Inactive Virus/ Malware - maybe more

Status
Not open for further replies.
Happens on Firefox and Google. I also removed my damaged hard drive to rule that out. I also already reset IE. There was no Eset log.
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================================

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif



Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif



Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif


Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
Do I need the java plugin ssv helper and java plugin ssv 2 helper in my add ons? Which Windows repair do I download?
 
It froze and crashed during the windows repairs. Should I restart it or go back to the restore point first?
 
Restart and start from the step where the computer froze.

I'm afraid you may have some hardware issues.
 
Running Repair Under System Account
Starting Repairs...
Start (6/18/2013 4:48:36 PM)
Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (6/18/2013 4:48:36 PM)
Running Repair Under Current User Account
Done (6/18/2013 4:48:40 PM)
Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (6/18/2013 4:48:40 PM)
Running Repair Under System Account
Done (6/18/2013 4:50:22 PM)
Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (6/18/2013 4:50:22 PM)
Running Repair Under System Account
Done (6/18/2013 4:50:53 PM)
Reset File Permissions 01/02
B:\msdownld.tmp & Sub Folders
Start (6/18/2013 4:50:53 PM)
Running Repair Under System Account
Done (6/18/2013 4:50:56 PM)
Reset File Permissions 02/02
B:\Remote Programs & Sub Folders
Start (6/18/2013 4:50:56 PM)
Running Repair Under System Account
Done (6/18/2013 4:50:58 PM)
Reset File Permissions 01/24
C:\AsusVibeData & Sub Folders
Start (6/18/2013 4:50:58 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:01 PM)
Reset File Permissions 02/24
C:\Boot & Sub Folders
Start (6/18/2013 4:51:01 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:03 PM)
Reset File Permissions 03/24
C:\Config.Msi & Sub Folders
Start (6/18/2013 4:51:03 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:06 PM)
Reset File Permissions 04/24
C:\downloads & Sub Folders
Start (6/18/2013 4:51:06 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:08 PM)
Reset File Permissions 05/24
C:\eSupport & Sub Folders
Start (6/18/2013 4:51:08 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:23 PM)
Reset File Permissions 06/24
C:\ExpressGateUtil & Sub Folders
Start (6/18/2013 4:51:23 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:25 PM)
Reset File Permissions 07/24
C:\found.000 & Sub Folders
Start (6/18/2013 4:51:25 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:28 PM)
Reset File Permissions 08/24
C:\Intel & Sub Folders
Start (6/18/2013 4:51:28 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:30 PM)
Reset File Permissions 09/24
C:\JRT & Sub Folders
Start (6/18/2013 4:51:30 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:33 PM)
Reset File Permissions 10/24
C:\MSOCache & Sub Folders
Start (6/18/2013 4:51:33 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:35 PM)
Reset File Permissions 11/24
C:\NVIDIA & Sub Folders
Start (6/18/2013 4:51:35 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:40 PM)
Reset File Permissions 12/24
C:\NvidiaLogs & Sub Folders
Start (6/18/2013 4:51:40 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:42 PM)
Reset File Permissions 13/24
C:\PerfLogs & Sub Folders
Start (6/18/2013 4:51:42 PM)
Running Repair Under System Account
Done (6/18/2013 4:51:45 PM)
Reset File Permissions 14/24
C:\Program Files & Sub Folders
Start (6/18/2013 4:51:45 PM)
Running Repair Under System Account
Done (6/18/2013 4:52:00 PM)
Reset File Permissions 15/24
C:\Program Files (x86) & Sub Folders
Start (6/18/2013 4:52:00 PM)
Running Repair Under System Account
Done (6/18/2013 4:52:31 PM)
Reset File Permissions 16/24
C:\ProgramData & Sub Folders
Start (6/18/2013 4:52:31 PM)
Running Repair Under System Account
Done (6/18/2013 4:52:42 PM)
Reset File Permissions 17/24
C:\Qoobox & Sub Folders
Start (6/18/2013 4:52:42 PM)
Running Repair Under System Account
Done (6/18/2013 4:52:44 PM)
