Need to remove a pervasive tricky virus

March 1, 2013 at 11:29:46
Specs: Windows Vista
remove a virus (can't diagnose which one) that disabled Kaspersky Pure, new installations, MS Office, and eliminated prior restore points. It won't let me update Malwarebytes, fully install CCLeaner, fully install Kaspersky, fully update Windows etc. It won't let me back up my drive.

I'm running Vista.

I keep getting a "Machine Debug Manager" window popping up when I try to update or install.

Running in Safe mode doesn't help with Pure etc. I can regedit but not without figuring out which virus this is. I can't find it in msconfig either.


See More: Need to remove a pervasive tricky virus

Report •

#1
March 1, 2013 at 12:43:25
Try Hijack This & post the log here, if you don't know what to delete.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
March 1, 2013 at 13:57:20
Run ESET Online Scanner & post the contents of the log please. This scan may take a very long while, so please be patient. Start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...

You may have to download ESET from a good computer, put it on a thumb drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...

Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...
Uninstallers (removal tools) for common antivirus software
http://kb.eset.com/esetkb/index?pag...


Report •

#3
March 1, 2013 at 15:58:04
Hi Guapo,

I consistently get the Microsoft Debug Manager JIT window opening when I try to modify anything. "options: /dumpjit: display, current JIT (just-in-time) debugging settings
/remotecfg: configure remote"

and I tried selecting "none" under write debugging information in advanced system settings start up and recovery but that didn't help

As instructed:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:48, on 01/03/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Lisa\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.techguy.org/virus-oth...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE
O4 - HKCU\..\Run: [EPSON Artisan 810 Series wireless] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Users\Lisa\AppData\Local\Temp\E_S15D0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Artisan 810 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S71D5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Artisan 810(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S89A9.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Web Capture - C:\Program Files (x86)\SmarThru Office\WebCapture.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files (x86)\QuickTax 2008\ic2008pp.dll
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll
O18 - Protocol: intu-tt2010 - {97A0575E-2309-4E75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll,C:\PROGRA~2\KASPER~1\KASPER~2\mzvk bd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\SysWOW64\CSHelper.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdx_device - Unknown owner - C:\Windows\system32\lxdxcoms.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareReso urceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
--
End of file - 14460 bytes


Report •

Related Solutions

#4
March 1, 2013 at 20:29:24
Hijack This has to be run in normal mode.

How do you know when a politician is lying? His mouth is moving.


Report •

#5
March 1, 2013 at 21:17:18
http://www.tech-recipes.com/rx/848/...
Use the above to disable Machine Debug Manager
then try running Malwarebytes and fix all it finds

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#6
March 2, 2013 at 09:02:45
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:56:19, on 02/03/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Users\Lisa\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.techguy.org/virus-oth...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE
O4 - HKCU\..\Run: [EPSON Artisan 810 Series wireless] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Users\Lisa\AppData\Local\Temp\E_S15D0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Artisan 810 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S71D5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Artisan 810(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S89A9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Web Capture - C:\Program Files (x86)\SmarThru Office\WebCapture.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files (x86)\QuickTax 2008\ic2008pp.dll
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll
O18 - Protocol: intu-tt2010 - {97A0575E-2309-4E75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll,C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\SysWOW64\CSHelper.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 14899 bytes


Report •

#7
March 2, 2013 at 10:33:22
F2 - REG:system.ini: UserInit=userinit.exe,

That ^^ has to go. Delete it using Hijack This

__________________________

The next thing is Kaspersky. Where did you get it & how many times did you install it ? If you say 1, you have a fake version on top of it. If you have paid for it or have a subscription, make sure that you have the key & uninstall it. If they have an uninstaller, use it. Then you can do a clean Kaspersky install.

There are some similar things with Epson but don't do anything with that yet.

How do you know when a politician is lying? His mouth is moving.


Report •

#8
March 2, 2013 at 11:33:57
I own Kaspersky Pure, after this happened this week I attempted to install a trial version in addition to Pure. I'll uninstall the trial version (it wouldn't fully update either).

Recently, the infected computer was having communication issues with my Epson printer. Consquently, I reinstalled it. However, all of this was done after the malware/virus/whatever it is manifested so couldn't be causing the problem.

