also @ TechSpot: California man finds limits of Verizon FiOS unlimited data broadband service: 77TB

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Sirefef.FB.Gen/ScrInject.B.Gen plaguing recently obtained computer

Discussion in 'Virus and Malware Removal' started by rmacleod18, Dec 9, 2012.

Post New Reply

Page 2 of 3

rmacleod18 Newcomer, in training Posts: 31

Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Premium
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"AC3Filter" = AC3Filter (remove only)
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast5" = avast! Free Antivirus
"BlackBerry_HandheldManager" = BlackBerry Device Manager 7.0
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Cloud System Booster" = Cloud System Booster
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MKV Player_is1" = MKV Player 2.0.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 17.0.1 (x86 en-GB)" = Mozilla Firefox 17.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PrivitizeVPN" = PrivitizeVPN
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2620621459-99893481-3347105746-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/04/2012 7:34:11 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 02/04/2012 5:20:13 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application setup.exe_D-Link Quick Router Setup, version
5.0.13.1501, time stamp 0x49364fc2, faulting module ntdll.dll, version 6.0.6002.18541,
time stamp 0x4ec3e3d5, exception code 0xc0000374, fault offset 0x000b06b7, process
id 0x12d0, application start time 0x01cd11161a3b19f0.

Error - 21/05/2012 6:55:50 PM | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 11.0.6002.18311 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1b2c Start Time: 01cd37a496479410 Termination Time: 1433

Error - 23/05/2012 7:18:01 PM | Computer Name = User-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 03/06/2012 8:34:48 PM | Computer Name = User-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 05/06/2012 7:54:17 PM | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = The program PhotoSnapViewer.exe version 1.2.0.25 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1698 Start Time: 01cd437672b26bf0 Termination Time: 7032

Error - 25/06/2012 9:50:47 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 27/06/2012 4:43:36 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module mshtml.dll, version 9.0.8112.16446, time stamp 0x4fb58407,
exception code 0xc00000fd, fault offset 0x00428f73, process id 0x2a40, application
start time 0x01cd54a559abf0f0.

Error - 02/07/2012 1:18:43 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module mshtml.dll, version 9.0.8112.16446, time stamp 0x4fb58407,
exception code 0xc0000005, fault offset 0x001d9a56, process id 0x11e8, application
start time 0x01cd58765e620600.

Error - 02/07/2012 2:54:26 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module mshtml.dll, version 9.0.8112.16446, time stamp 0x4fb58407,
exception code 0xc0000005, fault offset 0x001d9a56, process id 0x1c94, application
start time 0x01cd5883c03e2270.

[ OSession Events ]
Error - 08/12/2009 8:20:05 PM | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11047
seconds with 1260 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/12/2012 12:11:07 PM | Computer Name = User-PC | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%825

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%826 Loading signature version: 1.0.0.0 Loading engine version: 1.1.3007.0

Error - 11/12/2012 12:12:02 PM | Computer Name = User-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 11/12/2012 8:48:15 PM | Computer Name = User-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer WebEx Document Loader with
shared resource name WebEx Document Loader. Error 2114. The printer cannot be used
by others on the network.

Error - 11/12/2012 8:48:15 PM | Computer Name = User-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Send To OneNote 2007 with
shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used
by others on the network.

Error - 11/12/2012 8:48:15 PM | Computer Name = User-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Lexmark 5600-6600 Series
with shared resource name Lexmark 5600-6600 Series. Error 2114. The printer cannot
be used by others on the network.

Error - 11/12/2012 8:48:15 PM | Computer Name = User-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Canon Inkjet MP760 Series
with shared resource name Canon Inkjet MP760 Series. Error 2114. The printer cannot
be used by others on the network.

Error - 11/12/2012 8:58:43 PM | Computer Name = User-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer WebEx Document Loader with
shared resource name WebEx Document Loader. Error 2114. The printer cannot be used
by others on the network.

Error - 11/12/2012 8:58:43 PM | Computer Name = User-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Send To OneNote 2007 with
shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used
by others on the network.

