also @ TechSpot: Asus' new lineup of Z87 Haswell motherboards revealed

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

File recovery rogue scanner infection

Discussion in 'Virus and Malware Removal' started by CanHazTrojanz?, Sep 1, 2012.

Post New Reply

Page 4 of 8

CanHazTrojanz? TechSpot Enthusiast Posts: 106

So I still have to circle back to trying a direct connection to the internet, bypassing the modem, but the final solution had a funny error:

When I tried the "netsh int ip reset reset.log" it was "OK! OK! Restart the computer..."

Then (before resetting) I did the netsh winsock reset catalog, and:

Access is denied

So I restarted, checked to see if I had a connection and still don't. Then ran the troubleshooter and it's still saying "Windows could not automatically detect this network's proxy settings" - and I still have "ghost" files (they're transparent on the desktop, hidden).

Going to try a direct connection to the internet now, despite my daughter's evil eye.

CanHazTrojanz?, Sep 7, 2012

#61
Broni Malware Annihilator Posts: 39,288 +175

Go on...

Broni, Sep 7, 2012

#62
CanHazTrojanz? TechSpot Enthusiast Posts: 106

I did connect directly to the internet via ethernet cable. Rebooted, re-ran troubleshooter since it didn't connect to the internet. Same error.

Also, earlier from the CMD window, the "log" said it would be ready in 15 minutes (error log). Not sure if you want that or how to fetch it?

CanHazTrojanz?, Sep 7, 2012

#63
Broni Malware Annihilator Posts: 39,288 +175

So you can connect while hardwired but not wirelessly?

If so try to reinstall wireless adapter driver.

Broni, Sep 8, 2012

#64
CanHazTrojanz? TechSpot Enthusiast Posts: 106

I cannot connect either way.

CanHazTrojanz?, Sep 8, 2012

#65

CanHazTrojanz? TechSpot Enthusiast Posts: 106

Would I simply go to the manufacturer's site and try to download the driver there, onto the thumb drive?

CanHazTrojanz?, Sep 8, 2012

#66

Broni Malware Annihilator Posts: 39,288 +175

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.

Broni, Sep 8, 2012

#67
CanHazTrojanz? TechSpot Enthusiast Posts: 106

OK, onto step 3 and was told it would "take some time" by the program. Will post when I'm done. Thanks.

CanHazTrojanz?, Sep 8, 2012

#68
CanHazTrojanz? TechSpot Enthusiast Posts: 106

On the final step, watching it work - a LOT of "Failed" warnings, am I supposed to upload a log or anything? (It's still working presently, repair job 2 of 12.)

CanHazTrojanz?, Sep 8, 2012

#69
CanHazTrojanz? TechSpot Enthusiast Posts: 106

Ran it, and it couldn't fix a lot of errors from what I was watching when it was running. But it restarted, and I still can't connect to the internet, and still have "Access Denied" files on the C: drive (Config.Msi, Documents and Settings, Recovery, System Volume Information).

CanHazTrojanz?, Sep 8, 2012

#70
Broni Malware Annihilator Posts: 39,288 +175

it couldn't fix a lot of errors

It looks like your Windows installation is seriously corrupted.

I think we may be facing Windows reinstallation.

Broni, Sep 8, 2012

#71
CanHazTrojanz? TechSpot Enthusiast Posts: 106

OK not ideal, I'm assuming I'll lose my current files? Not that it's your fault, but that's months of work down the drain and all my backup files for my websites...

Would it help if I did the FRST scan using a 64-bit Windows 7 disc? I managed to get one from my brother.

CanHazTrojanz?, Sep 8, 2012

#72
Broni Malware Annihilator Posts: 39,288 +175

You have to backup your files first but since you got 64-bit disk give me new FRST log.

