Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blank Google Search Results


  • This topic is locked This topic is locked
71 replies to this topic

#1 Dogspods

Dogspods

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 15 November 2011 - 03:24 PM

My parents PC has possibly been infected. It started with google.co.uk showing a blank page but with the ie bars etc visible. Typing the web address for a particular site would possibly work but when using a search engine the same blank page was shown. Microsoft Security Essentials was turned off and unable to turn back on or update, but would allow Malwarebytes to update. Scanned with Malwarebytes and with Trend House Call but they found nothing??. Any help would be appreciated , Here is the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:43:54, on 15/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v4.2-delta.exe
d:\aa25df9e13e544adf97931\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6026 bytes

Edited by hamluis, 15 November 2011 - 03:28 PM.
Moved from XP to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,485 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:17 PM

Posted 16 November 2011 - 10:26 AM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#3 Dogspods

Dogspods
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 16 November 2011 - 04:13 PM

Hi, logs as requested.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,485 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:17 PM

Posted 16 November 2011 - 05:05 PM

Hi,

Please post the combofix log(s)

should be located at c:\combofix.txt, older logs at c:\qoobox\combofix2.txt
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#5 Dogspods

Dogspods
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 17 November 2011 - 01:56 AM

ComboFix logs:

Edited by Dogspods, 17 November 2011 - 01:59 AM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,485 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:17 PM

Posted 17 November 2011 - 08:27 AM

Hi,

Please run the following:

Note: Please allow ComboFix to update if it asks to do so:


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
c:\windows\system32\drivers\OLD63.tmp

AtJob::

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#7 Dogspods

Dogspods
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 17 November 2011 - 03:22 PM