Reset File Permissions 18/24
C:\Recovery & Sub Folders
Start (6/18/2013 4:52:44 PM)
Running Repair Under System Account
Done (6/18/2013 4:52:47 PM)
Reset File Permissions 19/24
C:\RegBackup & Sub Folders
Start (6/18/2013 4:52:47 PM)
Running Repair Under System Account
Done (6/18/2013 4:52:49 PM)
Reset File Permissions 20/24
C:\Remote Programs & Sub Folders
Start (6/18/2013 4:52:49 PM)
Running Repair Under System Account
Done (6/18/2013 4:52:52 PM)
Reset File Permissions 21/24
C:\Temp & Sub Folders
Start (6/18/2013 4:52:52 PM)
Running Repair Under System Account
Done (6/18/2013 4:52:54 PM)
Reset File Permissions 22/24
C:\WIMAPPLY & Sub Folders
Start (6/18/2013 4:52:54 PM)
Running Repair Under System Account
Done (6/18/2013 4:53:03 PM)
Reset File Permissions 23/24
C:\Windows & Sub Folders
Start (6/18/2013 4:53:03 PM)
Running Repair Under System Account
Done (6/18/2013 4:55:00 PM)
Reset File Permissions 24/24
C:\_OTL & Sub Folders
Start (6/18/2013 4:55:00 PM)
Running Repair Under System Account
Done (6/18/2013 4:55:02 PM)
Reset File Permissions 01/06
E:\Documents & Sub Folders
Start (6/18/2013 4:55:02 PM)
Running Repair Under System Account
Done (6/18/2013 4:55:07 PM)
Reset File Permissions 02/06
E:\Music & Sub Folders
Start (6/18/2013 4:55:07 PM)
Running Repair Under System Account
Done (6/18/2013 4:55:09 PM)
Reset File Permissions 03/06
E:\Pictures & Sub Folders
Start (6/18/2013 4:55:09 PM)
Running Repair Under System Account
Done (6/18/2013 4:55:42 PM)
Reset File Permissions 04/06
E:\Remote Programs & Sub Folders
Start (6/18/2013 4:55:43 PM)
Running Repair Under System Account
Done (6/18/2013 4:55:45 PM)
Reset File Permissions 05/06
E:\Songbird & Sub Folders
Start (6/18/2013 4:55:45 PM)
Running Repair Under System Account
Done (6/18/2013 4:55:47 PM)
Reset File Permissions 06/06
E:\Videos & Sub Folders
Start (6/18/2013 4:55:47 PM)
Running Repair Under System Account
Done (6/18/2013 4:55:52 PM)
Reset File Permissions: Cleanup
& Sub Folders
Start (6/18/2013 4:55:52 PM)
Running Repair Under System Account
Done (6/18/2013 4:55:54 PM)
Register System Files
Start (6/18/2013 4:55:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/18/2013 4:56:13 PM)
Repair WMI
Start (6/18/2013 4:56:13 PM)
Running Repair Under Current User Account
Invalid Global Switch.
Invalid Global Switch.
Running Repair Under System Account
Starting Repairs...
Start (6/19/2013 12:47:44 AM)
Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (6/19/2013 12:47:44 AM)
Running Repair Under Current User Account
Done (6/19/2013 12:47:49 AM)
Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (6/19/2013 12:47:49 AM)
Running Repair Under System Account
Done (6/19/2013 12:49:49 AM)
Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (6/19/2013 12:49:49 AM)
Running Repair Under System Account
Starting Repairs...
Start (6/19/2013 12:55:00 AM)
Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (6/19/2013 12:55:00 AM)
Running Repair Under Current User Account
Done (6/19/2013 12:55:06 AM)
Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (6/19/2013 12:55:06 AM)
Running Repair Under System Account
Done (6/19/2013 12:56:54 AM)
Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (6/19/2013 12:56:54 AM)
Running Repair Under System Account
Done (6/19/2013 12:57:26 AM)
Reset File Permissions 01/02
B:\msdownld.tmp & Sub Folders
Start (6/19/2013 12:57:26 AM)
Running Repair Under System Account
Done (6/19/2013 12:57:28 AM)
Reset File Permissions 02/02
B:\Remote Programs & Sub Folders
Start (6/19/2013 12:57:28 AM)
Running Repair Under System Account
Done (6/19/2013 12:57:31 AM)
Reset File Permissions 01/24
C:\AsusVibeData & Sub Folders
Start (6/19/2013 12:57:31 AM)
Running Repair Under System Account
Done (6/19/2013 12:57:33 AM)
Reset File Permissions 02/24
C:\Boot & Sub Folders
Start (6/19/2013 12:57:33 AM)
Running Repair Under System Account
Done (6/19/2013 12:57:36 AM)
Reset File Permissions 03/24
C:\Config.Msi & Sub Folders
Start (6/19/2013 12:57:36 AM)
Running Repair Under System Account
Done (6/19/2013 12:57:38 AM)
Reset File Permissions 04/24
C:\downloads & Sub Folders
Start (6/19/2013 12:57:38 AM)
