Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: eddie, can you rescue?


(!)

nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
09-Jul-2012, 10:34 PM #1
eddie, can you rescue?
eddie means eddie5659, in case there are any other eddies round here. if so, sorry for the confusion!

---------

eddie


well, guess what? another laptop lost the plot. it was a blank screen the last several times i messed with it, & then recently a whole assortment of things happened that began with, "thermal shutdown occurred.."

it's running now, sort of (mwbytes had 238 items in quarantine & more followed. i don't know if it's finished yet ). it's freezing too.. can you peek @ it?

my thanks, of course )))

ps) i didn't run HJT in case it wasn't necessary since mwbytes is already on. i'll jump on the list if need be, let me know..
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
12-Jul-2012, 02:15 PM #2
apparently all i have to do is tell a laptop you'll be after it, & it straightens itself out !

it's running ok now, so if you get to this, you can just disregard
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,102 posts.
 
Join Date: Mar 2001
Location: Bradford, England
12-Jul-2012, 02:22 PM #3
Hiya

I'll have a look at it anyway, as it may have other things on there

Can you post the MBAM log.

Also, can you run this:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    Code:
    netsvcs
    activex
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %windir%\Installer\*.*
    %windir%\system32\tasks\*.*
    %windir%\system32\tasks\*.* /64
    %systemroot%\Fonts\*.exe
    %systemroot%\*. /mp /s
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    regedit.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
12-Jul-2012, 02:26 PM #4
this went wonky before & then worked fine for a while.. you sure you want to bother right away?
it's not 911 or anything .
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,102 posts.
 
Join Date: Mar 2001
Location: Bradford, England
15-Jul-2012, 12:35 PM #5
Its entirely up to you

Its no biggie if you want to post it, as I can just see if anything jumps out.

However, if you want to wait until it happens again, just post the logs

eddie
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
15-Jul-2012, 07:01 PM #6
can you let me know when you get to the
Quote:
other laptop *important*
pm? it's likely submerged in a bunch of other pm's . anyway, after that, then i'll know what to do . thanks a tonne!!
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,102 posts.
 
Join Date: Mar 2001
Location: Bradford, England
16-Jul-2012, 02:59 PM #7
Already done
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
17-Jul-2012, 02:27 PM #8
i've got to start adopting your methodical approach!
although if i get that organised & linear, it could scare people

i'll try to get at this wednesday. if you get busy, let me know, as it can always wait. (& we're never messing with this thing on fridays, ever!! )

thanks eddie
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,102 posts.
 
Join Date: Mar 2001
Location: Bradford, England
18-Jul-2012, 05:14 PM #9
Its okay to do this anytime, I'll get thru each thread, so it will be usually a day max to wait, unless I have to work late
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
18-Jul-2012, 05:17 PM #10

ok, here's what i have.. btw, the mouse wouldn't work on it before, but now it does -- in case that has anything to do with anything :s

before the whole thing was sluggish enough that i was about to drive over it with the truck, & back up to make sure i did a good job

it's a:
windows 7 / hewlitt packard presario CQ56 notebook
2 gig ram / 1.74 usable
64 bit op sys

---------
feel free to skip this historical part unless it's vital:

last attempts ~a month ago produced a blank screen after powering on
07/08/12:
1) thermal shutdown occurred.
2) “system bios ..” then screen disappeared before i could type remainder
3) windows failed to start. msg: “a recent hardware or software change might..
4) says computer was unable to start & launches startup repair
5) loads files
6) microsoft logo @ bottom
7) “start up repair is checking your system for problems..”
8) asks if i want to use system restore, restore is clicked
9) it attempts repairs & restarts
10) windows logo + copyright microsoft appears, password entered
11) welcome with spinny circle
12) it’s spins long enough that i make a cuppa & drink it. have a snack as well.
13) everything finally loads & spotify opens
14) shut down spotify via task manager
15) run disc cleanup, notice antivirus isn’t working & registration missing (likely due to system restore?)
16) uninstall & reinstall antivirus
17) avast scans
18) opened _____ & task manager (i failed to make a notation & don't remember what the blank was now )
19) “failure to display security and shut down options” clicked ok
20) avast finishes scan
21) secunia 85% / windows defender requires updating
22) malwarebytes updates, scan, finds malware, quite a lengthy list, starting with
PUP.AdurrPlugin Registry Key HKCR/CLSID/(056c-9352-88cb3-4465-9290-8...
C:/Program Files {x86} /Object

238 total !!

23) i click on the selected to remove & result is completely frozen screen
24 ) control/alt/ delete. no response, even after repeating
25) disconnect power & pop battery out
26) background image loads, endless spinning circle again..
27) after quite a while, reboot
28) freezes while opening computer from start menu & registering avast
29) control/alt/delete produces windows msg about the app not responding & it may if i wait. do i want to end process?
30) failure to display security and shut down options – “the logon process was unable to display..”
31) i get end process question & click *end process*
32) mainscreen, run malwarebytes again
33) 47 objects detected
34) mbam urges restart
35) restart & subsequent windows update proceeds & terminates
36) start secunia

got sick of the whole bloody mess & left it for a while.

