Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

critical error shutdown when online

Options
  • 07-08-2010 4:58pm
    #1
    Trevord
    Registered Users Posts: 942 ✭✭✭


    Hi,

    Accidentally clicked YES when Spybot spotted something suspicious on 4th of August and AntiMalware Doctor installed itself and possibly other nasties also.

    I think I have managed to get rid of that with Malware bytes and some manual registry edits.

    But I still have some problems. If I boot up and allow pc to establish wireless network connection a window pops up and says that

    “Windows has encountered a critical error and will restart in one minute. Please save your work"

    The machine then goes into a shutdown and reboot loop. (like'd you'd get with the SASSER worm although there in no mention of the NT Authority System in the popup )

    If I turn off the wireless router and then boot up normmally I do not get the shutdown message and the PC seems to function normally. I'm also OK in Safe mode but not in Safe mode with Networking (again the shutdown message appears)

    Ran Superantispyware and it found Rootkit Agent GEN TDSS and I used Superantispkyware to get rid of this also.

    So now Spybot, Superantispyware and MalwareBytes are all saying they cannot find anything suspicious following a full scan. However, the shutdown/restart problem remains.


    Here are my DDS files (note ran this with internet connection turned off). You help is appreciated.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Trevor at 16:16:14.74 on 07/08/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.3326.1841 [GMT 1:00]

    SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Windows\System32\WDBtnMgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Trevor\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Trevor\Documents\Downloads\dds.com
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://www.aldi.com/
    uStart Page = hxxp://myfav.es/
    mDefault_Page_URL = hxxp://www.aldi.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: : {b70a1a54-6dfb-4ad8-9a62-2c00a3cc5bb4} - c:\progra~1\freevpn\fads.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "c:\users\trevor\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [googletalk] c:\users\trevor\appdata\roaming\google\google talk\googletalk.exe /autostart
    uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
    mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
    mRun: [CLMLServer] "c:\program files\homecinema\power2go\CLMLSvc.exe"
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [WD Button Manager] WDBtnMgr.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\softwa~1.lnk - c:\program files\common files\cloanto\software director\softdir.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\trevor\appdata\roaming\mozilla\firefox\profiles\84fovh5j.default\
    FF - prefs.js: browser.startup.homepage - hxxp://thefreevpn.com/home.php
    FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\trevor\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\trevor\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\trevor\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ============= SERVICES / DRIVERS ===============

    R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-12-2 40560]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42368]
    R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
    R3 PAC207;PC [email]Camer@;c:\windows\system32\drivers\PFC027.SYS[/email] [2008-2-13 618112]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-1 1343400]
    S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
    S4 gupdate1ca0ca29d2ab584;Google Update Service (gupdate1ca0ca29d2ab584);c:\program files\google\update\GoogleUpdate.exe [2009-7-24 133104]
    S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-10 1153368]

