014 rootkit database.txt
    2014-10-21 08:35 - 2014-10-21 08:35 - 00012991 ____H () C:\Users\Lashley Home\Documents\~WRL0005.tmp
    2014-10-19 19:45 - 2014-10-19 19:46 - 06808688 _____ (ParetoLogic, Inc.) C:\Users\Lashley Home\Downloads\RegCureProSetup (1).exe
    2014-10-19 18:56 - 2014-10-20 17:07 - 00002910 _____ () C:\Windows\PFRO.log
    2014-10-16 22:32 - 2014-10-24 06:19 - 00155050 _____ () C:\Windows\WindowsUpdate.log
    2014-10-16 22:31 - 2014-10-24 20:32 - 00000408 _____ () C:\Windows\System32\iolo.ini
    2014-10-16 01:18 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
    2014-10-16 01:18 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
    2014-10-16 01:18 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
    2014-10-16 01:12 - 2014-09-27 15:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2014-10-16 01:11 - 2014-09-04 15:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
    2014-10-16 01:03 - 2014-09-16 08:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
    2014-10-15 22:45 - 2014-09-19 14:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2014-10-15 22:45 - 2014-09-19 14:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2014-10-15 22:45 - 2014-09-19 14:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2014-10-15 22:45 - 2014-09-19 14:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2014-10-15 22:45 - 2014-09-19 14:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2014-10-15 22:45 - 2014-09-19 14:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2014-10-15 22:45 - 2014-09-19 14:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
    2014-10-15 22:45 - 2014-09-19 14:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2014-10-15 22:45 - 2014-09-19 14:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2014-10-15 22:45 - 2014-09-19 14:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2014-10-15 22:45 - 2014-09-19 14:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2014-10-15 22:45 - 2014-09-19 14:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2014-10-15 22:45 - 2014-09-19 14:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2014-10-15 22:45 - 2014-09-19 14:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2014-10-15 22:45 - 2014-09-19 14:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2014-10-15 22:45 - 2014-09-19 14:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2014-10-15 22:45 - 2014-09-19 14:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2014-10-15 22:45 - 2014-09-19 14:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2014-10-15 22:45 - 2014-09-19 14:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2014-10-15 22:45 - 2014-09-19 14:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2014-10-15 22:45 - 2014-09-19 14:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2014-10-15 12:17 - 2014-10-15 12:18 - 00000000 ____D () C:\Users\Lashley Home\Documents\Mom's TextMessages Exported Oct 15 2014
    2014-10-15 11:08 - 2014-10-15 11:08 - 00004602 _____ () C:\Users\Lashley Home\Downloads\download.CSV
    2014-10-07 18:32 - 2014-10-07 23:51 - 00000000 __SHD () C:\found.009
    2014-10-01 12:44 - 2014-10-01 16:58 - 00000000 __SHD () C:\found.008
    2014-09-27 11:59 - 2014-09-27 12:01 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-10-26 16:14 - 2006-11-02 04:47 - 00436960 _____ () C:\Windows\System32\FNTCACHE.DAT
    2014-10-26 14:44 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\winevt
    2014-10-24 20:36 - 2014-08-27 21:55 - 00000000 ____D () C:\ProgramData\ioloGovernor
    2014-10-24 20:32 - 2014-08-31 01:17 - 00000392 _____ () C:\Windows\System32\iolo.ini.txt
    2014-10-24 20:32 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-24 20:32 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-24 20:32 - 2006-11-02 04:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2014-10-23 10:06 - 2006-11-02 02:33 - 00777676 _____ () C:\Windows\System32\PerfStringBackup.INI
    2014-10-22 19:57 - 2011-05-10 09:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-10-22 16:08 - 2011-01-19 16:47 - 00000000 ____D () C:\Users\Lashley Home\AppData\Roaming\TuneUpMedia
    2014-10-21 09:27 - 2014-08-27 22:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2014-10-21 09:25 - 2014-09-08 18:16 - 00008192 _____ () C:\Windows\System32\WDPABKP.dat
    2014-10-21 08:40 - 2014-09-13 19:35 - 00000000 ____D () C:\Users\Lashley Home\AppData\Local\iLivid
    2014-10-20 17:13 - 2012-09-23 11:48 - 00000000 ____D () C:\Program Files\CrashPlan
    2014-10-19 12:08 - 2014-08-28 10:49 - 00000000 ____D () C:\Windows\System32\config\SM Registry Backup
    2014-10-18 02:07 - 2009-09-19 20:19 - 00017312 _____ () C:\Users\Lashley Home\AppData\Roaming\wklnhst.dat
    2014-10-16 22:26 - 2013-05-26 13:20 - 00000000 ____D () C:\Users\Lashley Home\Documents\registry backups
    2014-10-16 22:19 - 2010-04-21 21:25 - 00000000 ____D () C:\Program Files\CCleaner
    2014-10-16 10:59 - 2009-04-28 10:17 - 00004268 _____ () C:\Windows\bthservsdp.dat
    2014-10-16 02:18 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-10-16 01:23 - 2010-01-19 17:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-14 09:59 - 2011-01-19 16:47 - 00000000 ____D () C:\ProgramData\TuneUpMedia
    2014-10-10 04:44 - 2010-04-21 21:35 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
    2014-10-01 12:34 - 2010-05-24 02:19 - 00001356 _____ () C:\Users\Lashley Home\AppData\Local\d3d9caps.dat
    2014-10-01 11:51 - 2011-10-18 18:58 - 00000000 ____D () C:\Users\Lashley Home\Documents\My Scans
    2014-10-01 06:44 - 2014-08-27 19:24 - 00000000 ____D () C:\ProgramData\iolo
    2014-09-29 13:00 - 2010-01-11 19:27 - 00000000 ____D () C:\Windows\Minidump
    2014-09-27 12:01 - 2014-08-12 03:43 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-09-27 12:01 - 2010-02-28 17:10 - 00000000 ____D () C:\Program Files\iTunes
    2014-09-27 11:59 - 2010-01-15 20:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-09-27 10:58 - 2009-08-23 12:39 - 00000000 ____D () C:\users\Lashley Home
    Files to move or delete:
    ====================
    C:\ProgramData\hash.dat

