34 replies to this topic

[OCD]

Hi NoNo,

Go back to my previous post and run the Microsoft Fix-It, reboot and attempt to get Windows updates.

[NoNo]

Ok I tried the Fix It. It gave me the same results and so did Windows Update when I ran it. There are 2 things that happened.

1. When I rebooted, Microsoft Security Essentials there was a red X on the icon. It said that real-time protection was turned off, which I had not done. When I looked, there was a check mark, so it wasn't turned off. It just said it was. Its never done this. It was working good a minute later. (or it looks like its working good).

2. On the web Result Report for Fix It, under Issues Found and Issues Checked, when I clicked the arrow down to read more info

there were 8 weird symbols/emoticons covering the beginning of each issue found/checked:

-smileyface w/ a black box covering bottom half of it

-black circle

-security badge

-a present

-and i w/ a circle around it

-black circle

-a present

-a security badge

 

Ok now what?

 

Thank you,

NoNo

Edited by NoNo, 16 January 2014 - 05:34 PM.

[OCD]

Hi NoNo,

Let's ensure we have gotten all the malware removed, then we will refocus on the remaining issues.

Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================


ESET Online Scanner

*Note:

• It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
• Please don't go surfing while your resident protection is disabled!
• Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
• Click Scan.
• Wait for the scan to finish.
• When the scan completes, click List of found threats
• click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
• Include the contents of this report in your next reply
  
  Note - when ESET doesn't find any threats, no report will be created.
• Push the back button.
• Push Finish
• Re-enable your Antivirus software.

=========================

In your next post please provide the following:

• MBAM log
• ESET's log.txt
• How's the computer running?

[NoNo]

Hi- The computer is running a little slower. When I'm online, its very very very slow for pages to load. In the last few days, a box comes up and says explorer has stopped responding and must shut down. This has happened probably 8 times.

The logs are below.

 

MBAM log: 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.17.01

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

gogo :: GOGO [administrator]

 

1/16/2014 10:22:10 PM

mbam-log-2014-01-16 (22-22-10).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 270352

Time elapsed: 9 minute(s), 5 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 1

C:\Program Files\SearchNewTab (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.

 

Files Detected: 8

C:\ProgramData\InstallMate\{0D7E492F-FAFE-4B16-A9FD-B2DCD69D6BD9}\Custom.dll (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.

C:\ProgramData\InstallMate\{83AC8764-0B54-4B28-A9C3-4376584FA592}\Custom.dll (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.

C:\Program Files\SearchNewTab\nS.tlb (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.

C:\Program Files\SearchNewTab\nS.dat (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.

C:\Program Files\SearchNewTab\nS.x64.dll (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.

C:\Program Files\SearchNewTab\u3WjCHYv.dat (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.

C:\Program Files\SearchNewTab\u3WjCHYv.tlb (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.

C:\Program Files\SearchNewTab\u3WjCHYv.x64.dll (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.

 

(end)

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

ESET log:

C:\Qoobox\Quarantine\C\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldgbplljnchkkppbfhbcknbpbbdcii\1.3\G_hjatRGNdYa.js.vir Win32/Adware.MultiPlug.H application

C:\Qoobox\Quarantine\C\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmodnijfgmhdmlkekdlaepjnkgjojfpa\1.0\Pp8H.js.vir Win32/Adware.MultiPlug.H application

C:\Qoobox\Quarantine\C\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\AkqU_H.js.vir Win32/Adware.MultiPlug.H application

C:\Qoobox\Quarantine\C\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadacbooohdmfjnificblknbmebopbjn\1.0\bemvUOIVaW.js.vir Win32/Adware.MultiPlug.H application

C:\Qoobox\Quarantine\C\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\AkqU_H.js.vir Win32/Adware.MultiPlug.H application

C:\Qoobox\Quarantine\C\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\d81cayud2k@hccw.co.uk\content\bg.js.vir Win32/Adware.MultiPlug.H application

C:\Qoobox\Quarantine\C\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\ewn.4uoaa@gaeflcf-.co.uk\content\bg.js.vir Win32/Adware.MultiPlug.H application

C:\Qoobox\Quarantine\C\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\kei7xsml@mukic.com\content\bg.js.vir Win32/Adware.MultiPlug.H application

C:\Qoobox\Quarantine\C\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\vtn-uyeo@viq-i.com\content\bg.js.vir Win32/Adware.MultiPlug.H application

C:\Users\gogo\Desktop\Security\backups\backup-20131206-012817-254.dll a variant of Win32/AdWare.MultiPlug.N application

C:\Users\gogo\Desktop\Security\backups\backup-20131206-012817-874.dll a variant of Win32/AdWare.MultiPlug.N application

 

[OCD]

Hi NoNo,

Disk Defragmenter for Vista

• Open Disk Defragmenter by clicking the Start button, > All Programs, > Accessories, > System Tools and then clicking Disk Defragmenter..
• If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
• Click Defragment Now.

