Dell acting very weird - very slow, can't shutdown, Chrome not working properly

A

amra

New Member
Hello,
for a couple of days my laptop (running Windows 7) has been acting up, and it's getting stranger and stranger.
I would normally attempt to help myself first, but it's very hard to work with the laptop right now, so I'm hoping someone will be able to help me, and enable me to skip doing research and speed up the process of fixing what is wrong...

1. I can't shut down the laptop anymore, and I can't restart. When I click on the shutdown or restart options in the Start Menu, nothing happens. The only thing I can do is close the laptop so it goes to sleep. Even then it will suddenly switch itself back on during the night, and then go back to sleep... it wakes me up, even though I obviously didn't touch anything. Ctrl-Alt-Delete doesn't do anything either, it's like I never pressed anything.
2. Chrome is getting more and more messed up. It can't open more than one new tab at a time, and even then it constantly crashes and half of the time it won't let me scroll down on a page. I tried to install Malwarebytes, but it wouldn't even let me load any download site. Since today, it is always in front of the task bar - I have autohide off, so it can't be that. I have to press the Windows key to bring the task bar back up.
3. Seems like a minor issue, but is very annoying and never happened before - when I type something, the cursor jumps back to random places in the text and continues typing there. I'm not accidentally touching the touchpad or pressing buttons or anything like that.
4. It won't open downloaded files. My first thought was a keylogger - my father had installed one before, and I wiped the hard drive and did a clean reinstall earlier this year. He hasn't touched the laptop since then (I don't live at home), but I immediately thought of it anyway. So I attempted to download bazooka, but it won't open any files. The task manager claims they're open, but they're not visible anywhere.
5. All around the laptop is slower than usual and some windows plain stop responding... they don't crash, they just pretend like I never touched them.

That's all I can think of off the top of my head. I tried to download HijackThis - I can open the installer, but the Status bar doesn't move at all. When I click Cancel, nothing happens. I also tried to download Kaspersky, but the file won't even open.
I hope someone can help me. Thanks!
 
Last edited:
A

amra

New Member
No - I will try cutting the power and rebooting that way to get into safe mode. Not sure why that idea only just crossed my mind...

What is the advantage of booting into the networking mode, as opposed to the normal safe mode? Just curious, since I know nothing about it. I will try it right now.
 
johnb35

johnb35

Administrator
Staff member
Safe mode with networking allows the internet to work. Regular safe mode doesn't.
 
A

amra

New Member
Aha ok, I thought it was just for networking with other computers (e.g. in a local network).

Anyway, I am running malwarebytes right now and it's already found 10 threats... I am quite surprised. The scan is not done yet though.
Bazooka reported systemdir.explorer and systemdir.regedit... let's see if malwarebytes picks them up and removes them.
I've tried to run hijackthis, but Windows tells me that it can't be installed in Safe Mode.
 
johnb35

johnb35

Administrator
Staff member
Yes, Hijackthis can't be installed in safe mode but can be ran in safe mode after installation. When you can boot back into regular mode install hijackthis. Post the malwarebytes log when done.

When done I would like for you to also run the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
A

amra

New Member
Okay, all done, here are the logs:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:11:35, on 16/04/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Join Air\UIExec.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Janine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Janine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Janine\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Bazooka Scanner\spywarescanner.exe
C:\Users\Janine\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
C:\Users\Janine\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [UIExec] "C:\Program Files (x86)\Join Air\UIExec.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Janine\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Scrybe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files (x86)\Join Air\AssistantServices.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10604 bytes