    =============== Created Last 30 ================

    2010-08-07 13:01:01 0 d
    w- c:\users\trevor\appdata\roaming\SUPERAntiSpyware.com
    2010-08-07 13:01:01 0 d
    w- c:\programdata\SUPERAntiSpyware.com
    2010-08-07 13:00:52 0 d
    w- c:\program files\SUPERAntiSpyware
    2010-08-07 11:16:59 0 d
    w- c:\users\trevor\Tracing
    2010-08-05 20:43:40 0 d
    w- c:\users\trevor\appdata\roaming\GlarySoft
    2010-08-04 21:21:26 0 d
    w- c:\users\trevor\appdata\roaming\Malwarebytes
    2010-08-04 21:21:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-04 21:21:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-04 21:21:16 0 d
    w- c:\programdata\Malwarebytes
    2010-08-04 21:21:16 0 d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-04 20:58:48 1719 ----a-w- c:\windows\lsrslt.ini
    2010-08-04 19:45:21 782336 ----a-w- c:\windows\system32\drivers\vpgotkf.sys
    2010-08-04 07:22:01 0 d
    w- c:\users\trevor\appdata\roaming\PrimoPDF
    2010-08-04 07:19:56 176235 ----a-w- c:\windows\system32\Primomonnt.dll
    2010-08-04 07:19:55 0 d
    w- c:\program files\Nitro PDF
    2010-08-04 06:20:04 155978 ----a-w- c:\users\trevor\Worlde Java Printing.ps
    2010-08-04 06:20:04 0 ----a-w- c:\users\trevor\Worlde Java Printing.pdf
    2010-08-02 17:10:06 0 d
    w- c:\users\trevor\appdata\roaming\Tor
    2010-08-02 17:10:05 0 d
    w- c:\program files\Vidalia Bundle
    2010-08-02 08:15:45 0 d
    w- c:\program files\iPod
    2010-08-02 08:15:44 0 d
    w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-08-02 08:15:44 0 d
    w- c:\program files\iTunes
    2010-08-02 08:11:47 0 d
    w- c:\program files\Bonjour
    2010-08-01 09:27:24 0 d
    w- c:\windows\system32\Wat
    2010-07-11 21:56:20 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-07-11 21:56:20 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-07-11 21:56:20 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-07-11 21:56:20 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-07-11 21:56:20 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-07-11 11:24:03 1286456 ----a-w- c:\windows\system32\ntdll.dll
    2010-07-11 11:24:02 2326528 ----a-w- c:\windows\system32\win32k.sys
    2010-07-11 11:24:01 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2010-07-11 11:24:00 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-07-11 11:23:59 417792 ----a-w- c:\windows\system32\msdri.dll
    2010-07-11 11:23:59 204288 ----a-w- c:\windows\system32\MSNP.ax
    2010-07-11 11:23:59 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2010-07-11 11:23:54 977920 ----a-w- c:\windows\system32\wininet.dll
    2010-07-11 11:18:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-07-11 11:18:18 293888 ----a-w- c:\windows\system32\atmfd.dll
    2010-07-11 11:13:52 0 d
    w- c:\program files\Mozilla Firefox 4.0 Beta 1

    ==================== Find3M ====================

    2010-06-01 17:37:48 221568
    w- c:\windows\system32\MpSigStub.exe
    2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-12-13 21:17:08 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
    2009-12-13 21:17:08 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
    2009-12-13 21:17:08 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
    2009-09-22 11:56:50 8 --sha-r- c:\windows\system32\C716C7B34B.sys
    2009-09-22 11:56:58 4076 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-03-28 20:56:42 16384 --sha-w- c:\windows\temp\cookies\index.dat
    2010-03-28 20:56:42 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
    2010-03-28 20:56:42 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 16:16:33.57 ===============




    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/12/2009 22:12:59
    System Uptime: 08/07/2010 14:49:55 (722 hours ago)

    Motherboard: MEDIONPC | | MS-7501
    Processor: AMD Phenom(tm) 9650 Quad-Core Processor | CPU 1 | 1196/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 576 GiB total, 209.768 GiB free.
    D: is FIXED (FAT32) - 20 GiB total, 9.516 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is FIXED (FAT32) - 931 GiB total, 421.939 GiB free.
    J: is Removable
    K: is FIXED (FAT32) - 466 GiB total, 187.511 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP84: 01/08/2010 10:42:36 - Windows Update
    RP85: 02/08/2010 10:35:24 - Windows Update
    RP86: 04/08/2010 07:06:30 - Windows Update
    RP87: 05/08/2010 00:07:48 - Windows Update
    RP88: 06/08/2010 22:48:03 - Windows Update