I can't do a clean install unless deleting "F2 - REG:system.ini: UserInit=userinit.exe," allows me to.


Report •

#9
March 2, 2013 at 11:41:53
I think the virus attached itself to Kaspersky & Epson. Unistall Epson too, if necessary.

How do you know when a politician is lying? His mouth is moving.


Report •

#10
March 2, 2013 at 17:40:34
C:\Users\Lisa\AppData\Local\Temp\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC.B application cleaned by deleting - quarantined

Report •

#11
March 2, 2013 at 18:33:38
Re post #10

What gave you that info?


Report •

#12
March 2, 2013 at 18:59:19
The ESET online scan generated my previous post.

Report •

#13
March 2, 2013 at 20:12:46
"The ESET online scan generated my previous post"

Ok, please confirm everything you do as we progress, cannot assume anything.

2: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

3: Reboot

4: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
RogueKiller tutorial
http://en.kioskea.net/faq/11626-rog...
•Please quit all programs
•Right-click the RogueKiller file and select "Run as Administrator'
•Press: SCAN
•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.
An RKreport (Mode: Delete) is created on the Desktop.
Please provide the RKreport (Mode: Delete) in your reply.
Restart the computer.


Report •

#14
March 3, 2013 at 10:34:39
Thanks so much for the help!

ran unhide, rebooted, ran roguekiller as administrator, deleted 2 entries under registry tab

here's the log

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Lisa [Admin rights]
Mode : Scan -- Date : 03/03/2013 09:46:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RTKAUDIOSERVICE.EXE -- C:\Windows\RTKAUDIOSERVICE.EXE [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3252GSX +++++
--- User ---
[MBR] 26eb14cff0fafac07f94bce0fd92cf75
[BSP] d81653fff87a633f48514eb6419a8259 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10137 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20762624 | Size: 295106 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03032013_02d0946.txt >>
RKreport[1]_S_03032013_02d0946.txt

The machine debug manager error showed up again after running the scan.

And I've rebooted again.


Report •

#15
March 3, 2013 at 10:46:12
did you disable debugger like I explained in response #5?

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#16
March 3, 2013 at 10:52:02
"did you disable debugger like I explained in response #5?"

Yes, both in IE and other were and are still checked and applied.


Report •

#17
March 3, 2013 at 12:23:17
"ran unhide, rebooted, ran roguekiller as administrator, deleted 2 entries under registry tab"
Thanks.

5: Run ComboFix & post the contents of the log please.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#18
March 3, 2013 at 13:04:17
Ran combofix as instructed:

ComboFix 13-03-03.01 - Lisa 03/03/2013 13:47:03.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4062.2541 [GMT -7:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Lisa\Documents\~WRL0272.tmp
c:\users\Lisa\Documents\~WRL0638.tmp
c:\users\Lisa\Documents\~WRL1018.tmp
c:\users\Lisa\Documents\~WRL2043.tmp
c:\users\Lisa\Documents\~WRL2251.tmp
c:\users\Lisa\Documents\~WRL3318.tmp
c:\users\Lisa\seamonkey-1.1.17.en-US.win32.installer.exe
c:\users\Lisa\seamonkey-1.1.18.en-US.win32.installer.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 )))))))))))))))))))))))))))))))
.
.
2013-03-03 20:55 . 2013-03-03 20:55 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2013-03-02 20:37 . 2013-03-02 20:37 -------- d-----w- c:\program files (x86)\ESET
2013-02-28 19:20 . 2013-02-28 19:34 -------- d-----w- c:\users\Lisa\AppData\Local\NPE
2013-02-28 19:20 . 2013-02-28 19:20 -------- d-----w- c:\programdata\Norton
2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\users\Lisa\AppData\Roaming\SparkTrust
2013-02-28 03:46 . 2013-02-28 03:46 -------- d-----w- c:\users\Lisa\AppData\Roaming\DriverCure
2013-02-28 03:44 . 2013-02-28 03:44 -------- d-----w- c:\programdata\SparkTrust
2013-02-28 03:44 . 2013-02-28 03:44 -------- d-----w- c:\program files (x86)\SparkTrust
2013-02-28 03:44 . 2013-02-28 03:44 -------- d-----w- c:\program files (x86)\Common Files\SparkTrust
2013-02-26 18:13 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1933653-B79E-48D4-A3D8-9E4C0D38CE6F}\mpengine.dll
2013-02-18 15:36 . 2009-05-01 07:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2013-02-16 02:58 . 2013-02-16 02:58 106088 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 15:58 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-13 15:58 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-13 15:24 . 2012-11-08 04:26 1570816 ----a-w- c:\windows\system32\quartz.dll
2013-02-13 15:24 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2013-02-13 15:24 . 2013-01-04 01:59 2773504 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 15:24 . 2013-01-04 11:31 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 15:21 . 2013-01-05 05:37 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 20:45 . 2012-04-03 16:02 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 20:45 . 2011-05-20 21:11 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 18:52 . 2010-09-21 03:12 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-13 15:49 . 2006-11-02 12:35 70004024 ----a-w- c:\windows\system32\mrt.exe
2013-02-06 00:54 . 2012-06-28 23:21 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-06 00:54 . 2010-06-07 13:41 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-17 08:28 . 2010-07-27 08:09 273840 ------w- c:\windows\system32\MpSigStub.exe
2012-12-16 13:31 . 2012-12-21 19:33 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-21 19:33 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-21 19:33 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-21 19:33 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-14 23:49 . 2010-05-05 17:23 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-05-26 413696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-10-18 02:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-21 1220392]
"Skytel"="Skytel.exe" [2008-10-17 1826816]
"RtHDVCpl"="RAVCpl64.exe" [2008-10-17 6453760]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 181784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-22 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 209432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Web Capture - c:\program files (x86)\SmarThru Office\WebCapture.dll
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\ataux19c.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/
FF - prefs.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=PflJmbi3&q=
FF - ExtSQL: 2013-02-28 14:27; linkfilter@kaspersky.ru; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - ExtSQL: 2013-02-28 14:27; virtualKeyboard@kaspersky.ru; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=PflJmbi3&q=
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{dd230880-495a-11d1-b064-008048ec2fc5} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
ShellIconOverlayIdentifiers-{dd230880-495a-11d1-b064-008048ec2fc5} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4187115969-1993233498-1334154708-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4187115969-1993233498-1334154708-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-03-03 13:57:13
ComboFix-quarantined-files.txt 2013-03-03 20:57
.
Pre-Run: 247,073,771,520 bytes free
Post-Run: 247,041,261,568 bytes free
.
- - End Of File - - 293972F69BD7853779AFE1C30C46381C


Report •

#19
March 3, 2013 at 13:14:52
Run Hitman Pro, then Copy & Paste the contents of the log please.
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (32-bit)
http://dl.surfright.nl/HitmanPro35.exe
Download now (64-bit)
http://dl.surfright.nl/HitmanPro35_...
Review
http://www.youtube.com/watch?v=WmPQ...

Report •

#20
March 3, 2013 at 13:53:25
Ran hitmanpro

[code]
HitmanPro 3.7.2.190
www.hitmanpro.com

Computer name . . . . : LISA-PC
Windows . . . . . . . : 6.0.2.6002.X64/2
User name . . . . . . : Lisa-PC\Lisa
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2013-03-03 14:47:29
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 55s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 23

Objects scanned . . . : 5,863,531
Files scanned . . . . : 13,717
Remnants scanned . . : 2,421,457 files / 3,428,357 keys

Cookies _____________________________________________________________________

C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\0IJSNVPV.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\0RG1BMIN.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\243IBAS3.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\24LNS79Z.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\532KDUSJ.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\5YLQAJL4.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\A1BCQNUE.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\AOSC5OTY.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\BBJBQ8BG.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\DVOBHEZ9.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\F7S9YVW5.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\FK89IDSE.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\H3I2PNRC.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\IRJSZ0O7.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\JRAD062F.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\KN0MV8YY.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\L1828X2V.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\LJUCQTK4.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\M575DP1C.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\MV90WYKX.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\RS6JWWVK.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\T2AKCRO5.txt
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\W3QPYF4W.txt


[/code]


Report •

#21
March 3, 2013 at 14:03:19
Ran hitmanpro
Thanks.

As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair later.

"I keep getting a "Machine Debug Manager" window popping up when I try to update or install"
Is that still happening?