    Some content of TEMP:
    ====================
    C:\Users\Lashley Home\AppData\Local\Temp\dllnt_dump.dll

    ==================== Known DLLs (Whitelisted) ============

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== Restore Points =========================

    ==================== Memory info ===========================
    Percentage of memory in use: 15%
    Total physical RAM: 3996.32 MB
    Available physical RAM: 3392.73 MB
    Total Pagefile: 3709.01 MB
    Available Pagefile: 3495.21 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1959.48 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:3.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:0.04 GB) (Free:0.03 GB) FAT
    Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:3.13 GB) NTFS
    Drive f: (VISTA_SP1_HOMEPREMIUM) (CDROM) (Total:3.33 GB) (Free:0 GB) UDF
    Drive g: (DISKGO) (Removable) (Total:31.23 GB) (Free:29.16 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: F4080ECE)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=06)
    Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=283.4 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (Size: 31.3 GB) (Disk ID: 0812635C)
    Partition 1: (Active) - (Size=31.2 GB) - (Type=0C)

    LastRegBack: 2014-10-26 16:34
    ==================== End Of Log ============================
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    We do have some infection there and we also have one system file missing.
    Both could cause booting issue.

    Re-run FRST again.
    Type the following in the edit box after "Search Files:".

    rpcss.dll

    Click Search button and post the log (Search.txt) it makes in your reply.
     
  14. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    Farbar Recovery Scan Tool (x86) Version: 27-10-2014
    Ran by SYSTEM at 2014-10-27 18:00:39
    Running from G:\
    Boot Mode: Recovery
    ================== Search: "rpcss.dll" ===================
    C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
    [2009-08-24 15:12][2009-04-10 22:28] 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9
    C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
    [2009-08-23 12:44][2009-03-02 20:32] 0551424 ____A (Microsoft Corporation) 4DFCBDEF3CCAA98F99038DED78945253
    C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
    [2009-08-23 12:44][2009-03-02 20:39] 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830
    C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
    [2008-01-20 18:24][2008-01-20 18:24] 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C
    C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
    [2009-08-23 12:44][2009-03-02 20:17] 0550400 ____A (Microsoft Corporation) B1BB45E24717A7F790B4411C4446EF5E
    C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
    [2009-08-23 12:44][2009-03-02 20:19] 0549888 ____A (Microsoft Corporation) 7B981222A257D076885BFFB66F19B7CE
    X:\Windows\System32\rpcss.dll
    [2008-01-18 21:49][2008-01-18 23:36] 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C
    === End Of Search ===
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    See if you can boot normally.
     

    Attached Files:

  16. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    Should I save the fixlist.txt to my usb drive instead of the desktop of this other computer?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I'm sorry. Wrong instructions. Hold on for a sec.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  19. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-10-2014
    Ran by SYSTEM at 2014-10-27 18:48:33 Run:1
    Running from G:\
    Boot Mode: Recovery
    ==============================================
    Content of fixlist:
    *****************
    Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll C:\Windows\System32\rpcss.dll
    HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
    HKLM\...\Run: [FAStartup] => [X]
    GroupPolicyUsers\S-1-5-21-1298243350-4168526417-2768172632-1001\User: Group Policy restriction detected <======= ATTENTION
    S3 sprtsvc_dellsupportcenter; No ImagePath
    S1 bpxutwlc; \??\C:\Windows\system32\drivers\bpxutwlc.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S1 kkduspht; \??\C:\Windows\system32\drivers\kkduspht.sys [X]
    S3 NetgearUDSTcpBus; System32\Drivers\NetgearUDSTcpBus.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    C:\ProgramData\hash.dat
    C:\Users\Lashley Home\AppData\Local\Temp\dllnt_dump.dll
    *****************
    Could not find C:\Windows\System32\rpcss.dll
    C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup => value deleted successfully.
    C:\Windows\System32\GroupPolicyUsers\S-1-5-21-1298243350-4168526417-2768172632-1001\User => Moved successfully.
    C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.
    sprtsvc_dellsupportcenter => Service deleted successfully.
    bpxutwlc => Service deleted successfully.
    IpInIp => Service deleted successfully.
    kkduspht => Service deleted successfully.
    NetgearUDSTcpBus => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    C:\ProgramData\hash.dat => Moved successfully.
    C:\Users\Lashley Home\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    ==== End of Fixlog ====
     
  20. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    No more black screen instead of log in screen.. Can you help me figure out what was causing the other issue that I originally was having?
     
  21. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    I just sent a small donation to you Broni for your expertise so far. Let me know if you get it or not.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I assume you were able to boot normally?

    If so we need to run more scans because your computer was (is) seriously infected.

    Re-run MBAM and post fresh log and then follow my reply #7
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Thank you for your donation :)
     
  24. Not2bashful

    Not2bashful TS Rookie Topic Starter Posts: 86

    Yup I am running those now! (y)Yup I am replying to you from my all-in-one Dell Desktop that I originally started out using... Oh I appreciate what your doing.. Like I said I wish I could send more...
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    No worries :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...