    ==== Installed Programs ======================

    7-Zip 4.65
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1.2
    Adobe Shockwave Player 11.5
    Aimersoft HD Video Converter(Build 2.2.0.37)
    AoA Audio Extractor
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    Auto Gordian Knot 2.55
    AVIcodec (remove only)
    Avidemux 2.5
    AviSynth 2.5
    Bonjour
    C64 Forever
    CamStudio
    Catalyst Control Center InstallProxy
    CCS64 V3.7
    CDBurnerXP
    Choice Guard
    Compatibility Pack for the 2007 Office system
    Corel MediaOne
    CorelDRAW Essential Edition 3
    Cover Commander 3.1.3 by Insofta Development
    CyberLink LabelPrint
    CyberLink Power2Go
    CyberLink PowerDVD Copy
    Daniusoft Video Converter(Build 2.3.2.0)
    Dream64
    Dropbox
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DVDStyler v1.7.4-1
    EN
    FreeCommander 2009.02a
    Garmin USB Drivers
    Garmin WebUpdater
    Glary Utilities Pro 2.18.0.786
    Google Chrome
    Google Earth
    Google Talk (remove only)
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Haali Media Splitter
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
    Icepine Video Converter Pro 2
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    MediaCoder 0.7.2.4536
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Flight Simulator 2004 A Century of Flight
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft Works
    Mozilla Firefox (3.5.8)
    Mozilla Firefox (4.0b1)
    MSVC80_x86
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Nuclear Coffee - DiscRipper
    OpenOffice.org 3.1
    Paragon Drive Backup™ 2010 Special Edition
    PC Connectivity Solution
    Pdf995
    Player
    PPStream V2.6.86.8981 Final
    ProjectX 0.90.4.00
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB982135)
    SMPlayer 0.6.8
    SopCast 3.2.4
    Sothink Logo Maker
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    SQL Server System CLR Types
    Streaming Video Recorder V2.0.7
    SUPERAntiSpyware
    The Proxomitron Ver. Naoko-4.5
    TreeSize Free V2.3.3
    TSDoctor
    Tube Explorer Lite 3.2.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Manager
    VLC media player 1.0.1
    VobSub v2.23 (Remove Only)
    WD Diagnostics
    WD Firewire HID Driver
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Driver Package - Nokia Modem (06/01/2009 4.1)
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Installer Clean Up
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinX DVD Ripper Platinum 5.1
    Wisdom-soft Set up ASR 3.1 Free
    XMedia Recode 2.1.8.4
    Xvid MPEG-4 Video Codec
    XviD MPEG4 Video Codec (remove only)
    Yahoo! Install Manager
    Yahoo! Widgets
    YouTube Downloader App 2.03

    ==== Event Viewer Messages From Past Week ========

    07/08/2010 14:50:22, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    07/08/2010 14:50:22, Error: atikmdag [43029] - Display is not active
    07/08/2010 14:46:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    07/08/2010 14:46:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    07/08/2010 14:46:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    07/08/2010 14:46:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    07/08/2010 14:46:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6
    07/08/2010 14:44:47, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    07/08/2010 14:44:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    07/08/2010 14:44:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    07/08/2010 14:44:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
    07/08/2010 14:44:24, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    07/08/2010 14:44:24, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    07/08/2010 14:44:24, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    07/08/2010 14:44:24, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    07/08/2010 14:44:24, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    07/08/2010 14:44:24, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    07/08/2010 14:44:24, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    07/08/2010 14:44:24, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    07/08/2010 14:44:24, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    07/08/2010 14:44:24, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    07/08/2010 13:11:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    07/08/2010 13:09:48, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
    06/08/2010 22:32:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    06/08/2010 19:50:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.87.1177.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6004.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    06/08/2010 19:34:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
    06/08/2010 19:32:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
    05/08/2010 18:47:45, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.87.1177.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6004.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    04/08/2010 20:45:21, Error: Service Control Manager [7000] - The ACPI Power Meter Driver service failed to start due to the following error: A device attached to the system is not functioning.
    02/08/2010 09:13:16, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    02/08/2010 09:12:16, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    02/08/2010 09:11:55, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================


Comments

  • Options
    #2
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Download ComboFix here :

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

      Click me

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


  • Options
    #3
    Trevord
    Registered Users Posts: 942 ✭✭✭Trevord


    Hi,

    Thanks very much for your reply.