Here is my time zone, what town/city & country are you in?
http://www.timeanddate.com/worldclo...


Report •

#22
March 3, 2013 at 14:08:43
I'm just grateful for the guidance! I was about ready to format the drive and start from scratch.

I haven't seen the Machine Debug Manager window since the last time, but I haven't tried to do anything other than instructed, either.

I'm in Alberta, Canada. On MST.


Report •

#23
March 3, 2013 at 14:18:02
"I'm in Alberta, Canada. On MST"
Good one, plenty of day time left.
http://www.timeanddate.com/worldclo...

"I'm just grateful for the guidance! I was about ready to format the drive and start from scratch"
If you do decide to reinstall, make sure you delete ALL partitions & format to NTFS.
Vista is probably the same as W7.
W7 - Click on > Drive options (advanced) Then highlight each partition & hit > Delete.
http://www.blackviper.com/os-instal...
http://www.blackviper.com/os-instal...
Here are some examples of why you delete all partitions.
http://forums.spybot.info/showthrea...
http://forums.whatthetech.com/index...
http://blog.eset.com/2011/10/18/tdl...

"It won't let me update Malwarebytes"
Try please, then run Quick scan & post the log.


Report •

#24
March 3, 2013 at 15:42:55
Sorry ran a full scan and got distracted by a phone call. Updated with no issues though!

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.03.10

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Lisa :: LISA-PC [administrator]

03/03/2013 15:42:00
mbam-log-2013-03-03 (15-42-00).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391206
Time elapsed: 59 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#25
March 3, 2013 at 15:47:00
Thought I'd lost you.

Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Run Junkware Removal Tool
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. http://www.bleepingcomputer.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the JRT.txt log into your next message.


Report •

#26
March 3, 2013 at 15:50:11
"Sorry ran a full scan"
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...

Report •

#27
March 3, 2013 at 15:58:15
fair enough...

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.03.10

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Lisa :: LISA-PC [administrator]

03/03/2013 16:54:06
mbam-log-2013-03-03 (16-54-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211133
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#28
March 3, 2013 at 16:02:27
"fair enough..."
Opp's sorry, didn't mean you to run it again, that was just for the future, if you need to run it again.

Report •

#29
March 3, 2013 at 23:05:22
# AdwCleaner v2.113 - Logfile created 03/03/2013 at 23:20:44
# Updated 23/02/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Lisa - LISA-PC
# Boot Mode : Normal
# Running from : C:\Users\Lisa\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\ataux19c.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1155 octets] - [03/03/2013 23:20:03]
AdwCleaner[S1].txt - [1092 octets] - [03/03/2013 23:20:44]

########## EOF - C:\AdwCleaner[S1].txt - [1152 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.7 (03.03.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Lisa on 03/03/2013 at 23:27:19.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/03/2013 at 23:35:48.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#30
March 4, 2013 at 00:09:55
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom.

What browser or browsers do you use?

Run SUPERAntiSpyware
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.superantispyware.com/ind...


Report •

#31
March 4, 2013 at 06:52:34
Seamonkey and Firefox primarily, right now I'm using IE but I typically don't

Report •

#32
March 4, 2013 at 14:56:15
"Seamonkey and Firefox primarily, right now I'm using IE but I typically don't"
Ok, the reason I asked, is to let you know how to block tracking cookies.

I use Mozilla Labs: Prospector - about:trackers on all Mozilla based browsers & Ghostery on IE, Chrome & Opera.

Mozilla Labs: Prospector - about:trackers
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
https://blog.mozilla.org/labs/2012/...

Ghostery
http://www.ghostery.com/
http://www.ghostery.com/download
Internet Explorer
http://www.ghostery.com/download-ie


Report •

#33
March 4, 2013 at 14:57:14
I use these on every comp I work on.
Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...


Report •

#34
March 4, 2013 at 14:58:50
After running the Wise cleaners, download and run ListParts by Farbar (for 32-bit system):
http://download.bleepingcomputer.co...
Please download and run ListParts64 by Farbar (for 64-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Post those contents in your next reply.

