waddler8   10 #37 Posted December 28, 2012 ooop sorry  No problem. Share this post Link to post Share on other sites Share this content via...
banjodeano   31 #38 Posted December 28, 2012 . ============== Running Processes ================ . C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2004933 uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327 uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4 mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned> EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned> uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [MSMSGS] "c:\program files\messenger\Msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERANTISPYWARE.EXE mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe" mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:36 uPolicies-System: NoAdminPage = 1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Free YouTube Download - c:\documents and settings\janet\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?f0b48acf004345e0a40986589c46f466 IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?f0b48acf004345e0a40986589c46f466 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs= MsgPlusLoader.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 housecall.trendmicro.com Hosts: 127.0.0.1 http://www.spywareinfo.com . ================= FIREFOX ===================  ---------- Post added 28-12-2012 at 19:55 ----------  ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\janet\application data\mozilla\firefox\profiles\3q25zt7a.default user\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - eBay.co.uk FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npclntax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\NPPTOOLS.DLL . ============= SERVICES / DRIVERS =============== . R? aswFsBlk;aswFsBlk R? aswSnx;aswSnx R? aswSP;aswSP R? avast! Antivirus;avast! Antivirus R? ggflt;SEMC USB Flash Driver Filter R? HTCAND32;HTC Device Driver R? htcnprot;HTC NDIS Protocol Driver R? PassThru Service;Internet Pass-Through Service R? s115bus;Sony Ericsson Device 115 driver (WDM) R? s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface R? SASDIFSV;SASDIFSV R? SASENUM;SASENUM R? SASKUTIL;SASKUTIL R? Symantec Core LC;Symantec Core LC . =============== Created Last 30 ================ . 2012-12-27 20:06:06 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2012-12-26 21:42:45 192512 ----a-w- c:\documents and settings\janet\wgsdgsdgdsgsd.dll . ==================== Find3M ==================== . 2012-11-12 20:44:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-12 20:44:09 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-11-12 20:44:02 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-12 20:44:00 746984 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 19:26:36.14 =============== Share this post Link to post Share on other sites Share this content via...
waddler8 Â Â 10 #39 Posted December 28, 2012 Post the header information found above: Â ============== Running Processes ================ Share this post Link to post Share on other sites Share this content via...
banjodeano   31 #40 Posted December 28, 2012 DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL Internet Explorer: 7.0.6000.17055 BrowserJavaVersion: 10.9.2 Run by janet at 19:23:59 on 2012-12-28 . ============== Running Processes ================ . C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== Share this post Link to post Share on other sites Share this content via...
waddler8   10 #41 Posted December 28, 2012 Great, now to move on to the fix - It's more or less the same procedure but you'll be running combofix. Let me know if you have problems at any stage during this.  Using another computer, go here and read through the instructions for downloading and running ComboFix:  Bleeping Computer ComboFix Tutorial  Using the other computer, download Combofix and save it to your USB memory stick  Restart the computer, press F8 continually until you reach the Advanced Boot options menu. Choose Safe mode with command prompt.  When it loads, log onto your normal administrator account & at the command prompt type explorer - This will open Windows Explorer. Plug in the USB drive and navigate to Combofix  Double click combofix.exe & follow the prompts closely. Combofix may reboot the computer - allow it to reboot normally. When it's finished, it'll produce a log. Save the log to the USB stick and post the contents of that log here. It'll also be found on your C:\ drive named combofix.txt  Above all, BE PATIENT! and let it run it's course. Share this post Link to post Share on other sites Share this content via...
banjodeano   31 #42 Posted December 28, 2012 Thanks Waddler.....on with it now Share this post Link to post Share on other sites Share this content via...
Epic Fail   10 #43 Posted December 28, 2012 Seeing as you've got another computer, you could just backup your data and run a factory recovery. Job done. Share this post Link to post Share on other sites Share this content via...
banjodeano   31 #44 Posted December 28, 2012 ok...it hit a problem...it needed the internet to look for a certain file that was missing...it can not get ontothe internet,prob because its in safe mode.....its aborting but still looking for malware Share this post Link to post Share on other sites Share this content via...
waddler8 Â Â 10 #45 Posted December 28, 2012 That's ok, let it continue. Share this post Link to post Share on other sites Share this content via...
banjodeano   31 #46 Posted December 28, 2012 now it say........ a problem has been detected....windows has been shut down to prevent damage.... plug and play detected an error most likely caused by a faulty driver;;;etc etc...  ---------- Post added 28-12-2012 at 21:00 ----------  it seems like it all frozen..... Share this post Link to post Share on other sites Share this content via...
waddler8 Â Â 10 #47 Posted December 28, 2012 What stage was it at? Numbered #1 - #50 Share this post Link to post Share on other sites Share this content via...
banjodeano   31 #48 Posted December 28, 2012 What stage was it at? Numbered #1 - #50  prob stage five or something,... Share this post Link to post Share on other sites Share this content via...