ComboFix 11-11-17.03 - Kay 17/11/2011 19:53:41.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.767.409 [GMT 0:00]
Running from: d:\documents and settings\Kay\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Kay\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\OLD63.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 19:20 . 2011-11-17 19:20 20719 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-11-17 19:20 . 2011-11-17 19:20 23327 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-11-17 19:20 . 2011-11-17 19:20 7271 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-11-17 19:20 . 2011-11-17 19:20 8782 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-11-15 19:35 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-11-15 19:35 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-10-30 15:47 . 2011-11-13 16:26 -------- d-----w- c:\program files\Panda Security
2011-10-30 15:01 . 2011-10-30 15:02 -------- d-----w- c:\program files\Unlocker
2011-10-30 13:31 . 2011-10-30 13:31 388096 ----a-r- d:\documents and settings\Kay\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-30 13:31 . 2011-10-30 13:31 -------- d-----w- c:\program files\Trend Micro
2011-10-29 12:46 . 2011-10-29 12:46 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-08-10 16:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-10 09:03 . 2008-05-27 14:41 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-10 09:03 . 2008-05-27 14:41 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-10 09:02 . 2008-05-27 14:41 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-10 09:02 . 2008-05-27 14:41 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-06 09:49 . 2011-10-06 09:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06 . 2004-08-10 16:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 19:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-10 16:38 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-10 16:38 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-10 16:38 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 16:00 . 2010-04-17 10:33 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-13_13.26.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-10 16:38 . 2011-08-17 21:32 44544 c:\windows\system32\pngfilt.dll
- 2004-08-10 16:38 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-10 16:38 . 2006-10-17 10:28 48128 c:\windows\system32\mshtmler.dll
- 2004-08-10 16:38 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
+ 2004-08-10 16:38 . 2006-10-17 10:56 45568 c:\windows\system32\mshta.exe
+ 2006-10-17 10:58 . 2006-10-17 10:58 12288 c:\windows\system32\msfeedssync.exe
+ 2006-11-07 20:03 . 2011-08-17 21:32 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 16:37 . 2006-10-17 11:05 40960 c:\windows\system32\licmgr10.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-10 16:37 . 2006-11-07 02:26 92672 c:\windows\system32\inseng.dll
+ 2004-08-10 16:37 . 2006-10-17 10:57 36352 c:\windows\system32\imgutil.dll
+ 2004-08-10 16:37 . 2006-11-07 02:26 55296 c:\windows\system32\iesetup.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 44544 c:\windows\system32\iernonce.dll
+ 2011-07-17 13:42 . 2011-08-17 21:32 78336 c:\windows\system32\ieencode.dll
+ 2004-08-10 16:37 . 2011-08-17 12:21 70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 10:58 . 2011-08-17 21:32 63488 c:\windows\system32\icardie.dll
+ 2006-05-10 05:25 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-10-17 10:28 . 2006-10-17 10:28 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2006-10-17 10:28 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2006-10-17 10:56 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2006-10-17 10:56 . 2006-10-17 10:56 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-05-20 13:12 . 2011-08-17 21:32 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-10 16:37 . 2006-10-17 11:05 40960 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 16:37 . 2006-11-07 02:26 92672 c:\windows\system32\dllcache\inseng.dll
+ 2006-10-17 10:57 . 2006-10-17 10:57 36352 c:\windows\system32\dllcache\imgutil.dll
- 2007-05-20 13:12 . 2011-04-25 12:00 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-05-20 13:12 . 2011-08-17 12:21 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-10 16:37 . 2006-11-07 02:26 55296 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2011-07-17 13:42 . 2011-08-17 21:32 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-11-07 02:26 . 2011-08-17 12:21 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04 . 2011-08-17 21:32 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-10 16:56 . 2006-10-17 10:44 60416 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-06-29 16:12 . 2011-08-17 21:32 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-10 16:37 . 2006-11-07 02:26 71680 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 17408 c:\windows\system32\corpol.dll
+ 2004-08-10 16:37 . 2006-11-07 02:26 71680 c:\windows\system32\admparse.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 44544 c:\windows\ie7updates\KB2586448-IE7\pngfilt.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 52224 c:\windows\ie7updates\KB2586448-IE7\msfeedsbs.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 27648 c:\windows\ie7updates\KB2586448-IE7\jsproxy.dll
+ 2011-11-15 19:39 . 2011-04-25 12:00 13824 c:\windows\ie7updates\KB2586448-IE7\ieudinit.exe
+ 2011-11-15 19:39 . 2011-04-25 15:51 44544 c:\windows\ie7updates\KB2586448-IE7\iernonce.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 78336 c:\windows\ie7updates\KB2586448-IE7\ieencode.dll
+ 2011-11-15 19:39 . 2011-04-25 12:00 70656 c:\windows\ie7updates\KB2586448-IE7\ie4uinit.exe
+ 2011-11-15 19:39 . 2011-04-25 15:51 63488 c:\windows\ie7updates\KB2586448-IE7\icardie.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 17408 c:\windows\ie7updates\KB2586448-IE7\corpol.dll
+ 2004-08-10 16:38 . 2011-08-17 21:32 832512 c:\windows\system32\wininet.dll
+ 2006-10-17 11:05 . 2006-10-17 11:05 206336 c:\windows\system32\winfxdocobj.exe
+ 2004-08-10 16:38 . 2011-08-17 21:32 233472 c:\windows\system32\webcheck.dll
+ 2004-08-10 16:38 . 2011-03-04 06:45 434176 c:\windows\system32\vbscript.dll
+ 2004-08-10 16:38 . 2011-08-17 21:32 106496 c:\windows\system32\url.dll
+ 2004-08-10 16:38 . 2011-08-17 21:32 102912 c:\windows\system32\occache.dll
+ 2004-08-10 16:38 . 2011-08-17 21:32 671232 c:\windows\system32\mstime.dll
+ 2004-08-10 16:38 . 2011-08-17 21:32 193024 c:\windows\system32\msrating.dll
- 2004-08-10 16:38 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
+ 2004-08-10 16:38 . 2006-11-07 20:03 156160 c:\windows\system32\msls31.dll
+ 2004-08-10 16:38 . 2011-08-17 21:32 478720 c:\windows\system32\mshtmled.dll
+ 2006-11-07 20:03 . 2011-08-17 21:32 468480 c:\windows\system32\msfeeds.dll
+ 2004-08-10 16:37 . 2011-03-04 06:45 512000 c:\windows\system32\jscript.dll
+ 2006-11-07 20:03 . 2006-11-07 20:03 180736 c:\windows\system32\ieui.dll
+ 2006-10-17 10:57 . 2011-08-17 21:32 268288 c:\windows\system32\iertutil.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 192512 c:\windows\system32\iepeers.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 384512 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 10:27 . 2011-08-17 21:32 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-10 16:37 . 2011-08-17 11:00 161792 c:\windows\system32\ieakui.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 133120 c:\windows\system32\extmgr.dll
- 2004-08-10 16:37 . 2011-04-25 15:51 133120 c:\windows\system32\extmgr.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 347136 c:\windows\system32\dxtmsft.dll
+ 2006-05-10 05:25 . 2011-08-17 21:32 832512 c:\windows\system32\dllcache\wininet.dll
+ 2006-11-07 20:03 . 2011-08-17 21:32 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-10 16:56 . 2011-04-30 08:50 766464 c:\windows\system32\dllcache\vgx.dll
+ 2008-05-09 10:53 . 2011-03-04 06:45 434176 c:\windows\system32\dllcache\vbscript.dll
+ 2006-10-17 11:05 . 2011-08-17 21:32 106496 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 11:04 . 2011-08-17 21:32 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-10 16:38 . 2011-08-17 21:32 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:25 . 2011-08-17 21:32 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-11-07 20:03 . 2006-11-07 20:03 156160 c:\windows\system32\dllcache\msls31.dll