Broni, Sep 8, 2012

#73
CanHazTrojanz? TechSpot Enthusiast Posts: 106

Farbar Recovery Scan Tool (x64) Version: 05-09-2012
Ran by SYSTEM at 2012-09-08 14:02:21
Running from H:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\ERDNT\cache64\services.exe
[2011-06-16 12:35] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======

Scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2012
Ran by SYSTEM at 08-09-2012 14:00:35
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1860496 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" [3149704 2012-08-29] (GFI Software)
HKU\IdHusseys\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-03-19] (Hewlett-Packard Company)
HKU\IdHusseys\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17145992 2012-02-15] (Skype Technologies S.A.)
HKU\IdHusseys\...\Run: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-17] (Alexander Nikiforov)
Startup: C:\Users\IdHusseys\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\IdHusseys\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Services ====================
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
3 OpenVPNService; "C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe" [36352 2011-07-13] ()
2 SBAMSvc; "C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe" [3677000 2012-08-29] (GFI Software)
2 SBPIMSvc; "C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe" [175496 2012-08-29] (GFI Software)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
3 fsssvc; "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [x]
==================== Drivers =================================
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================
2012-09-07 21:52 - 2012-09-07 21:52 - 00092928 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-09-07 21:49 - 2012-09-08 11:57 - 00131072 ____A C:\Windows\System32\Ikeext.etl
2012-09-07 21:44 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-09-07 21:31 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-09-07 21:04 - 2012-09-07 21:04 - 00003304 ____N C:\bootsqm.dat
2012-09-07 20:56 - 2012-09-07 21:48 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-07 20:55 - 2012-09-07 20:55 - 00002251 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-09-07 20:55 - 2012-09-07 20:55 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2012-09-07 20:55 - 2012-09-07 20:54 - 05313275 ____A C:\Users\IdHusseys\Desktop\tweaking.com_windows_repair_aio_setup.exe
2012-09-07 19:33 - 2012-09-08 14:00 - 00000000 ____D C:\FRST
2012-09-04 16:00 - 2012-09-04 16:02 - 00000000 ___SD C:\32788R22FWJFW
2012-09-03 23:10 - 2012-09-03 23:10 - 00021485 ____A C:\ComboFix.txt
2012-09-03 21:15 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-03 21:15 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-03 21:15 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-03 21:15 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-03 21:15 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-03 21:15 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-03 21:15 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-03 21:15 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-03 21:14 - 2012-09-03 23:10 - 00000000 ____D C:\ComboFix
2012-09-03 21:13 - 2012-09-03 23:10 - 00000000 ____D C:\Qoobox
2012-09-03 12:09 - 2012-09-03 12:09 - 02193345 ____A C:\Users\IdHusseys\Downloads\tdsskiller.zip
2012-09-02 12:16 - 2012-09-02 12:18 - 00000000 ____D C:\Users\IdHusseys\Desktop\RK_Quarantine
2012-09-01 17:49 - 2012-09-01 19:48 - 00607260 ____A (Swearware) C:\Users\IdHusseys\Desktop\dds.com
2012-09-01 04:26 - 2012-09-01 04:26 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-01 04:26 - 2012-09-01 04:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-31 23:27 - 2012-08-31 23:27 - 00001975 ____A C:\Users\Public\Desktop\VIPRE.lnk
2012-08-31 22:47 - 2012-08-31 22:47 - 00184231 ____A C:\Users\IdHusseys\Downloads\12-7-11_fakereanfix.zip
2012-08-31 16:19 - 2012-08-31 16:19 - 00000093 ____A C:\Users\IdHusseys\AppData\Roaming\netstat.bat
2012-08-31 13:57 - 2012-08-31 13:57 - 00058080 ____A C:\Users\IdHusseys\Desktop\Affmagic_08_29_2012.zip
2012-08-30 22:39 - 2012-08-30 22:38 - 00080549 ____A C:\Users\IdHusseys\Desktop\lv.htm
2012-08-30 20:12 - 2012-08-30 22:49 - 00001066 ____A C:\Users\IdHusseys\Desktop\Duct Tape SEO V2 2012 CopyCat SEO.txt
2012-08-29 15:41 - 2012-08-29 15:41 - 00047496 ____A (GFI Software) C:\Windows\SysWOW64\sbbd.exe
2012-08-29 14:28 - 2012-08-31 16:48 - 00000000 ____D C:\Users\IdHusseys\Downloads\www.curadebt.com (DTOX, 2012-08-29) - LinkResearchTools - OVERVIEW Percentages_files
2012-08-29 14:28 - 2012-08-29 14:28 - 00282691 ___AH C:\Users\IdHusseys\Downloads\www.curadebt.com (DTOX, 2012-08-29) - LinkResearchTools - OVERVIEW Percentages.htm
2012-08-27 20:46 - 2012-09-03 22:04 - 00000940 ____A C:\Windows\PFRO.log
2012-08-27 14:52 - 2012-08-27 14:52 - 00000915 ____A C:\Users\IdHusseys\Desktop\Xenu.lnk
2012-08-27 14:35 - 2012-08-27 14:36 - 00000308 ____A C:\Users\IdHusseys\Desktop\TO DO ON YOUR SITES.txt
2012-08-26 17:25 - 2012-08-27 19:34 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-26 11:26 - 2012-08-26 11:26 - 00086816 ____A (GFI Software) C:\Windows\System32\Drivers\sbwtis.sys