Report •

#35
March 4, 2013 at 16:31:49
ListParts by Farbar Version: 04-03-2013
Ran by Lisa (administrator) on 04-03-2013 at 17:22:52
Windows Vista (X64)
Running From: C:\Users\Lisa\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 40%
Total physical RAM: 4062.13 MB
Available physical RAM: 2410.26 MB
Total Pagefile: 8333.52 MB
Available Pagefile: 6482.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:288.19 GB) (Free:236.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 1024 KB
Partition 2 Primary 288 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 288 GB Healthy System (partition with boot components)

======================================================================================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {456a032a-a5eb-11dd-873f-001dba203c74}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
resume No

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {456a032a-a5eb-11dd-873f-001dba203c74}
nx OptIn
bootlog No

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[\Device\HarddiskVolume1]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description Windows Recovery Environment
osdevice ramdisk=[\Device\HarddiskVolume1]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Resume from Hibernate
---------------------
identifier {456a032a-a5eb-11dd-873f-001dba203c74}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
description Ramdisk options
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \boot\boot.sdi


****** End Of Log ******


Report •

#36
March 4, 2013 at 16:36:51
Is your comp a laptop/notebook, netbook or PC.?

Report •

#37
March 4, 2013 at 17:00:33
If your computer is NOT a laptop/notebook, netbook, then you can stop Hibernate.
Hibernation, reserves disk space equal to your RAM.
How To: Disable Hibernation & Delete The Hibernation File in Windows Vista
http://www.tomstricks.com/how-to-di...
http://helpdeskgeek.com/windows-vis...

Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; please post the contents of that document.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Uninstall ComboFix. The other tools you can keep, particually ESET, just update before using. The reason we remove Combofix, is that a new version comes out nearly every day.
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Qoobox is a folder created by Combofix to quarantine any infected files.
http://www.bleepingcomputer.com/com...
Double check no Combofix files remain, I use UltraSearch for searching, I have it open all the time. Go into Options & make sure Include Folders is checked.
UltraSearch
http://www.softpedia.com/get/File-m...
http://www.softpedia.com/progScreen...
http://www.jam-software.com/ultrase...


Report •

#38
March 4, 2013 at 18:06:26
It's a laptop.

Results of screen317's Security Check version 0.99.60
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.70.0.1100
Wise Disk Cleaner 7.77
Wise Registry Cleaner 7.65
JavaFX 2.1.1
Java 7 Update 11
Java(TM) SE Runtime Environment 6
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.6.602.171
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox (19.0)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 3 % [color=red][b]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/b][/color]
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#39
March 4, 2013 at 19:56:11
Ok nearly done, things have gone really well, you made it easy for me, with your skill level.
To get your comp more secure, these need updating.
Java(TM) SE Runtime Environment 6
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.6.602.171
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]

"remove a virus (can't diagnose which one)"
Malware Prevention
http://www.malwarevault.com/prevent...
"There is no magic involved. The majority of malware is installed by the user themselves"


Report •

#40
March 4, 2013 at 21:20:31
Thanks again!

I've updated Java, Flash and Reader.

Clearly, I helped something get past Pure but I have no idea when or how and it's irritating me! I'm typically pretty vigilant.

At this point, I'm guessing I'll have to reinstall Pure, MS Office, and see if the windows update will succeed, unless there's more you recommend first.


Report •

#41
March 4, 2013 at 21:33:28
"At this point, I'm guessing I'll have to reinstall Pure, MS Office, and see if the windows update will succeed, unless there's more you recommend first"

Try updating first.

Going back to my post #21, that will be the next thing to try, if updates don't work.
"Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair later"


Report •

#42
March 4, 2013 at 22:39:23
Microsoft .NET Framework 3.5 Family Update (KB959209) x64

failed to update...

What next?


Report •

#43
March 4, 2013 at 22:50:54
Ok, framework update failures are very common, give me a little time to think about the best way for you.

Report •

#44
March 4, 2013 at 22:56:57
Lots of ways to fix, this tool may be needed later, lets only do one thing at a time.

Run Tweaking.com - Windows Repair & check the > Repair Windows Updates
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...


Report •

#45
March 5, 2013 at 04:58:21
You are probably going to be online again when I'm off, Lisa.

Use the the tools etc in this link if the Tweaking.com fix doesn't work.

http://support.microsoft.com/kb/976...