ComboFix 12-04-16.02 - Janine 16/04/2012 22:49:49.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4056.2838 [GMT 2:00]
Running from: c:\users\Janine\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 20:04 . 2012-04-16 20:04 -------- d-----w- c:\program files (x86)\Bazooka Scanner
2012-04-16 20:00 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-16 19:55 . 2012-04-16 19:55 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-13 17:49 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9427702-1E2A-49A6-828F-9AFE7D15CB6A}\mpengine.dll
2012-04-10 19:59 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 19:59 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 19:59 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-10 19:59 . 2012-04-10 19:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-10 19:58 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 19:58 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 19:58 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 19:58 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 19:58 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 19:58 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 19:58 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-27 19:59 . 2012-03-27 19:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-27 19:58 . 2012-03-27 19:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-27 19:58 . 2012-03-27 19:58 -------- d-----w- c:\program files (x86)\Java
2012-03-27 19:56 . 2012-03-27 20:06 -------- d-----w- c:\users\Janine\AppData\Roaming\.minecraft
2012-03-20 16:03 . 2012-03-20 16:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 11:56 . 2012-02-25 11:56 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2012-01-19 22:57 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-15 10:59 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-15 10:59 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-15 10:59 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-15 10:59 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 11:28 . 2012-02-14 11:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-14 11:28 . 2012-02-14 11:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-14 11:28 . 2012-02-14 11:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-14 11:28 . 2012-02-14 11:28 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-14 11:28 . 2012-02-14 11:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-14 11:28 . 2012-02-14 11:28 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-14 11:28 . 2012-02-14 11:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-14 11:28 . 2012-02-14 11:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-14 11:28 . 2012-02-14 11:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-14 11:28 . 2012-02-14 11:28 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-14 11:28 . 2012-02-14 11:28 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-14 11:28 . 2012-02-14 11:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-14 11:28 . 2012-02-14 11:28 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-14 11:28 . 2012-02-14 11:28 448512 ----a-w- c:\windows\system32\html.iec
2012-02-14 11:28 . 2012-02-14 11:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-14 11:28 . 2012-02-14 11:28 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-14 11:28 . 2012-02-14 11:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-14 11:28 . 2012-02-14 11:28 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-14 11:28 . 2012-02-14 11:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-14 11:28 . 2012-02-14 11:28 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-14 11:28 . 2012-02-14 11:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-14 11:28 . 2012-02-14 11:28 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-14 11:28 . 2012-02-14 11:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-14 11:28 . 2012-02-14 11:28 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-14 11:28 . 2012-02-14 11:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-14 11:28 . 2012-02-14 11:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-14 11:28 . 2012-02-14 11:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-14 11:28 . 2012-02-14 11:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-14 11:28 . 2012-02-14 11:28 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-14 11:28 . 2012-02-14 11:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-14 11:28 . 2012-02-14 11:28 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-14 11:28 . 2012-02-14 11:28 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-14 11:28 . 2012-02-14 11:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-14 11:28 . 2012-02-14 11:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:18 . 2012-03-15 11:00 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-15 10:59 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-15 10:59 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-15 10:59 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-15 10:59 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-15 11:00 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-15 10:59 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-15 10:59 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-15 10:59 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-15 10:59 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-03 04:16 . 2012-03-15 11:01 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:27 . 2012-03-15 11:00 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:27 . 2012-03-15 11:00 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:20 . 2012-03-15 11:00 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-01-24 11:45 . 2012-01-24 11:45 53248 ----a-r- c:\users\Janine\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-01-19 23:06 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Janine\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2010-04-27 138072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2012-1-20 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2010-04-27 247152]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2432305939-1645479878-3502761125-1000Core.job
- c:\users\Janine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 07:40]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2432305939-1645479878-3502761125-1000UA.job
- c:\users\Janine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 07:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-04-30 271872]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\wnqk8ffe.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Synaptics\Scrybe\scrybe.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\users\Janine\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
c:\users\Janine\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2012-04-16 23:03:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-16 21:03
.
Pre-Run: 80,467,243,008 bytes free
Post-Run: 81,973,981,184 bytes free
.
- - End Of File - - E735934BE55159F5278F8FC728B52021



The laptop seems to run a lot faster, and as you can see, I was able to install HijackThis (before, it would open the installation window, and then nothing would happen). Shutting down and restarting the laptop work again as well! And Chrome is back where it belongs - behind the taskbar.
The only thing left is that bazooka still reports systemdir.explorer and systemdir.regedit - but I don't know if that is a false alarm, or if perhaps the reports above already mention it.
 
Last edited:
A

amra

New Member
I have two because the first time round I didn't notice only one box was checked.


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.16.04

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Janine :: JANINE-PC [administrator]

16/04/2012 22:01:24
mbam-log-2012-04-16 (22-01-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 360486
Time elapsed: 39 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> No action taken.
HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.
HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll (PUP.Codec.PR) -> No action taken.
C:\Users\Janine\Downloads\Codec-C.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.16.04

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Janine :: JANINE-PC [administrator]

16/04/2012 22:42:32
mbam-log-2012-04-16 (22-42-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197156
Time elapsed: 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll (PUP.Codec.PR) -> Quarantined and deleted successfully.

(end)
 
johnb35

johnb35

Administrator
Staff member
What exactly is bazooka saying they are? What type of malware are they...

You can also do an online scan.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.
 
A

amra

New Member
Well... I just saw that Bazooka is not compatible with Win7. So I guess it is false alarm.

ESET found this here - but I think they too are false positivies:

C:\Users\Janine\Downloads\cnet2_bazookasetup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Janine\Downloads\Office 2010 Pro Plus & Crack (Tom_Da_Man).iso a variant of Win32/HackKMS.A application
C:\Users\Janine\Downloads\YouTubeDownloaderSetup35.exe probably a variant of Win32/Toolbar.Widgi application
 
johnb35

johnb35

Administrator
Staff member
Rule #1.

Don't be trying to crack software, you will infect yourself downloading keygens that have malware attached.

Manually delete those 3 files. Other than that, are you having any other issues?
 
A

amra

New Member
Deleted! If you were referring to the Office 2010 file... it was pre-cracked, and I made sure to get it from a trusted downloader.
What does Rut Ro mean....?

And apart from that, I haven't experienced any more problems so far!
 
johnb35

johnb35

Administrator
Staff member
He said rut ro because you got caught doing illegal stuff. Did you know that cracking software is illegal? It doesn't matter if you get the keygen from a good or bad website, its still illegal.
 
You must log in or register to reply here.
Top