2012-08-25 02:21 - 2012-08-25 02:22 - 14690376 ____A (LastPass) C:\Users\IdHusseys\Downloads\lastpass_x64 (1).exe
2012-08-25 02:20 - 2012-08-25 02:20 - 00002392 ____A C:\Users\IdHusseys\Desktop\Google Chrome.lnk
2012-08-25 02:19 - 2012-09-03 17:44 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000UA.job
2012-08-25 02:19 - 2012-09-01 02:34 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000Core.job
2012-08-24 22:57 - 2012-08-30 03:28 - 00000000 ___HD C:\Users\IdHusseys\Documents\Magic Rank Tracker Reports
2012-08-23 21:34 - 2012-08-23 21:34 - 14790243 ____A (Jayson Yanuaria ) C:\Program Files (x86)\SERPAttacks_Video.exe
2012-08-23 21:22 - 2012-08-31 16:51 - 00000000 ____D C:\Program Files (x86)\Market Samurai
2012-08-23 21:22 - 2012-08-31 16:37 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-08-23 21:22 - 2012-08-31 16:37 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-08-23 19:36 - 2012-08-23 19:39 - 20348849 ____A C:\Program Files (x86)\Sun_ODF_Template_Pack2_en-US.oxt
2012-08-23 19:32 - 2012-08-23 19:38 - 135933721 ____A C:\Program Files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
2012-08-22 16:56 - 2012-08-22 16:56 - 00001948 ____A C:\Users\Public\Desktop\A1 Keyword Research 4.lnk
2012-08-22 01:05 - 2012-08-22 01:05 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-22 01:05 - 2012-08-22 01:05 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-22 00:09 - 2012-08-22 00:10 - 00000929 ____A C:\Users\IdHusseys\Desktop\LYNX.lnk
2012-08-22 00:08 - 2012-08-31 16:51 - 00000000 ____D C:\lynx_w32
2012-08-21 21:10 - 2012-08-31 16:52 - 00000000 ____D C:\Users\IdHusseys\Desktop\lynx2-8-7
2012-08-20 02:38 - 2012-09-08 11:56 - 00003874 ____A C:\Windows\setupact.log
2012-08-20 02:38 - 2012-08-20 02:38 - 00000000 ____A C:\Windows\setuperr.log
2012-08-16 11:13 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-16 11:13 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-16 11:13 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-16 11:13 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-16 11:13 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-16 11:13 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-16 11:13 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-16 11:13 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-16 11:13 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-16 11:13 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-16 11:13 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-16 11:13 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-16 11:13 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-16 11:13 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-16 11:13 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-16 11:13 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-16 11:13 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-16 11:13 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-16 11:13 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-16 11:13 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-16 11:13 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-16 11:13 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-16 11:13 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-16 11:13 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-16 11:13 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-16 11:13 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-16 11:13 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-16 11:13 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 10:28 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 10:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 10:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 10:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 10:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 10:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 10:28 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 10:28 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 10:28 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 10:28 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 10:28 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 10:28 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 10:28 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-14 14:24 - 2012-08-23 13:23 - 15428440 ____A (Adobe Systems Inc.) C:\Program Files (x86)\AdobeAIRInstaller.exe
2012-08-14 13:49 - 2012-08-14 13:49 - 00000000 ___HD C:\Users\IdHusseys\AppData\Local\{136E17CE-9D8C-4576-B5FB-9FD9476CEE7D}
2012-08-13 11:53 - 2012-08-13 11:54 - 00000000 ___HD C:\Users\IdHusseys\AppData\Local\{22CFA543-8BC0-487D-B925-78E6564E6786}
2012-08-11 13:18 - 2012-08-31 16:39 - 00000000 ____D C:\Users\IdHusseys\Documents\Microsys
2012-08-11 13:18 - 2012-08-22 16:56 - 00000000 ___HD C:\Users\IdHusseys\AppData\Roaming\Microsys
2012-08-11 13:18 - 2012-08-11 13:18 - 00001957 ____A C:\Users\Public\Desktop\A1 Website Analyzer 4.lnk
2012-08-11 13:17 - 2012-08-31 16:33 - 00000000 ____D C:\Program Files\Microsys
2012-08-09 12:55 - 1997-06-06 13:52 - 00011264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL

==================== 3 Months Modified Files ================================
2012-09-08 11:57 - 2012-09-07 21:49 - 00131072 ____A C:\Windows\System32\Ikeext.etl
2012-09-08 11:57 - 2009-07-13 21:08 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-08 11:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-08 11:57 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-08 11:57 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-08 11:56 - 2012-08-20 02:38 - 00003874 ____A C:\Windows\setupact.log
2012-09-08 11:56 - 2009-12-21 00:30 - 01827493 ____A C:\Windows\WindowsUpdate.log
2012-09-07 21:57 - 2009-07-13 21:13 - 00782480 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-07 21:52 - 2012-09-07 21:52 - 00092928 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-07 21:52 - 2012-09-07 21:52 - 00092928 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-09-07 21:49 - 2009-07-13 20:45 - 00377688 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-07 21:48 - 2012-09-07 20:56 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-09-07 21:46 - 2010-06-06 13:21 - 00782480 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-07 21:04 - 2012-09-07 21:04 - 00003304 ____N C:\bootsqm.dat
2012-09-07 20:55 - 2012-09-07 20:55 - 00002251 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2012-09-07 20:54 - 2012-09-07 20:55 - 05313275 ____A C:\Users\IdHusseys\Desktop\tweaking.com_windows_repair_aio_setup.exe
2012-09-03 23:10 - 2012-09-03 23:10 - 00021485 ____A C:\ComboFix.txt
2012-09-03 22:50 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-03 22:04 - 2012-08-27 20:46 - 00000940 ____A C:\Windows\PFRO.log
2012-09-03 17:44 - 2012-08-25 02:19 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000UA.job
2012-09-03 12:09 - 2012-09-03 12:09 - 02193345 ____A C:\Users\IdHusseys\Downloads\tdsskiller.zip
2012-09-01 19:48 - 2012-09-01 17:49 - 00607260 ____A (Swearware) C:\Users\IdHusseys\Desktop\dds.com
2012-09-01 04:26 - 2012-09-01 04:26 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-01 02:34 - 2012-08-25 02:19 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3455346300-1148100813-3106168065-1000Core.job
2012-08-31 23:27 - 2012-08-31 23:27 - 00001975 ____A C:\Users\Public\Desktop\VIPRE.lnk
2012-08-31 22:47 - 2012-08-31 22:47 - 00184231 ____A C:\Users\IdHusseys\Downloads\12-7-11_fakereanfix.zip
2012-08-31 16:19 - 2012-08-31 16:19 - 00000093 ____A C:\Users\IdHusseys\AppData\Roaming\netstat.bat
2012-08-31 13:57 - 2012-08-31 13:57 - 00058080 ____A C:\Users\IdHusseys\Desktop\Affmagic_08_29_2012.zip
2012-08-30 22:49 - 2012-08-30 20:12 - 00001066 ____A C:\Users\IdHusseys\Desktop\Duct Tape SEO V2 2012 CopyCat SEO.txt
2012-08-30 22:38 - 2012-08-30 22:39 - 00080549 ____A C:\Users\IdHusseys\Desktop\lv.htm
2012-08-29 15:41 - 2012-08-29 15:41 - 00047496 ____A (GFI Software) C:\Windows\SysWOW64\sbbd.exe
2012-08-29 15:41 - 2010-04-17 08:15 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2012-08-29 14:28 - 2012-08-29 14:28 - 00282691 ___AH C:\Users\IdHusseys\Downloads\www.curadebt.com (DTOX, 2012-08-29) - LinkResearchTools - OVERVIEW Percentages.htm