Error - 11/12/2012 8:58:43 PM | Computer Name = User-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Lexmark 5600-6600 Series
with shared resource name Lexmark 5600-6600 Series. Error 2114. The printer cannot
be used by others on the network.

Error - 11/12/2012 8:58:43 PM | Computer Name = User-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Canon Inkjet MP760 Series
with shared resource name Canon Inkjet MP760 Series. Error 2114. The printer cannot
be used by others on the network.

< End of report >

rmacleod18, Dec 11, 2012

#21
Broni Malware Annihilator Posts: 39,425 +177
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=================================

You're running two AV programs, Avast and Eset.
You must uninstall one of them.

=================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner(FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please, run F-Secure Online Scanner

Disable your Antivirus program.

Checkmark I have read and accepted the license terms.

Click on Run Check button.

Quick scan (recommended) option will come pre-checked. Don't change it.

Click on Start button.

When scan is done, in Step 3: Clean the files, leave all settings as they're.

Click Next button.

Click Full report... button.

Copy report's content and paste it into your next reply.
Broni, Dec 11, 2012

#22
rmacleod18 Newcomer, in training Posts: 31

I won't be able to do this til tomorrow...I work 7-7 u may have noticed.
I will give the OTL run a go when I wake up the rest will have to wait til I get home.
I would prefer to keep Eset as my AV but Avast won't uninstall for me although it has been unregistered and doing nothing for a long time from what I can tell.
And again I can't thank you enough for helping me out with this!!

rmacleod18, Dec 11, 2012

#23
Broni Malware Annihilator Posts: 39,425 +177

You're welcome

Use Avast uninstaller: http://files.avast.com/files/eng/aswclear.exe

Broni, Dec 11, 2012

#24
rmacleod18 Newcomer, in training Posts: 31

Here is the OTL log
I will try to get the rest done after work

All processes killed
========== OTL ==========
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
File c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 1280076 bytes
->Temporary Internet Files folder emptied: 11475171 bytes
->Java cache emptied: 101798091 bytes
->FireFox cache emptied: 203546686 bytes
->Flash cache emptied: 3057 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29582296 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 332.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: User
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12122012_061028

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\WebEx\Log\1212\atashost.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

rmacleod18, Dec 12, 2012

#25

rmacleod18 Newcomer, in training Posts: 31

The security check scan isn't popping up the log when it finishes...it just disappears.
I also noticed that my notepad seems to have vanished...I can see it in the start menu but it has the icon that means it doesn't exist.

rmacleod18, Dec 12, 2012

#26

rmacleod18 Newcomer, in training Posts: 31

Everything has been opening in wordpad...

Here is the FSS log

Farbar Service Scanner Version: 10-12-2012
Ran by User (administrator) on 12-12-2012 at 20:29:00
Running from "C:\Users\User\Desktop"
Windows Vista (TM) Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-12-11 06:58] - [2012-06-01 19:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

rmacleod18, Dec 12, 2012

#27
rmacleod18 Newcomer, in training Posts: 31

I'm also stuck on the f-secure...it says I need an add-on to run it but it doesn't say how to obtain said browser add-on.

rmacleod18, Dec 12, 2012

#28
Broni Malware Annihilator Posts: 39,425 +177
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator

Copy the content of the following box and paste it into the main textfield:

Code:

:filefind notepad.exe

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
Broni, Dec 12, 2012

#29
rmacleod18 Newcomer, in training Posts: 31

S_y_s_t_e_m_L_o_o_k_ _3_0_._0_7_._1_1_ _b_y_ _j_p_s_h_o_r_t_s_t_u_f_f_
_
_L_o_g_ _c_r_e_a_t_e_d_ _a_t_ _1_2_:_3_0_ _o_n_ _1_3_/_1_2_/_2_0_1_2_ _b_y_ _U_s_e_r_
_
_A_d_m_i_n_i_s_t_r_a_t_o_r_ _-_ _E_l_e_v_a_t_i_o_n_ _s_u_c_c_e_s_s_f_u_l_
_
_
_
_=_=_=_=_=_=_=_=_=_=_ _f_i_l_e_f_i_n_d_ _=_=_=_=_=_=_=_=_=_=_
_
_
_
_S_e_a_r_c_h_i_n_g_ _f_o_r_ _"_n_o_t_e_p_a_d_._e_x_e_"_
_
_C_:_\_W_i_n_d_o_w_s_\_w_i_n_s_x_s_\_x_8_6___m_i_c_r_o_s_o_f_t_-_w_i_n_d_o_w_s_-_n_o_t_e_p_a_d_w_i_n___3_1_b_f_3_8_5_6_a_d_3_6_4_e_3_5___6_._0_._6_0_0_0_._1_6_3_8_6___n_o_n_e___4_0_9_3_0_a_e_2_f_e_2_1_f_c_f_5_\_n_o_t_e_p_a_d_._e_x_e_ _-_-_a_-_-_-_-_ _1_5_1_0_4_0_ _b_y_t_e_s__[_1_2_:_3_3_ _0_2_/_1_1_/_2_0_0_6_]_ _[_1_2_:_3_3_ _0_2_/_1_1_/_2_0_0_6_]_ _F_F_7_F_1_4_F_D_A_9_0_1_0_9_0_E_3_3_7_4_8_8_A_1_9_0_0_E_3_6_6_0_
_
_C_:_\_W_i_n_d_o_w_s_\_w_i_n_s_x_s_\_x_8_6___m_i_c_r_o_s_o_f_t_-_w_i_n_d_o_w_s_-_n_o_t_e_p_a_d_w_i_n___3_1_b_f_3_8_5_6_a_d_3_6_4_e_3_5___6_._0_._6_0_0_1_._1_8_0_0_0___n_o_n_e___4_2_c_9_c_c_d_e_f_b_0_d_0_d_c_9_\_n_o_t_e_p_a_d_._e_x_e_ _-_-_-_-_-_-_-_ _1_5_1_0_4_0_ _b_y_t_e_s__[_2_1_:_0_3_ _2_0_/_0_9_/_2_0_0_9_]_ _[_0_3_:_3_3_ _1_9_/_0_1_/_2_0_0_8_]_ _D_A_F_6_0_E_1_3_E_9_6_E_C_B_6_7_F_0_E_D_A_A_8_9_C_6_B_0_1_B_8_D_
_
_C_:_\_W_i_n_d_o_w_s_\_w_i_n_s_x_s_\_x_8_6___m_i_c_r_o_s_o_f_t_-_w_i_n_d_o_w_s_-_n_o_t_e_p_a_d___3_1_b_f_3_8_5_6_a_d_3_6_4_e_3_5___6_._0_._6_0_0_0_._1_6_3_8_6___n_o_n_e___6_c_e_3_c_b_7_f_7_3_1_4_a_a_9_f_\_n_o_t_e_p_a_d_._e_x_e_ _-_-_a_-_-_-_-_ _1_5_1_0_4_0_ _b_y_t_e_s__[_0_8_:_4_7_ _0_2_/_1_1_/_2_0_0_6_]_ _[_0_9_:_4_5_ _0_2_/_1_1_/_2_0_0_6_]_ _F_F_7_F_1_4_F_D_A_9_0_1_0_9_0_E_3_3_7_4_8_8_A_1_9_0_0_E_3_6_6_0_
_
_C_:_\_W_i_n_d_o_w_s_\_w_i_n_s_x_s_\_x_8_6___m_i_c_r_o_s_o_f_t_-_w_i_n_d_o_w_s_-_n_o_t_e_p_a_d___3_1_b_f_3_8_5_6_a_d_3_6_4_e_3_5___6_._0_._6_0_0_1_._1_8_0_0_0___n_o_n_e___6_f_1_a_8_d_7_b_6_f_f_f_b_b_7_3_\_n_o_t_e_p_a_d_._e_x_e_ _-_-_-_-_-_-_-_ _1_5_1_0_4_0_ _b_y_t_e_s__[_2_1_:_0_3_ _2_0_/_0_9_/_2_0_0_9_]_ _[_0_3_:_3_3_ _1_9_/_0_1_/_2_0_0_8_]_ _9_5_6_C_C_9_5_4_3_3_E_9_D_3_9_8_1_9_6_3_6_6_3_3_6_2_9_2_9_C_6_F_
_
_
_
_-_=_ _E_O_F_ _=_-_

rmacleod18, Dec 13, 2012

#30
Broni Malware Annihilator Posts: 39,425 +177

Something happened to formatting. I can barely read it.
Please repost or even attach search result log.