- 2006-11-07 20:03 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2006-05-10 05:25 . 2011-08-17 21:32 478720 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-20 13:12 . 2011-08-17 21:32 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2011-03-04 06:45 512000 c:\windows\system32\dllcache\jscript.dll
+ 2008-08-15 08:01 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2008-08-15 08:01 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2006-10-17 11:04 . 2011-08-17 11:01 634632 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-20 13:12 . 2011-08-17 21:32 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-05-10 05:25 . 2011-08-17 21:32 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-07 02:27 . 2011-08-17 21:32 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-20 13:12 . 2011-08-17 21:32 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-10 16:37 . 2011-08-17 11:00 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-10 16:37 . 2011-04-25 15:51 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-05-10 05:25 . 2011-08-17 21:32 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:25 . 2011-08-17 21:32 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2006-11-07 02:26 . 2011-08-17 21:32 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-10 16:37 . 2011-08-17 21:32 124928 c:\windows\system32\advpack.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 832512 c:\windows\ie7updates\KB2586448-IE7\wininet.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 233472 c:\windows\ie7updates\KB2586448-IE7\webcheck.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 105984 c:\windows\ie7updates\KB2586448-IE7\url.dll
+ 2011-11-15 19:39 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2586448-IE7\spuninst\updspapi.dll
+ 2011-11-15 19:39 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2586448-IE7\spuninst\spuninst.exe
+ 2011-11-15 19:39 . 2011-04-25 15:51 102912 c:\windows\ie7updates\KB2586448-IE7\occache.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 671232 c:\windows\ie7updates\KB2586448-IE7\mstime.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 193024 c:\windows\ie7updates\KB2586448-IE7\msrating.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 478208 c:\windows\ie7updates\KB2586448-IE7\mshtmled.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 468480 c:\windows\ie7updates\KB2586448-IE7\msfeeds.dll
+ 2011-11-15 19:39 . 2011-04-21 10:58 634648 c:\windows\ie7updates\KB2586448-IE7\iexplore.exe
+ 2011-11-15 19:39 . 2011-04-25 15:51 268288 c:\windows\ie7updates\KB2586448-IE7\iertutil.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 192512 c:\windows\ie7updates\KB2586448-IE7\iepeers.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 384512 c:\windows\ie7updates\KB2586448-IE7\iedkcs32.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 380928 c:\windows\ie7updates\KB2586448-IE7\ieapfltr.dll
+ 2011-11-15 19:39 . 2011-04-21 10:56 161792 c:\windows\ie7updates\KB2586448-IE7\ieakui.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 230400 c:\windows\ie7updates\KB2586448-IE7\ieaksie.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 153088 c:\windows\ie7updates\KB2586448-IE7\ieakeng.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 133120 c:\windows\ie7updates\KB2586448-IE7\extmgr.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 214528 c:\windows\ie7updates\KB2586448-IE7\dxtrans.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 347136 c:\windows\ie7updates\KB2586448-IE7\dxtmsft.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 124928 c:\windows\ie7updates\KB2586448-IE7\advpack.dll
+ 2011-07-17 13:42 . 2006-09-06 15:43 213216 c:\windows\ie7\spuninst\spuninst.exe
+ 2004-08-10 16:38 . 2011-08-17 21:32 1168896 c:\windows\system32\urlmon.dll
+ 2004-08-10 16:38 . 2011-09-05 07:48 3615744 c:\windows\system32\mshtml.dll
+ 2006-11-07 20:03 . 2011-08-17 21:32 6076416 c:\windows\system32\ieframe.dll
+ 2006-09-05 22:01 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2006-05-10 05:25 . 2011-08-17 21:32 1168896 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-19 15:06 . 2011-09-05 07:48 3615744 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-20 13:12 . 2011-08-17 21:32 6076416 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-20 13:12 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2011-11-15 19:39 . 2011-04-25 15:51 1168896 c:\windows\ie7updates\KB2586448-IE7\urlmon.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 3608576 c:\windows\ie7updates\KB2586448-IE7\mshtml.dll
+ 2011-11-15 19:39 . 2011-04-25 15:51 6076416 c:\windows\ie7updates\KB2586448-IE7\ieframe.dll
+ 2006-02-04 11:01 . 2011-11-15 19:40 50295240 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\Tony\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
d:\documents and settings\Kay\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-11-18 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-10-10 09:02 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKsl9928b849;MpKsl9928b849;\??\d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83DA77B9-C1BA-441D-BC0C-B406A3A3AE72}\MpKsl9928b849.sys --> d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83DA77B9-C1BA-441D-BC0C-B406A3A3AE72}\MpKsl9928b849.sys [?]
R1 MpKsle79e0302;MpKsle79e0302;\??\d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83DA77B9-C1BA-441D-BC0C-B406A3A3AE72}\MpKsle79e0302.sys --> d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83DA77B9-C1BA-441D-BC0C-B406A3A3AE72}\MpKsle79e0302.sys [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [31/10/2010 12:06 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [28/02/2008 14:31 12856]
S1 MpKsl0db43414;MpKsl0db43414;\??\d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5111222-5AFC-42DA-ACC5-EF9D57C29AE8}\MpKsl0db43414.sys --> d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5111222-5AFC-42DA-ACC5-EF9D57C29AE8}\MpKsl0db43414.sys [?]
S1 MpKsl3c55e93d;MpKsl3c55e93d;\??\d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5111222-5AFC-42DA-ACC5-EF9D57C29AE8}\MpKsl3c55e93d.sys --> d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5111222-5AFC-42DA-ACC5-EF9D57C29AE8}\MpKsl3c55e93d.sys [?]
S1 MpKsl6df984f7;MpKsl6df984f7;\??\d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45DF8B7D-B9A1-4ED3-8C72-4BCD511C5E1B}\MpKsl6df984f7.sys --> d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45DF8B7D-B9A1-4ED3-8C72-4BCD511C5E1B}\MpKsl6df984f7.sys [?]
S1 MpKsl7829a240;MpKsl7829a240;\??\d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC722EB9-493F-4666-AB71-03FBEF0A77D7}\MpKsl7829a240.sys --> d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC722EB9-493F-4666-AB71-03FBEF0A77D7}\MpKsl7829a240.sys [?]
S1 MpKsl81271b20;MpKsl81271b20;\??\d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91EA31B9-7051-4AAC-A1EB-60F54288A577}\MpKsl81271b20.sys --> d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91EA31B9-7051-4AAC-A1EB-60F54288A577}\MpKsl81271b20.sys [?]
S1 MpKsld07d0652;MpKsld07d0652;\??\d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4A2AB72-C232-4CCE-9742-F7DE315AE33B}\MpKsld07d0652.sys --> d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4A2AB72-C232-4CCE-9742-F7DE315AE33B}\MpKsld07d0652.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/08/2004 16:38 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-16 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2011-09-22 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2011-10-27 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2011-10-30 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14 15:07]
.
2011-09-21 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 00:12]
.
2006-01-01 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
.
2006-01-01 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
.
2006-01-01 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-17 20:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1996026722-1646591423-3677921591-1006\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-11-17 20:04:31
ComboFix-quarantined-files.txt 2011-11-17 20:04
ComboFix2.txt 2011-11-13 13:29
.
Pre-Run: 7,118,422,016 bytes free
Post-Run: 7,095,623,680 bytes free
.
- - End Of File - - BE00F983B08639F535F297D5A44D8066