2012-08-27 19:34 - 2012-08-26 17:25 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-27 19:34 - 2011-10-21 16:50 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-08-27 14:52 - 2012-08-27 14:52 - 00000915 ____A C:\Users\IdHusseys\Desktop\Xenu.lnk
2012-08-27 14:36 - 2012-08-27 14:35 - 00000308 ____A C:\Users\IdHusseys\Desktop\TO DO ON YOUR SITES.txt
2012-08-26 11:26 - 2012-08-26 11:26 - 00086816 ____A (GFI Software) C:\Windows\System32\Drivers\sbwtis.sys
2012-08-25 18:31 - 2010-07-15 11:12 - 00579257 ____A C:\Users\IdHusseys\.ranktracker.properties
2012-08-25 02:51 - 2011-07-06 11:37 - 00001192 ____A C:\Users\Public\Desktop\My LastPass Vault.lnk
2012-08-25 02:22 - 2012-08-25 02:21 - 14690376 ____A (LastPass) C:\Users\IdHusseys\Downloads\lastpass_x64 (1).exe
2012-08-25 02:20 - 2012-08-25 02:20 - 00002392 ____A C:\Users\IdHusseys\Desktop\Google Chrome.lnk
2012-08-24 14:38 - 2010-07-24 14:55 - 04159475 ____A C:\Users\IdHusseys\.websiteauditor.properties
2012-08-24 01:02 - 2012-06-17 17:22 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-08-24 01:02 - 2010-04-15 20:03 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-08-23 21:34 - 2012-08-23 21:34 - 14790243 ____A (Jayson Yanuaria ) C:\Program Files (x86)\SERPAttacks_Video.exe
2012-08-23 21:31 - 2010-04-10 12:39 - 00092928 ___AH C:\Users\IdHusseys\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-23 19:39 - 2012-08-23 19:36 - 20348849 ____A C:\Program Files (x86)\Sun_ODF_Template_Pack2_en-US.oxt
2012-08-23 19:38 - 2012-08-23 19:32 - 135933721 ____A C:\Program Files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
2012-08-23 15:24 - 2011-04-19 14:42 - 00165516 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-08-23 13:23 - 2012-08-14 14:24 - 15428440 ____A (Adobe Systems Inc.) C:\Program Files (x86)\AdobeAIRInstaller.exe
2012-08-22 16:56 - 2012-08-22 16:56 - 00001948 ____A C:\Users\Public\Desktop\A1 Keyword Research 4.lnk
2012-08-22 01:05 - 2012-08-22 01:05 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-22 01:05 - 2012-08-22 01:05 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-22 00:10 - 2012-08-22 00:09 - 00000929 ____A C:\Users\IdHusseys\Desktop\LYNX.lnk
2012-08-20 02:38 - 2012-08-20 02:38 - 00000000 ____A C:\Windows\setuperr.log
2012-08-20 02:37 - 2012-03-07 02:20 - 00000498 ____A C:\Windows\SysWOW64\CountScans.XML
2012-08-20 02:31 - 2011-01-17 23:49 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-16 14:46 - 2010-07-15 23:27 - 00532409 ____A C:\Users\IdHusseys\.linkassistant.properties
2012-08-16 11:07 - 2010-04-11 14:46 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-12 14:58 - 2010-10-12 08:19 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForIdHusseys.job
2012-08-11 13:18 - 2012-08-11 13:18 - 00001957 ____A C:\Users\Public\Desktop\A1 Website Analyzer 4.lnk
2012-08-02 15:31 - 2010-07-25 23:05 - 00638358 ____A C:\Users\IdHusseys\.spyglass.properties
2012-08-01 18:33 - 2012-08-01 18:33 - 00005477 ___AH C:\Users\IdHusseys\.recently-used.xbel
2012-08-01 12:36 - 2012-08-01 12:36 - 00082872 ____A (GFI Software) C:\Windows\System32\Drivers\sbapifs.sys
2012-07-18 10:15 - 2012-08-15 10:28 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-09 18:15 - 2012-07-09 17:34 - 00000131 ____A C:\Users\IdHusseys\Desktop\Job Search Passwords.txt