Broni, Dec 13, 2012

#31
rmacleod18 Newcomer, in training Posts: 31

Something is ****ed up...the only way that I was able to post it was to copy/paste to word then copy/paste to here...if I try to do it directly from wordpad it just makes an "S"...it's kinda weird.

rmacleod18, Dec 13, 2012

#32
rmacleod18 Newcomer, in training Posts: 31

It also doesn't help that my ISP is garbage... my connection cuts out literally every 30 secs then takes a minute or 2 to re-connect. I need to reem out Bell on this but I just don't have the time to sit on hold for an hour.

rmacleod18, Dec 13, 2012

#33
Broni Malware Annihilator Posts: 39,425 +177

Copy/paste to Notepad instead of Word.

Broni, Dec 13, 2012

#34
rmacleod18 Newcomer, in training Posts: 31

Notepad doesn't exist... when I try to open it a window pops up saying windows cannot find 'C:\Windows\System32\notepad.exe'. make sure its typed correctly...blah blah blah...I'm clicking a link that did open notepad just a few days ago when we started this process.

rmacleod18, Dec 13, 2012

#35
Broni Malware Annihilator Posts: 39,425 +177

Oooops sorry.
It's indeed missing. That was the reason we ran System Look...LOL
We have good copies though...

Copy Notepad file from here:
C:\Windows\winsxs\x86microsoft-windows-notepadwin_31bf3856ad364e35_6.0.6001.18000_none_42c9ccdefb0d0dc9\notepad.exe
and paste it to C:\Windows\System32 folder

Broni, Dec 13, 2012

#36
rmacleod18 Newcomer, in training Posts: 31

There we go that is much better

SystemLook 30.07.11 by jpshortstuff
Log created at 12:30 on 13/12/2012 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "notepad.exe"
C:\Windows\winsxs\x86_microsoft-windows-notepadwin_31bf3856ad364e35_6.0.6000.16386_none_40930ae2fe21fcf5\notepad.exe --a---- 151040 bytes [12:33 02/11/2006] [12:33 02/11/2006] FF7F14FDA901090E337488A1900E3660
C:\Windows\winsxs\x86_microsoft-windows-notepadwin_31bf3856ad364e35_6.0.6001.18000_none_42c9ccdefb0d0dc9\notepad.exe ------- 151040 bytes [21:03 20/09/2009] [03:33 19/01/2008] DAF60E13E96ECB67F0EDAA89C6B01B8D
C:\Windows\winsxs\x86_microsoft-windows-notepad_31bf3856ad364e35_6.0.6000.16386_none_6ce3cb7f7314aa9f\notepad.exe --a---- 151040 bytes [08:47 02/11/2006] [09:45 02/11/2006] FF7F14FDA901090E337488A1900E3660
C:\Windows\winsxs\x86_microsoft-windows-notepad_31bf3856ad364e35_6.0.6001.18000_none_6f1a8d7b6fffbb73\notepad.exe ------- 151040 bytes [21:03 20/09/2009] [03:33 19/01/2008] 956CC95433E9D3981963663362929C6F

-= EOF =-

rmacleod18, Dec 13, 2012

#37
rmacleod18 Newcomer, in training Posts: 31

And here is he security check scan...Just the F-secure scanner to go

Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 30
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

rmacleod18, Dec 13, 2012

#38
rmacleod18 Newcomer, in training Posts: 31

And sorry about the delay there I broke down and called Bell about my connectivity issues.

rmacleod18, Dec 13, 2012

#39
Broni Malware Annihilator Posts: 39,425 +177

Not a problem

Broni, Dec 13, 2012

#40

Page 2 of 3

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.