    Downloaded Combofix. Before running it I turned off antivirus as instructed (had to de-install Spybot as I could not end teatimer.exe).

    Here is my Combofix log. I have not attmepted to connect to internet (sending this from another machine) to see if the problem is now corrected, and will await further instructions from you.

    Advice much appreciated.


    ComboFix 10-08-07.01 - Trevor 08/08/2010 10:04:24.1.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.3326.2475 [GMT 1:00]
    Running from: c:\users\Trevor\Documents\Downloads\ComboFix.exe
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\progra~1\FreeVPN\faDS.dll
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Legacy_NPF
    \Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
    .

    2010-08-08 09:01 . 2010-08-08 09:01
    d
    w- C:\32788R22FWJFW
    2010-08-07 13:01 . 2010-08-07 13:01 63488 ----a-w- c:\users\Trevor\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-08-07 13:01 . 2010-08-07 13:01 52224 ----a-w- c:\users\Trevor\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-08-07 13:01 . 2010-08-07 13:01 117760 ----a-w- c:\users\Trevor\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-07 13:01 . 2010-08-07 13:01
    d
    w- c:\users\Trevor\AppData\Roaming\SUPERAntiSpyware.com
    2010-08-07 13:01 . 2010-08-07 13:01
    d
    w- c:\programdata\SUPERAntiSpyware.com
    2010-08-07 13:00 . 2010-08-07 13:01
    d
    w- c:\program files\SUPERAntiSpyware
    2010-08-07 11:16 . 2010-08-07 11:16
    d
    w- c:\users\Trevor\Tracing
    2010-08-05 20:43 . 2010-08-07 12:51
    d
    w- c:\users\Trevor\AppData\Roaming\GlarySoft
    2010-08-05 19:43 . 2010-08-05 19:43
    d
    w- c:\users\Trevor\AppData\Roaming\Vidalia
    2010-08-04 21:21 . 2010-08-04 21:21
    d
    w- c:\users\Trevor\AppData\Roaming\Malwarebytes
    2010-08-04 21:21 . 2010-08-04 21:21
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-04 21:21 . 2010-08-04 21:21
    d
    w- c:\programdata\Malwarebytes
    2010-08-04 21:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-04 21:21 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-04 20:54 . 2010-08-04 20:54
    d
    w- c:\users\Trevor\AppData\Local\ElevatedDiagnostics
    2010-08-04 07:22 . 2010-08-04 07:35
    d
    w- c:\users\Trevor\AppData\Roaming\PrimoPDF
    2010-08-04 07:19 . 2009-12-21 01:42 176235 ----a-w- c:\windows\system32\Primomonnt.dll
    2010-08-04 07:19 . 2010-08-05 19:14
    d
    w- c:\program files\Nitro PDF
    2010-08-02 17:10 . 2010-08-05 19:43
    d
    w- c:\users\Trevor\AppData\Roaming\Tor
    2010-08-02 17:10 . 2010-08-05 19:33
    d
    w- c:\program files\Vidalia Bundle
    2010-08-02 08:15 . 2010-08-02 08:15
    d
    w- c:\program files\iPod
    2010-08-02 08:15 . 2010-08-02 08:16
    d
    w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-08-02 08:15 . 2010-08-02 08:16
    d
    w- c:\program files\iTunes
    2010-08-02 08:13 . 2010-08-02 08:14
    d
    w- c:\program files\QuickTime
    2010-08-02 08:11 . 2010-08-02 08:11
    d
    w- c:\program files\Bonjour
    2010-08-02 08:02 . 2010-08-02 08:02 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-08-01 09:27 . 2010-08-01 09:27
    d
    w- c:\windows\system32\Wat
    2010-07-11 21:56 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-07-11 21:56 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-07-11 21:56 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-07-11 21:56 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-07-11 21:56 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-07-11 11:25 . 2010-06-21 19:00 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb89AA.tmp.exe
    2010-07-11 11:24 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
    2010-07-11 11:24 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
    2010-07-11 11:24 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2010-07-11 11:24 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-07-11 11:23 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