-----------
today:

mbam threw up "not responding" @ first, but then everything went chugging along
mbam looks most squeaky clean


Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
peckent :: PKE [administrator]

Protection: Enabled

7/18/2012 12:14:08 PM
mbam-log-2012-07-18 (12-14-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 354839
Time elapsed: 1 hour(s), 59 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

============================

OTL logfile created on: 7/18/2012 2:40:35 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.27 Gb Available Physical Memory | 15.51% Memory free
3.49 Gb Paging File | 1.20 Gb Available in Paging File | 34.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215.36 Gb Total Space | 154.81 Gb Free Space | 71.88% Space Free | Partition Type: NTFS
Drive D: | 17.22 Gb Total Space | 2.49 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive F: | 7.60 Gb Total Space | 7.60 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: PKE | User Name: peckent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/18 14:28:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012/07/13 02:56:29 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\peckent\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler. exe
PRC - [2012/07/11 17:58:17 | 001,551,384 | ---- | M] (Google Inc.) -- C:\Users\peckent\AppData\Local\Google\Chrome\Application\20.0.1132.57\Insta ller\setup.exe
PRC - [2012/07/06 11:53:20 | 000,217,536 | ---- | M] (Facebook) -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessen ger.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/23 10:12:26 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/15 08:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/22 17:30:52 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\HP Button Manager\BM.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/08 21:54:38 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e3 9162b83f3303aaa\System.Web.ni.dll
MOD - [2012/07/08 21:54:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe6 51c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/08 21:53:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f8773 6d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/05 20:58:56 | 021,015,488 | ---- | M] () -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\libcef.dll
MOD - [2012/07/05 20:58:16 | 000,284,096 | ---- | M] () -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\CefSharp.WinFo rms.dll
MOD - [2012/07/05 20:56:24 | 000,456,128 | ---- | M] () -- C:\Users\peckent\AppData\Local\Facebook\Messenger\2.1.4570.0\CefSharp.dll
MOD - [2012/05/22 15:45:18 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083c bbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/22 15:40:01 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d4 9b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/22 15:39:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c50 6bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/22 15:39:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673 d948179195c\System.ni.dll
MOD - [2012/05/22 15:38:55 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a35 9778ea57d914c\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
MOD - [2010/02/22 17:30:52 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\HP Button Manager\BM.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/12 15:39:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

Extras
OTL Extras logfile created on: 7/18/2012 2:40:35 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.27 Gb Available Physical Memory | 15.51% Memory free
3.49 Gb Paging File | 1.20 Gb Available in Paging File | 34.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215.36 Gb Total Space | 154.81 Gb Free Space | 71.88% Space Free | Partition Type: NTFS
Drive D: | 17.22 Gb Total Space | 2.49 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive F: | 7.60 Gb Total Space | 7.60 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: PKE | User Name: peckent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
18-Jul-2012, 05:21 PM #11
cross posted..

absolutely no rush at all!!
tell work to stuff it though , & that's so you get free time , not for this!!
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,102 posts.
 
Join Date: Mar 2001
Location: Bradford, England
19-Jul-2012, 05:33 PM #12
Okay, firstly can you post the mbam log that you ran when it came up with over 200 items.

So, as you have run MBAM, this is how to get the log and attach it

Firstly, go to Start | programs, and open up Malware Bytes AntiMalware. Most call it MBAM for short.



Then, click on the Logs tab:



Now, select the log which you removed the files. Normally its the latest one. Click on it to highlight it, then select Open in the bottom left:



Now, a notepad will open up. Mine is blank, but yours will have the 100 or so items in. Click on Edit | Select All and paste as normal.

----------------

As for the OTL log, both are not complete. Can you make sure that's all that was in them both, as your uninstall list etc isn't there on the Extra's and the 04's etc aren't showing on the OTL log.
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
19-Jul-2012, 09:22 PM #13
Quote:
Originally Posted by eddie5659 View Post
Okay, firstly can you post the mbam log that you ran when it came up with over 200 items.
yep, i'll go retrieve that

Quote:
As for the OTL log, both are not complete. Can you make sure that's all that was in them both, as your uninstall list etc isn't there on the Extra's and the 04's etc aren't showing on the OTL log.
well, that's strange.. although i copied them to a word doc, then to a jump drive, then here, so..

anyway, i'll back with those later. thanks v. much e!!
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,102 posts.
 
Join Date: Mar 2001
Location: Bradford, England
20-Jul-2012, 07:50 AM #14
Why did you need to copy them to a word document? They should just open in Notepad, that's all I need

If they look jumbled up, click Format and make sure WordWrap is ticked.
nittiley's Avatar
Account Disabled with 2,667 posts.
THREAD STARTER
 
Join Date: Aug 2011
Experience: Beginner
20-Jul-2012, 04:38 PM #15
sheer (unthinking) habit on my part .
thanks for the wordwrap tip ! i recall that happening some other time (not recently, nor with this though)..

even though these logs are for later, i can't get them to post now !! tried several times & get the charming delay message repeatedly, so i'm going to e them instead. sorry to flip it there !! but you'll know how to get them on this thread..& they're not going on for me, bleah!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