Running Repair Under System Account
Done (6/19/2013 12:57:41 AM)
Reset File Permissions 05/24
C:\eSupport & Sub Folders
Start (6/19/2013 12:57:41 AM)
Running Repair Under System Account
Done (6/19/2013 12:57:56 AM)
Reset File Permissions 06/24
C:\ExpressGateUtil & Sub Folders
Start (6/19/2013 12:57:56 AM)
Running Repair Under System Account
Done (6/19/2013 12:57:58 AM)
Reset File Permissions 07/24
C:\found.000 & Sub Folders
Start (6/19/2013 12:57:58 AM)
Running Repair Under System Account
Done (6/19/2013 12:58:01 AM)
Reset File Permissions 08/24
C:\Intel & Sub Folders
Start (6/19/2013 12:58:01 AM)
Running Repair Under System Account
Done (6/19/2013 12:58:03 AM)
Reset File Permissions 09/24
C:\JRT & Sub Folders
Start (6/19/2013 12:58:03 AM)
Running Repair Under System Account
Done (6/19/2013 12:58:06 AM)
Reset File Permissions 10/24
C:\MSOCache & Sub Folders
Start (6/19/2013 12:58:06 AM)
Running Repair Under System Account
Done (6/19/2013 12:58:08 AM)
Reset File Permissions 11/24
C:\NVIDIA & Sub Folders
Start (6/19/2013 12:58:08 AM)
Running Repair Under System Account
Done (6/19/2013 12:58:13 AM)
Reset File Permissions 12/24
C:\NvidiaLogs & Sub Folders
Start (6/19/2013 12:58:13 AM)
Running Repair Under System Account
Done (6/19/2013 12:58:15 AM)
Reset File Permissions 13/24
C:\PerfLogs & Sub Folders
Start (6/19/2013 12:58:15 AM)
Running Repair Under System Account
Done (6/19/2013 12:58:17 AM)
Reset File Permissions 14/24
C:\Program Files & Sub Folders
Start (6/19/2013 12:58:17 AM)
Running Repair Under System Account
Done (6/19/2013 12:58:35 AM)
Reset File Permissions 15/24
C:\Program Files (x86) & Sub Folders
Start (6/19/2013 12:58:35 AM)
Running Repair Under System Account
Done (6/19/2013 12:59:10 AM)
Reset File Permissions 16/24
C:\ProgramData & Sub Folders
Start (6/19/2013 12:59:10 AM)
Running Repair Under System Account
Done (6/19/2013 12:59:23 AM)
Reset File Permissions 17/24
C:\Qoobox & Sub Folders
Start (6/19/2013 12:59:23 AM)
Running Repair Under System Account
Done (6/19/2013 12:59:26 AM)
Reset File Permissions 18/24
C:\Recovery & Sub Folders
Start (6/19/2013 12:59:26 AM)
Running Repair Under System Account
Done (6/19/2013 12:59:28 AM)
Reset File Permissions 19/24
C:\RegBackup & Sub Folders
Start (6/19/2013 12:59:28 AM)
Running Repair Under System Account
Done (6/19/2013 12:59:31 AM)
Reset File Permissions 20/24
C:\Remote Programs & Sub Folders
Start (6/19/2013 12:59:31 AM)
Running Repair Under System Account
Done (6/19/2013 12:59:33 AM)
Reset File Permissions 21/24
C:\Temp & Sub Folders
Start (6/19/2013 12:59:33 AM)
Running Repair Under System Account
Done (6/19/2013 12:59:36 AM)
Reset File Permissions 22/24
C:\WIMAPPLY & Sub Folders
Start (6/19/2013 12:59:36 AM)
Running Repair Under System Account
Done (6/19/2013 12:59:44 AM)
Reset File Permissions 23/24
C:\Windows & Sub Folders
Start (6/19/2013 12:59:44 AM)
Running Repair Under System Account
Done (6/19/2013 1:02:04 AM)
Reset File Permissions 24/24
C:\_OTL & Sub Folders
Start (6/19/2013 1:02:04 AM)
Running Repair Under System Account
Done (6/19/2013 1:02:06 AM)
Reset File Permissions 01/06
E:\Documents & Sub Folders
Start (6/19/2013 1:02:06 AM)
Running Repair Under System Account
Done (6/19/2013 1:02:13 AM)
Reset File Permissions 02/06
E:\Music & Sub Folders
Start (6/19/2013 1:02:13 AM)
Running Repair Under System Account
Done (6/19/2013 1:02:15 AM)
Reset File Permissions 03/06
E:\Pictures & Sub Folders
Start (6/19/2013 1:02:15 AM)
Running Repair Under System Account
Done (6/19/2013 1:02:47 AM)
Reset File Permissions 04/06
E:\Remote Programs & Sub Folders
Start (6/19/2013 1:02:47 AM)
Running Repair Under System Account
Done (6/19/2013 1:02:49 AM)
Reset File Permissions 05/06
E:\Songbird & Sub Folders
Start (6/19/2013 1:02:49 AM)
Running Repair Under System Account
Done (6/19/2013 1:02:52 AM)
Reset File Permissions 06/06
E:\Videos & Sub Folders
Start (6/19/2013 1:02:52 AM)
Running Repair Under System Account
Done (6/19/2013 1:02:56 AM)
Reset File Permissions: Cleanup
& Sub Folders
Start (6/19/2013 1:02:56 AM)
Running Repair Under System Account
Done (6/19/2013 1:02:59 AM)
Register System Files