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,485 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:17 PM

Posted 17 November 2011 - 03:50 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#9 Dogspods

Dogspods
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 17 November 2011 - 04:51 PM

MBAM scan done, nothing found, log attached:

Tried to run ESET scan but the page doesn't load correctly (same applies to other online scanners).

This is all that is shown on the SCAN NOW page:

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,485 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:17 PM

Posted 17 November 2011 - 05:30 PM

Hi,

Let's clear out all your temp files and see if you can give it another try, your installed programs log isn't showing that you have Java installed and I believe you'd need it for the online scan. Are you avoiding Java for a reason?

If so, uninstall it once the scan is complete


Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.



Java can be downloaded from here:


http://java.com/en/download/index.jsp
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#11 Dogspods

Dogspods
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 18 November 2011 - 05:21 PM

Sorry for the delay in replying.

Thought part of the problem may be the lack of Java but even that page wouldn't load properly. Java now installed.

Ran TFC and that cleaned out what it needed too.

Have tried to run ESET twice and on both occassions the pc hangs with 100% CPU uses at some point after stage 3 of the scan has finished. Have left it running over night to see if it clears at some point.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,485 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:17 PM

Posted 18 November 2011 - 06:24 PM

Try the following:


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC Now button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#13 Dogspods

Dogspods
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 19 November 2011 - 07:26 AM

Question: on average how long should an ActiveScan take (80gb hdd) ??

Scan was 'stuck' at 22% with 296,422 files scanned after 4.5hrs - files scanned went from 204,600 to 296,422 but still remained at 22% ??

Scan finally finished - and nothing was found? No option to save a report/log

Edited by Dogspods, 19 November 2011 - 12:49 PM.


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,485 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:17 PM

Posted 19 November 2011 - 01:27 PM

The length of time varies machine to machine, at least nothing was found, which is good news.

Please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#15 Dogspods

Dogspods
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 19 November 2011 - 02:41 PM

Cant download latest Adobe Reader as the page had no pull down tabs, just a blank space.

Google home page still shows a blank white screen.

DDS Logs:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users