2012-07-04 14:16 - 2012-08-15 10:28 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 10:28 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 10:28 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 10:28 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 10:28 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-08-16 11:13 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-16 11:13 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-16 11:13 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-16 11:13 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-16 11:13 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-16 11:13 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-16 11:13 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-16 11:13 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-16 11:13 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-16 11:13 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-16 11:13 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-16 11:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-16 11:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-16 11:13 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-16 11:13 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-16 11:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-16 11:13 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-16 11:13 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-16 11:13 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-16 11:13 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-16 11:13 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-16 11:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-16 11:13 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-16 11:13 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-16 11:13 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-16 11:13 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-16 11:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-16 11:13 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-26 11:53 - 2012-06-26 11:53 - 04518720 ____A (FileZilla Project) C:\Users\IdHusseys\Downloads\FileZilla_3.5.3_win32-setup.exe
2012-06-26 11:53 - 2012-06-26 11:53 - 00001964 ____A C:\Users\Public\Desktop\FileZilla Client.lnk
2012-06-22 21:16 - 2012-06-22 15:44 - 00011183 ____A C:\Users\IdHusseys\Desktop\Penguin Part 3 Post.txt
2012-06-20 22:49 - 2012-06-20 22:49 - 00003638 ____A C:\Users\IdHusseys\Desktop\object-cache.php
2012-06-20 22:48 - 2012-06-20 22:48 - 00001316 ____A C:\Users\IdHusseys\Desktop\db.php
2012-06-20 19:27 - 2012-06-20 16:51 - 00001023 ____A C:\Users\IdHusseys\Desktop\Flipping My Sites Evaluation.txt
2012-06-16 01:41 - 2012-06-16 01:41 - 00000088 ___AH C:\Users\IdHusseys\.95d691779473f3e03bc4b4e56319d74c.key
2012-06-16 01:32 - 2012-06-16 01:32 - 02271405 ___AH C:\Users\IdHusseys\Downloads\LongTailProTrial (1).zip
2012-06-16 01:28 - 2012-06-16 01:28 - 02271405 ___AH C:\Users\IdHusseys\Downloads\LongTailProTrial.zip
2012-06-15 22:45 - 2012-06-15 19:05 - 00012666 ____A C:\Users\IdHusseys\Desktop\Pand Recovery Part 2 Income Diversification.txt
2012-06-13 14:29 - 2012-06-13 14:29 - 00290432 ___AH C:\Users\IdHusseys\Downloads\cj_tactics-getresponse-3-16-12.csv