Report •

#46
March 5, 2013 at 07:44:37
people always tell me crap. But i always use Avast with a Zone alarm firewall haven't had a virus since.

Report •

#47
March 5, 2013 at 20:29:38
Nothing above fixed the framework error, and I can't find it referenced anywhere "Code 80070645"

Report •

#48
March 6, 2013 at 00:16:40
"Code 80070645"

The code numbers weren't the important part, the methods & tools were.

" It won't let me update Malwarebytes, fully install CCLeaner"
Install CCleaner & open.
Tools > Startup & down the bottom R/H corner, click on > Save to text file.
Post the contents please.


Report •

#49
March 6, 2013 at 11:46:02
Yes HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe
Yes HKCU:Run PMSpeed NewSoft Technology Corporation C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKCU:Run SUPERAntiSpyware SUPERAntiSpyware.com C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes HKCU:Run WindowsWelcomeCenter Microsoft Corporation rundll32.exe oobefldr.dll,ShowWelcomeCenter
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run ArcSoft Connection Service ArcSoft Inc. "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
Yes HKLM:Run EEventManager SEIKO EPSON CORPORATION C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
Yes HKLM:Run FUFAXSTM SEIKO EPSON CORPORATION "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run ISBMgr.exe Sony Corporation "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run RtHDVCpl Realtek Semiconductor RAVCpl64.exe
Yes HKLM:Run Skytel Realtek Semiconductor Corp. Skytel.exe
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Yes HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SynTPEnh Synaptics, Inc. C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run VAIOSurvey "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
Yes HKLM:Run VWLASU Sony Electronics, Inc. "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
Yes HKLM:Run WrtMon.exe NewSoft Technology Corporation C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe
Yes Startup User OneNote 2007 Screen Clipper and Launcher.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

Report •

#50
March 6, 2013 at 11:57:49
Thanks, can I also have the contents of Uninstall in CCleaner please.