Start (6/19/2013 1:02:59 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:03:18 AM)
Repair WMI
Start (6/19/2013 1:03:18 AM)
Running Repair Under Current User Account
Invalid Global Switch.
Invalid Global Switch.
Running Repair Under System Account
Invalid Global Switch.
Invalid Global Switch.
Done (6/19/2013 1:04:45 AM)
Repair Windows Firewall
Start (6/19/2013 1:04:45 AM)
Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
Done (6/19/2013 1:05:19 AM)
Repair Internet Explorer
Start (6/19/2013 1:05:19 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:05:42 AM)
Repair MDAC/MS Jet
Start (6/19/2013 1:05:42 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:05:53 AM)
Repair Hosts File
Start (6/19/2013 1:05:53 AM)
Running Repair Under System Account
Done (6/19/2013 1:05:56 AM)
Remove Policies Set By Infections
Start (6/19/2013 1:05:56 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:06:00 AM)
Repair Icons
Start (6/19/2013 1:06:00 AM)
Running Repair Under System Account
Could Not Find C:\Users\Dow\AppData\Local\IconCache.db.bak
The system cannot find the file specified.
Could Not Find C:\Users\Dow\AppData\Local\IconCache.db
Could Not Find C:\Users\Dow\AppData\Local\IconCache.db.bak
Done (6/19/2013 1:06:03 AM)
Repair Winsock & DNS Cache
Start (6/19/2013 1:06:03 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:06:16 AM)
Repair Proxy Settings
Start (6/19/2013 1:06:16 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:06:20 AM)
Repair Windows Updates
Start (6/19/2013 1:06:21 AM)
Running Repair Under Current User Account
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.
More help is available by typing NET HELPMSG 3521.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Done (6/19/2013 1:06:36 AM)
Repair CD/DVD Missing/Not Working
Start (6/19/2013 1:06:36 AM)
Done (6/19/2013 1:06:36 AM)
Repair Volume Shadow Copy Service
Start (6/19/2013 1:06:36 AM)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Running Repair Under System Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Done (6/19/2013 1:06:40 AM)
Repair MSI (Windows Installer)
Start (6/19/2013 1:06:40 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:06:49 AM)
Repair bat Association
Start (6/19/2013 1:06:49 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:06:54 AM)
Repair cmd Association
Start (6/19/2013 1:06:54 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:06:59 AM)
Repair com Association
Start (6/19/2013 1:06:59 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:07:03 AM)
Repair Directory Association
Start (6/19/2013 1:07:03 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:07:08 AM)
Repair Drive Association
Start (6/19/2013 1:07:08 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:07:13 AM)
Repair exe Association
Start (6/19/2013 1:07:13 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:07:17 AM)
Repair Folder Association
Start (6/19/2013 1:07:17 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:07:22 AM)
Repair inf Association
Start (6/19/2013 1:07:22 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:07:27 AM)
Repair lnk (Shortcuts) Association
Start (6/19/2013 1:07:27 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:07:32 AM)
Repair msc Association
Start (6/19/2013 1:07:32 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:07:36 AM)
Repair reg Association
Start (6/19/2013 1:07:36 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:07:41 AM)
Repair scr Association
Start (6/19/2013 1:07:41 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:07:46 AM)
Repair Windows Safe Mode
Start (6/19/2013 1:07:46 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:07:50 AM)
Repair Print Spooler
Start (6/19/2013 1:07:50 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:08:03 AM)
Restore Important Windows Services
Start (6/19/2013 1:08:03 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:08:08 AM)
Set Windows Services To Default Startup
Start (6/19/2013 1:08:08 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/19/2013 1:08:13 AM)
Cleaning up empty logs...
All Selected Repairs Done.
Done (6/19/2013 1:08:13 AM)
Total Repair Time: 00:13:13