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-08-29 20:32:41
Restore point made on: 2012-08-30 11:31:10
Restore point made on: 2012-08-31 15:36:56
Restore point made on: 2012-08-31 17:32:35
Restore point made on: 2012-08-31 17:34:57
Restore point made on: 2012-08-31 17:44:11
Restore point made on: 2012-08-31 17:45:13
Restore point made on: 2012-08-31 17:46:07
Restore point made on: 2012-08-31 17:46:48
Restore point made on: 2012-08-31 17:51:44
Restore point made on: 2012-09-07 21:30:17
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 2812.2 MB
Available physical RAM: 2243.97 MB
Total Pagefile: 2810.35 MB
Available Pagefile: 2239.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions ============================
1 Drive c: () (Fixed) (Total:219.07 GB) (Free:154.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.52 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.36 GB) FAT32
6 Drive I: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 7633 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 219 GB 200 MB
Partition 3 Primary 13 GB 219 GB
Partition 4 Primary 103 MB 232 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM NTFS Partition 199 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 219 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E RECOVERY NTFS Partition 13 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F HP_TOOLS FAT32 Partition 103 MB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 H FAT32 Removable 7633 MB Healthy
==================================================================================
Last Boot: 2012-08-27 07:39
==================== End Of Log =============================

CanHazTrojanz?, Sep 8, 2012

#74
Broni Malware Annihilator Posts: 39,288 +175
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart normally and see if you have your connection back.
Attached Files:
- fixlist.txt
  
  File size:
  
  27 bytes
  
  Views:
  
  1
Broni, Sep 8, 2012

#75
CanHazTrojanz? TechSpot Enthusiast Posts: 106

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2012
Ran by SYSTEM at 2012-09-08 15:12:35 Run:2
Running from H:\
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====

CanHazTrojanz?, Sep 8, 2012

#76
CanHazTrojanz? TechSpot Enthusiast Posts: 106

It appears I have internet, but another error popped up, from "Windows Installer" (though I didn't have the DVD or thumb drive hooked up on restart):

Windows Installer

The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package 'SBVIPRE_EN.msi' in the box below.

Then there is a text box labeled: Use source:

C:\ProgramData\Downloaded Installations\{FA0F7527-B8F1-4541-A077-22F7B7829518}\{47E8BF80-5770-4211-8640-89A8B167B4D3}\

There are buttons to click OK, Cancel or Browse.

CanHazTrojanz?, Sep 8, 2012

#77
Broni Malware Annihilator Posts: 39,288 +175

Good news about internet connection

That message seem to be coming from your Vipre AV program.

We restored your computer to few days ago so something probably got messed up..

Try to reinstall Vipre.

Also since we went back we need to re-run some scans.

Start with creating new restore point (after reinstalling Vipre).

Next, update MBAM, run it and give me fresh log.

Broni, Sep 8, 2012

#78
CanHazTrojanz? TechSpot Enthusiast Posts: 106

When I try to click on the Vipre AV icon on my desktop, I'm warned that the service isn't running and to contact technical support. I'd like to (obviously) update my AV, should I contact them to do so or is there something else to do?

CanHazTrojanz?, Sep 8, 2012

#79
CanHazTrojanz? TechSpot Enthusiast Posts: 106

OK, we're posting at the same time:

A) Should I install Vipre on the thumb drive from another PC or just go online as-is from the infected PC to download a new copy?

I'll uninstall it, along with Malwarebytes (because I got an error when I first restarted: there was a missing DLL for MWB).

Edit: I can't uninstall Vipre, I get the same error message from Windows Installer.

New question: How do I install it fresh? Just download and run the EXE? Do I download from this unprotected PC or from another PC and then transfer the executable to the problem PC?

B) Then after I have Vipre and Malwarebytes installed fresh, you said to Start w/creating new restore point (after reinstalling Vipre)...but I'm not sure how to do that.

CanHazTrojanz?, Sep 8, 2012

#80

Page 4 of 8

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.