Report •

#51
March 6, 2013 at 12:01:48
Acrobat.com Adobe Systems Incorporated 05/03/2013 1.67 MB 1.1.377
Adobe AIR Adobe Systems Incorporated 05/03/2013 2.6.0.19140
Adobe Community Help Adobe Systems Incorporated. 05/03/2013 5.69 MB 3.4.980
Adobe Download Assistant Adobe Systems Incorporated 05/03/2013 2.84 MB 1.0.0
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 05/03/2013 11.6.602.171
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 05/03/2013 11.6.602.171
Adobe Reader X (10.1.4) Adobe Systems Incorporated 04/03/2013 114 MB 10.1.4
Adobe SVG Viewer 6.0 Adobe Systems, Inc. 05/03/2013 6.61 MB 6.0
Adobe Widget Browser Adobe Systems Incorporated. 05/03/2013 2.18 MB 2.0 Build 230
ArcSoft Magic-i Visual Effects 2 ArcSoft 05/03/2013 34.7 MB 2.0.1.39
ArcSoft Print Creations ArcSoft 05/03/2013 54.3 MB 2.8.255.292
ArcSoft Print Creations - Greeting Card ArcSoft 05/03/2013 1.10 MB
ArcSoft Print Creations - Photo Book ArcSoft 05/03/2013 3.54 MB
ArcSoft Print Creations - Photo Calendar ArcSoft 05/03/2013 7.50 MB
ArcSoft WebCam Companion 2 ArcSoft 05/03/2013 24.4 MB
ArtistScope Plugin FX ArtistScope 05/03/2013 3.64 MB 4.2.0.3
CCleaner Piriform 25/02/2013 10.5 MB 3.28
Click to Disc Sony Corporation 14/11/2008 70.6 MB 1.2.52.09250
Click to Disc Editor Sony Corporation 14/11/2008 186 MB 1.2.51
EPSON Artisan 810 Series Printer Uninstall SEIKO EPSON Corporation 10/03/2010
Epson Event Manager SEIKO EPSON Corporation 05/03/2013 19.9 MB 2.30.00
Epson FAX Utility SEIKO EPSON CORPORATION 10/03/2010 25.9 MB 1.00.000
Epson Print CD SEIKO EPSON CORPORATION 10/03/2010 26.8 MB 2.00.00
EPSON Scan 05/03/2013 7.44 MB
EpsonNet Print SEIKO EPSON CORPORATION 10/03/2010 4.33 MB 2.4h
EpsonNet Setup SEIKO EPSON CORPORATION 10/03/2010 16.0 MB 3.1a
ESET Online Scanner v3 05/03/2013 105 MB
HDAUDIO SoftV92 Data Fax Modem with SmartCP 29/10/2008 1.45 MB
Java 7 Update 17 Oracle 04/03/2013 130 MB 7.0.170
Java 7 Update 17 (64-bit) Oracle 04/03/2013 128 MB 7.0.170
Malwarebytes Anti-Malware version 1.70.0.1100 Malwarebytes Corporation 28/12/2012 3.91 MB 1.70.0.1100
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 01/03/2009 32.4 MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 04/12/2010 189 MB 4.0.30319
Microsoft Office Home and Student 2007 Microsoft Corporation 05/03/2013 600 MB 12.0.6612.1000
Microsoft Silverlight Microsoft Corporation 04/03/2013 5.1.10411.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 28/02/2013 294 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 28/02/2013 566 KB 8.0.61000
Mozilla Firefox 19.0 (x86 en-US) Mozilla 05/03/2013 52.2 MB 19.0
Music Transfer Sony Corporation 14/11/2008 40.7 MB 1.2.00.17290
Napster Napster 14/11/2008 6.32 MB 4.5.1.1
OpenMG Secure Module 5.1.00 Sony Corporation 14/11/2008 5.1.00.05200
Presto! PageManager 8.15.01 SE NewSoft Technology Corporation 10/03/2010 241 MB 8.15.01
QuickTax Tracker Intuit 22/04/2009 50.0 MB 12.01.0000
Readiris Pro 10 05/03/2013 89.0 MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 29/10/2008 18.5 MB 6.0.1.5653
Roxio Easy Media Creator 10 LJ Roxio 05/03/2013 5.16 MB 10.1
SeaMonkey (1.1.18) 05/03/2013
SeaMonkey 2.16 (x86 en-US) Mozilla 05/03/2013 48.1 MB 2.16
Setting Utility Series Sony Corporation 14/11/2008 11.6 MB 4.2.0.10150
Sony Picture Utility Sony Corporation 14/11/2008 389 MB 3.3.01.09300
Sony Video Shared Library Sony Corporation 14/11/2008 5.27 MB 3.5.00
SUPERAntiSpyware SUPERAntiSpyware.com 04/03/2013 9.84 MB 5.6.1014
Synaptics Pointing Device Driver Synaptics 29/10/2008 14.5 MB 10.2.7.0
Tweaking.com - Windows Repair (All in One) Tweaking.com 05/03/2013 12.9 MB 1.9.12
VAIO Care Sony Corporation 19/06/2012 815 MB 6.3.0.09020
VAIO Care Update Sony Corporation 17/05/2012 288 KB 1.00.1119
VAIO Content Folder Setting Sony Corporation 14/11/2008 7.62 MB 2.1.0.08260
VAIO Content Folder Watcher Sony Corporation 14/11/2008 16.1 MB 1.0.01.09030
VAIO Content Metadata Intelligent Analyzing Manager Sony Corporation 14/11/2008 20.2 MB 3.2.00.06115
VAIO Content Metadata Manager Setting Sony Corporation 14/11/2008 3.35 MB 3.2.00.06062
VAIO Content Metadata XML Interface Library Sony Corporation 14/11/2008 5.39 MB 3.2.00.06112
VAIO Control Center Sony Corporation 14/11/2008 4.83 MB 3.2.0.09120
VAIO Data Restore Tool Sony Corporation 14/11/2008 6.50 MB 1.0.04.01170
VAIO DVD Menu Data Basic Sony Corporation 14/11/2008 416 MB 1.0.00.08130
VAIO Entertainment Platform Sony Corporation 17/05/2012 4.74 MB 3.4.1.15040
VAIO Event Service Sony Corporation 14/11/2008 7.46 MB 4.2.0.10172
VAIO Help and Support Sony Corporation 14/11/2008 3.23 MB 7.10.1013.ENCA
VAIO Launcher Sony Corporation 14/11/2008 7.50 MB 2.2.0.09090
VAIO Media plus Sony Corporation 14/11/2008 55.0 MB 1.2.0.10230
VAIO Media plus Opening Movie Sony Corporation 14/11/2008 35.5 MB 1.2.0.09050
VAIO Movie Story Sony Corporation 14/11/2008 57.2 MB 1.3.01.08060
VAIO Movie Story Template Data Sony Corporation 14/11/2008 398 MB 1.3.00.06120
VAIO MusicBox Sony Corporation 14/11/2008 63.8 MB 2.1.1.09160
VAIO MusicBox Sample Music Sony Corporation 14/11/2008 90.5 MB 1.1.00.14140
VAIO My Memory Center Sony 14/11/2008 672 KB 2.00.1029
VAIO OOBE and Welcome Center Sony Corporation 14/11/2008 7.83 MB 7.10.1020.ENCA
VAIO Original Function Setting Sony Corporation 14/11/2008 5.29 MB 1.4.00.04230
VAIO Power Management Sony Corporation 29/10/2008 6.41 MB 3.2.0.10200
VAIO Presentation Support Sony Corporation 14/11/2008 6.35 MB 1.1.0.08250
VAIO Survey Sony Corporation 14/11/2008 408 KB 6.00.0722
VAIO Update 4 Sony Corporation 14/11/2008 3.19 MB 4.0.0.08280
VAIO Wallpaper Contents Sony Corporation 14/11/2008 134 MB 1.3.0.10310
VAIO Wireless Wizard Sony 14/11/2008 9.71 MB 2.00.1013
Windows Live Essentials Microsoft Corporation 03/03/2013 15.4.3502.0922
WinDVD BD for VAIO InterVideo Inc. 14/11/2008 113 MB 8.0-B9.615
Wise Disk Cleaner 7.77 WiseCleaner.com, Inc. 04/03/2013 6.60 MB
Wise Registry Cleaner 7.65 WiseCleaner.com, Inc. 04/03/2013 5.37 MB