Disk Defragmenter might take from several minutes to a few hours to finish, depending on the size and degree of fragmentation of your hard disk. You can still use your computer during the defragmentation process.

Tutorial: http://windows.micro...-your-hard-disk

=========================

Reboot

=========================

ComboFix

Refer to the ComboFix User's Guide

• Download ComboFix from the following location:
  
  Link
  
  * IMPORTANT !!! Place ComboFix.exe on your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  ---------------------------------------------------------------------------------------------
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  ---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  
  =========================
  
  In your next post please provide the following:
  • ComboFix.txt

[NoNo]

Hi - Sorry I haven't gotten back to you in a few days. I will do these scans tonight and tomorrow. Thanks for your patience.

 

-NoNo

[OCD]

[NoNo]

Hi - ok I could not defrag. It ran all night. But I dont think it was working. The little blue circle just kept circling 

The Combofix log is below.

 

ComboFix 14-01-23.02 - gogo 01/23/2014  18:38:43.4.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1776 [GMT -8:00]

Running from: c:\users\gogo\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-24 to 2014-01-24  )))))))))))))))))))))))))))))))

.

.

2014-01-24 02:47 . 2014-01-24 02:48 -------- d-----w- c:\users\gogo\AppData\Local\temp

2014-01-24 02:47 . 2014-01-24 02:47 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-01-24 02:47 . 2014-01-24 02:47 -------- d-----w- c:\users\Kids\AppData\Local\temp

2014-01-24 02:47 . 2014-01-24 02:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-24 02:47 . 2014-01-24 02:47 -------- d-----w- c:\users\Daisy\AppData\Local\temp

2014-01-24 01:37 . 2013-10-22 04:38 719224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C35CD68-A0A5-41DF-AC2C-4D194CB6D41D}\gapaengine.dll

2014-01-24 01:33 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33BC3EBA-CFA6-4893-AFA4-A10042D9A669}\mpengine.dll

2014-01-22 06:26 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-01-17 06:18 . 2014-01-17 06:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-01-17 06:18 . 2013-04-04 22:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-08 15:51 . 2014-01-08 15:58 -------- d-----w- C:\AdwCleaner

2014-01-08 15:46 . 2014-01-08 15:46 -------- d-----w- C:\_OTL

2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr

2014-01-04 01:20 . 2014-01-04 01:20 -------- d-----w- c:\program files\ESET

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-19 07:32 . 2009-10-02 17:19 231584 ------w- c:\windows\system32\MpSigStub.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

.

c:\users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\gogo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DFX.lnk

backup=c:\windows\pss\DFX.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^gogo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^gogo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-10-12 05:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTCM Client]

2009-08-05 17:36 1596096 ----a-w- c:\program files\LTCM Client\ltcmClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

2012-11-13 21:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-07-02 16:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-08-20 16:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2008-11-15 05:02 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]

2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]

2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-10-07 03:42 210216 ----a-w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ   wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ   WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-17 04:04 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14 18:15]

.

2014-01-24 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-14 21:08]

.

2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 18:19]

.

2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 18:19]

.

2013-08-14 c:\windows\Tasks\HPCeeScheduleForKids.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]

.

2014-01-08 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-14 21:07]

.

2013-05-14 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-14 21:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

mStart Page = 

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-01-23 18:48

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2014-01-23  18:51:09

ComboFix-quarantined-files.txt  2014-01-24 02:51

ComboFix2.txt  2014-01-12 00:11

ComboFix3.txt  2013-08-13 05:53

.

Pre-Run: 155,582,550,016 bytes free

Post-Run: 154,812,579,840 bytes free

.

- - End Of File - - 43443F4ED7A9E36618F9C713D0AF8AC9

588AE8F0C685C02BA11F30D9CD7E61A0

[OCD]

Hi NoNo,

Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".

• Start menu, in the search bar type "cmd"
• Right-click the cmd icon, select "run as administrator"
  • If you have user account control (UAC) set up it may prompt you to accept that action.
• Then type in "chkdsk /r" (make note of the space between chkdsk and /)

=========================

Auslogics Disk Defrag Free

• Download here
• Install and run
• Post back after you have completed

=========================

In your next post please provide the following:

• Update on status

[OCD]

Hi NoNo,

Just checking in to see if you still need help?

[NoNo]

Hi my internet connection is down and haventbeen able to get a connection for past few days. I using a friend to contact you.

 

I ran check disc and did a deFrag. i cant send you the results at this time.

 

I will send you the results as soon as I can get back on line. I can get messages but I will need to get then from a friends computer for now. I dont want to start over if possable.

 

nono

[OCD]

Hi NoNo,

 

No worries, I will leave the thread open until I hear back from you.

[OCD]

Hi NoNo,

It's been 7 days. Are you ready to move forward yet, or do expect an extended delay?

[NoNo]

Hi-

woohoo ! have connection again!    I feel like its been a month or two! lol

Im ready !

[OCD]

Hi NoNo,

OK great news! Please go back to post # 24 and complete those steps.