    2010-07-11 11:23 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
    2010-07-11 11:18 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-07-11 11:18 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
    2010-07-11 11:13 . 2010-07-11 11:14
    d
    w- c:\program files\Mozilla Firefox 4.0 Beta 1
    2010-07-11 11:05 . 2010-08-01 09:30 452104 ----a-w- c:\users\Trevor\AppData\Roaming\Real\Update\setup3.12\setup.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-08 09:11 . 2009-12-18 07:35
    d
    w- c:\programdata\pdf995
    2010-08-08 09:08 . 2009-12-05 22:01
    d
    w- c:\program files\FreeVPN
    2010-08-08 08:58 . 2010-01-10 13:10
    d
    w- c:\program files\Spybot - Search & Destroy
    2010-08-08 08:57 . 2010-01-10 13:10
    d
    w- c:\programdata\Spybot - Search & Destroy
    2010-08-08 08:22 . 2009-07-24 19:54
    d
    w- c:\programdata\Google Updater
    2010-08-07 09:06 . 2009-06-02 09:43
    d
    w- c:\program files\Microsoft Silverlight
    2010-08-04 07:33 . 2009-07-24 20:20 1 ----a-w- c:\users\Trevor\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-08-04 06:20 . 2009-12-18 07:35 59 ----a-w- c:\windows\wpd99.drv
    2010-08-02 08:15 . 2009-07-24 20:40
    d
    w- c:\program files\Common Files\Apple
    2010-07-11 21:56 . 2009-06-10 16:38
    d
    w- c:\programdata\Microsoft Help
    2010-07-11 21:54 . 2009-10-22 06:52
    d
    w- c:\program files\Microsoft Security Essentials
    2010-06-11 15:51 . 2010-06-11 15:51 3055600 ----a-w- c:\users\Trevor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    2010-06-11 15:36 . 2010-06-11 15:36 275952 ----a-w- c:\users\Trevor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    2010-06-01 17:37 . 2009-10-20 17:51 221568
    w- c:\windows\system32\MpSigStub.exe
    2010-05-29 12:54 . 2010-03-18 18:36 439816 ----a-w- c:\users\Trevor\AppData\Roaming\Real\Update\setup3.10\setup.exe
    2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-09-22 11:56 . 2009-09-22 11:56 8 --sha-r- c:\windows\System32\C716C7B34B.sys
    2009-09-22 11:56 . 2009-09-22 11:56 4076 --sha-w- c:\windows\System32\KGyGaAvL.sys
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Trevor\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Trevor\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Trevor\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "Google Update"="c:\users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-25 133104]
    "googletalk"="c:\users\Trevor\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-02 1833504]
    "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
    "CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
    "WD Button Manager"="WDBtnMgr.exe" [2009-11-22 339968]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2009-12-9 288136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
    2010-05-25 19:10 5475403 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-11 1343400]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    R4 gupdate1ca0ca29d2ab584;Google Update Service (gupdate1ca0ca29d2ab584);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 133104]
    S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-12-02 40560]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-25 734208]
    S3 PAC207;PC [email]Camer@;c:\windows\system32\DRIVERS\PFC027.SYS[/email] [2008-02-13 618112]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - vpgotkf
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-08 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-01-14 12:09]

    2010-08-08 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 19:54]

    2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 21:06]

    2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 21:06]

    2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-803979456-1070822374-2851397689-1000Core.job
    - c:\users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-30 07:00]