Report •

#52
March 6, 2013 at 12:31:07
"Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 01/03/2009 32.4 MB"

.Net Framework is a programmers tool & is not a system tool. In other words, it is only required to run certain added programs.

As you have a full version of .NET Framework 4 installed, I would uninstall 3.5, then Run both of the Wise programs.

The worst that could happen, is a particular program may not run & you have to reinstall 3.5.


Report •

#53
March 6, 2013 at 12:59:21
This illustrates one of the many advantages of using Softpedia for downloads.
http://www.softpedia.com/get/Multim...

Requirements:

· NET Framework 4.0
http://i.imgur.com/FuuuMVy.gif


Report •

#54
March 6, 2013 at 13:29:13
Re Anti virus ( AV ) programs, I use Microsoft Security Essentials ( MSE ) & the Windows firewall.
Avast is another very good AV. Both are Free.

You can only have one realtime AV installed.

Uninstallation of Kaspersky PURE
http://support.kaspersky.com/pure/i...

Microsoft Security Essentials ( MSE )
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.techsupportalert.com/bes...
http://windows.microsoft.com/en-US/...
System requirements
http://www.microsoft.com/en-us/secu...
Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.
http://answers.microsoft.com/en-us/...
If you choose to use Security Essentials, please follow the steps in this thread first, especially the part about removing all existing realtime antimalware:
http://kb.eset.com/esetkb/index?pag...
3. Remove ALL real-time anti-malware products that WERE EVER INSTALLED on your PC(Norton, McAfee, TM, AVG, avast, avira, MBAM (paid), etc). Uninstall your previous real-time antimalware. Then, use the removal/cleanup tools in this thread. Not only should you remove your current anti-malware product(s),you should also uninstall any free or trial anti-malware products that may have been installed on your PC when purchased, even if never activated. Some anti-malware products have their own firewall. Removing/uninstalling these products will (or should) enable the Windows Firewall. MSE will use the Windows Firewall by default. After removal and cleanup of all other anti-malware products,restart your PC andcheck that the Windows Firewall is ON. You can check the status of the Windows Firewall in the Security Center/Action Center of your PC, or via the Control Panel.
Check list for installing Microsoft Security Essentials
http://experts.windows.com/w/expert...


Report •

Ask Question