...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account
 
They were better but now about back to normal. It's back to crashing in all browsers and the computer crashing non-stop and now all of my emails and my wife emails have been spamming absolutely everyone I've ever emailed. My anti-virus also keeps popping up with warnings at least twice now. Also Norton antivirus was installed on my desktop and taking over my antivirus and popping up with ads. I deleted it but I'm not sure where it came from.
 
Possibly you got reinfected.

Re-run MBAM, RogueKiller and MBAR (in that order) and post new logs.
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.20.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Dow :: DOWNARD [administrator]
Protection: Enabled
6/22/2013 8:18:34 PM
mbam-log-2013-06-22 (20-18-34).txt
Scan type: Full scan (B:\|C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 478733
Time elapsed: 28 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dow [Admin rights]
Mode : Remove -- Date : 06/22/2013 21:11:03
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: M4-CT256M4SSD2 +++++
--- User ---
[MBR] 3edbe15a3d519daeaa708b4613d3a013
[BSP] cf7e89c1c96932d38a8ce69c78c9568c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 218596 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: M4-CT256M4SSD2 +++++
--- User ---
[MBR] f1a1093d91ed087c7f5e90528e683640
[BSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 204800 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 419432448 | Size: 510601 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_06222013_211103.txt >>
RKreport[0]_S_06222013_210631.txt

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dow [Admin rights]
Mode : Scan -- Date : 06/22/2013 21:06:31
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: M4-CT256M4SSD2 +++++
--- User ---
[MBR] 3edbe15a3d519daeaa708b4613d3a013
[BSP] cf7e89c1c96932d38a8ce69c78c9568c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 218596 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: M4-CT256M4SSD2 +++++
--- User ---
[MBR] f1a1093d91ed087c7f5e90528e683640
[BSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 204800 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 419432448 | Size: 510601 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_06222013_210631.txt >>
 
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.15.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Dow :: DOWNARD [administrator]
6/22/2013 10:15:58 PM
mbar-log-2013-06-22 (22-15-58).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 310907
Time elapsed: 6 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
I'm about to run those programs now. I'm on a different laptop right now because of the freezing. It's also doing the annoying google ad thing again when I search.

Would doing a clean install of windows without the bloatware get rid of any viruses or malware that reinfected the computer?
 
Still here. I did a clean install but I'm still having the issues. Someone else said that it looks like I have a root kit on both drives and that the clean install might not get rid of it.

So should I start over or at the last step?
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back