    2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-803979456-1070822374-2851397689-1000UA.job
    - c:\users\Trevor\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-30 07:00]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://myfav.es/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\84fovh5j.default\
    FF - prefs.js: browser.startup.homepage - hxxp://thefreevpn.com/home.php
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Trevor\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Trevor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\Trevor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vpgotkf]

    .
    LOCKED REGISTRY KEYS

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,ad,77,c7,85,e6,f9,45,9d,82,f2,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,ad,77,c7,85,e6,f9,45,9d,82,f2,\

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'Explorer.exe'(2408)
    c:\users\Trevor\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    .
    Other Running Processes
    .
    c:\program files\Microsoft Security Essentials\MsMpEng.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\UI0Detect.exe
    c:\windows\System32\WDBtnMgr.exe
    c:\windows\system32\sppsvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-08-08 10:14:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-08 09:14

    Pre-Run: 219,213,492,224 bytes free
    Post-Run: 218,784,010,240 bytes free

    - - End Of File - - 7418D694465BA8762CE7BA86A6CEBAF4


  • Options
    #4
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Please download OTM
    • Save it to your desktop.
    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      :Processes

:Services
vpgotkf
:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM and reboot your PC.
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. Options
      #5
      Trevord
      Registered Users Posts: 942 ✭✭✭Trevord


      OK,

      Thanks again for getting back to me.

      I followed your instructions and here is where I got to.

      1.
      I download OTM and TFC as instucted. Had some difficulties but eventually got both to run (had to remane them as .com - it seemed like .exe would not run)

      2.
      OTM asked to reboot and I said Ok and then went to get the log file (see below) from the C:

      Next I restored my internet connection on the infected machine in order to update malwarebytes

      However, I could not download malwarebytes to the infected machine (as soon as I got online and tried to download it the same critical error shutdown message appeared and I could not complete the download)

      Therefore I have attempted a manual update by downloading the mban-rules.exe file from http://malwarebytes.gt500.org/

      I ran this file and then ran malwarebytes. However the log file reported no infections (I can post it if required)


      3. Due to the critical shutdown message I cannot stay online long enough to run kaspersky online virus check.

      Here is the OTM log (I ran the OTM code you provided twice, the first time in safe mode and the second one after a normal boot)

      OTM LOG 1 (ran OTM in safe mode)

      All processes killed
      ========== PROCESSES ==========
      ========== SERVICES/DRIVERS ==========
      Error: No service named vpgotkf was found to stop!
      Service\Driver key vpgotkf not found.
      ========== REGISTRY ==========
      ========== FILES ==========
      < ipconfig /flushdns /c >
      Windows IP Configuration
      Could not flush the DNS Resolver Cache: Function failed during execution.
      C:\Users\Trevor\Desktop\cmd.bat deleted successfully.
      C:\Users\Trevor\Desktop\cmd.txt deleted successfully.
      ========== COMMANDS ==========
      C:\Windows\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully

      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 67 bytes
      ->Flash cache emptied: 41 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes
      ->Flash cache emptied: 0 bytes

      User: Guest
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 67 bytes
      ->Flash cache emptied: 41 bytes

      User: Public
      ->Temp folder emptied: 0 bytes

      User: Trevor
      ->Temp folder emptied: 957237 bytes
      ->Temporary Internet Files folder emptied: 125802127 bytes
      ->Java cache emptied: 27243725 bytes
      ->FireFox cache emptied: 37888985 bytes
      ->Google Chrome cache emptied: 126635325 bytes
      ->Flash cache emptied: 34832 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 738544 bytes
      RecycleBin emptied: 520192 bytes

      Total Files Cleaned = 305.00 mb



      OTM by OldTimer - Version 3.1.15.0 log created on 08082010_160504


      OTM LOG 2 (ran after normal boot up )

      Windows IP Configuration
      Successfully flushed the DNS Resolver Cache.
      C:\Users\Trevor\Desktop\cmd.bat deleted successfully.
      C:\Users\Trevor\Desktop\cmd.txt deleted successfully.
      ========== COMMANDS ==========
      C:\Windows\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully

      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes
      ->Flash cache emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes
      ->Flash cache emptied: 0 bytes

      User: Guest
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes
      ->Flash cache emptied: 0 bytes

      User: Public
      ->Temp folder emptied: 0 bytes

      User: Trevor
      ->Temp folder emptied: 1308045 bytes
      ->Temporary Internet Files folder emptied: 184978 bytes
      ->Java cache emptied: 0 bytes
      ->FireFox cache emptied: 0 bytes
      ->Google Chrome cache emptied: 0 bytes
      ->Flash cache emptied: 134 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 1674 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 1.00 mb


    6. Options
      #6
      ASJ112
      Site Banned Posts: 1,167 ✭✭✭ASJ112


      hows it running


    7. Advertisement
    8. Options
      #7
      Trevord
      Registered Users Posts: 942 ✭✭✭Trevord


      Thanks again for your help to date.

      To be honest symptoms seem to be getting worse. Getting shutdown message now even when machine is offline following a normal boot.

      Can only do things at this point in safe mode.

      I'm at the point of backing up my stuff and considered reformatting and reinstalling Windows 7.

      In your view should I admit defeat at this point and go with the reinstall ?

      (I am right in thinking that a full reinstall will automatically wipe the drive of all contents including the infection ?)


    9. Options
      #8
      ASJ112
      Site Banned Posts: 1,167 ✭✭✭ASJ112


      your PC is not infected so its something else causing your problems.

      I think a format would be the best solution, seems like there has been a lot of damage done to your PC.


      One question, have you been using registry cleaners on the machine ? They could have been responsible for this mess


    10. Options
      #9
      jpl888
      Closed Accounts Posts: 407 ✭✭jpl888


      ASJ112 wrote: »
      your PC is not infected so its something else causing your problems.

      I think a format would be the best solution, seems like there has been a lot of damage done to your PC.


      One question, have you been using registry cleaners on the machine ? They could have been responsible for this mess

      I would agree with the format/reinstall but it is a bold statement to say "your PC is not infected". With all the best intentions in the world none of the AV, Anti-Malware, Anti-Rootkit software will remove everything. Sometimes you just have to bite the bullet and reinstall, it is probably better to be safe than sorry anyway.


    11. Options
      #10
      Trevord
      Registered Users Posts: 942 ✭✭✭Trevord


      ASJ112 wrote: »
      your PC is not infected so its something else causing your problems.

      I think a format would be the best solution, seems like there has been a lot of damage done to your PC.


      One question, have you been using registry cleaners on the machine ? They could have been responsible for this mess

      Thanks

      I have a programme called Glary Utilities PRO and one of the things its supposed to do is registry cleanups. I had spent a day or two trying to remove the viruses myself and had already run programme before I came here for assistance.

      Thanks for taking the time to assist me. I'll do a reformat and reinstall and be a lot more careful in future.


    12. Options
      #11
      jpl888
      Closed Accounts Posts: 407 ✭✭jpl888


      The only registry cleaner that really works is the fella that sticks the CD in and reinstalls ;)


    13. Advertisement
    14. Options
      #12
      Trevord
      Registered Users Posts: 942 ✭✭✭Trevord


      Did a clean install of Windows 7 and everything looks fine now.

      For anyone who has not done this before and is a bit worried about doing it incorrectly, this very detailed step by step guide may be of use.


      http://pcsupport.about.com/od/operatingsystems/ss/windows-7-clean-install-part-1.htm

      Keep up the good work. Great Boards Thread.


    15. Options
      #13
      mickger844posts
      Moderators, Science, Health & Environment Moderators Posts: 4,466 Mod ✭✭✭✭mickger844posts


      Got this virus last Sunday when visiting the Sky Player website. Will do a clean install as I have tried everything to fix it. Be careful if you visit their site.


    Advertisement