Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple malware infections


  • This topic is locked This topic is locked
2 replies to this topic

#1 helpmyinfctdpos

helpmyinfctdpos

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 07 June 2010 - 05:47 PM

Hi, this is my first time posting, so please bear with me.

I purchased a new PC less than 2 months ago. Within a week of getting it, it became very sluggish & started freezing & crashing. I had installed a lot of software on it & ran multiple applications at the same time, so I attributed these problems to those causes. About 1 month ago, my pop-up blockers started fail. Pop up ads began to appear while I was online running Firefox & spontaneously, even if I didn't have a browser open. Meanwhile, I started to have trouble navigating to websites- both IE & Firefox will often fail to go to a page that I've typed in a url for, & will virtually always fail to open links. The message is either IE/Firefox cannot communicate with the server or the connection to the server was lost. This happens regardless of the strength of my wireless connection, which is almost always "excellent." Next, my cursor became frozen in the middle of the screen, but this was determined to be a mechanical problem with the Function key by Dell, who replaced the keyboard, & fixed that problem.

I often see that it tries to redirect to hxxp://results.google-analytics.com/ It will open new tabs to go there, or spontaneously redirect the tab I'm working in there- I never get to see the results, though, it just tries to load indefinitely. Today my computer started to play music randomly. As with the pop up ads, I don't need to have a browser open or have a detectable application running. It's an out of control beast!

I've pasted my dds log below & attached the attach log. I had some trouble with GMER- when I click run, it gives me an error msg: "C:Windows\System32\config\system. The system can't find the path specified." It then runs anyway, but I can't adjust the settings, so only "Services," "Registry," "Files," ("C:",) & "ADS" are checked during the scan. I've attached that log also. Btw, I'm unable to install Norton 360- when I try, it starts the installation, I agree to the terms & click install, & I don't get any error messages, but the installation doesn't proceed.

I ran rkill before I got to this forum, so I'm attaching that log as well. I ran it before I ran the dds to post here & it supposedly "killed" \\?\globalroot\systemroot\system32\msihost.exe, but as you see in my dds log below, that process is still running.

Please help me, I feel like my PC is overrun & out of control. If you can help me remove whatever malware is here, I'd greatly appreciate it. Also, I'd like to know how vulnerable my data may have been while this PC was connected to the internet. Not only did I have my financial particulars on it, but I had documents & video files connected to it that I'm worried
about. Is there a way to trace the locations that data was sent to from this PC?

Thank you so much for your help!



Here's my dds log:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Anonymous at 13:23:08.18 on Mon 06/07/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2791 [GMT -7:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\dleecoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell V715w\ezprint.exe
C:\Program Files (x86)\Dell V715w\dleemon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
\\?\globalroot\systemroot\system32\msihost.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Users\Anonymous\AppData\Local\Temp\notepad.exe
C:\Windows\System32\msdtc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Anonymous\AppData\Local\Temp\notepad.exe
C:\Users\Anonymous\AppData\Local\Temp\notepad.exe
C:\Users\Anonymous\AppData\Local\Temp\notepad.exe
C:\Users\Anonymous\AppData\Local\Temp\notepad.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Anonymous\AppData\Local\Temp\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Anonymous\AppData\Local\Temp\notepad.exe
C:\Users\Anonymous\AppData\Local\Temp\notepad.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Users\Anonymous\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://googlemail.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: c:\windows\syswow64\wemd0w0f1.dll: {c7ba40a1-74f2-52bd-f411-04b15a2c8953} - c:\windows\syswow64\wemd0w0f1.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell printable web\toolband.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] c:\users\anonymous\appdata\local\temp\notepad.exe
dRun: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] c:\windows\temp\avp.exe
StartupFolder: c:\users\anonym~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office14\ONENOTEM.EXE
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: link = 00000000
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files (x86)\bonjour\ExplorerPlugin.dll
DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_6/PhotoCenter_ActiveX_Control.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 93.188.163.20,93.188.161.244
TCP: {14A0CB2C-C45A-4ABE-AFE0-C90235C24D84} = 93.188.163.20,93.188.161.244
TCP: {1AB1F3AE-7E3D-4F97-A8A9-A2EA6E6F6AFD} = 93.188.163.20,93.188.161.244
TCP: {53DE61FA-58A6-4490-85D8-14002A55BC3A} = 93.188.163.20,93.188.161.244
TCP: C4F4242495 = 93.188.163.20,93.188.161.244
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\mif5ba~1\office14\GROOVEEX.DLL
mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - c:\program files (x86)\pixiepack codec pack\InstallerHelper.exe

============= SERVICES / DRIVERS ===============

R?2 Windows MSI;Windows MSI;\\?\globalroot\systemroot\system32\msihost.exe [2010-5-17 136192]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-4-9 230904]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-5-4 55280]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-6-7 1477728]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2009-10-9 92160]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe [2010-6-7 2480048]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-8 202752]
R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\intel\intel® management engine components\uns\UNS.exe [2010-3-29 2320920]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-6-7 252512]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-3-29 172704]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-26 151936]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-8-20 239616]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\x64\3\dleeserv.exe [2010-4-9 33448]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\docklogin.exe --> c:\program files\dell\delldock\DockLogin.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-3 135664]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2010-4-1 976896]
S3 MaxiVista_service_D;MaxiVista_service_D;"c:\program files (x86)\maxivista demo viewer\maxivistademoviewer.exe" -service --> c:\program files (x86)\maxivista demo viewer\MaxiVistaDemoViewer.exe [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-4-8 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-7-16 220672]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-23 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware doctor\bdt\BDTUpdateService.exe [2010-4-9 112592]
S4 CSHelper;CopySafe Helper Service;c:\windows\syswow64\CSHelper.exe [2010-4-5 266240]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2010-4-9 366840]
S4 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2010-4-9 1142224]

=============== Created Last 30 ================

2010-06-07 20:00:59 20 ----a-w- c:\users\anonymous\defogger_reenable
2010-06-07 17:36:34 0 d-----w- c:\programdata\NortonInstaller
2010-06-07 14:57:38 0 d-----w- c:\programdata\Acronis
2010-06-07 14:54:23 252512 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-06-07 14:54:21 1477728 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-06-07 14:54:18 943712 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-06-07 14:54:14 271456 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-05-26 19:31:16 375987428 ----a-w- c:\windows\MEMORY.DMP
2010-05-18 01:20:26 166400 ----a-w- c:\windows\Jcynea.exe
2010-05-17 23:00:46 25088 ----a-w- C:\lsass.exe
2010-05-17 23:00:42 30000 ----a-w- c:\windows\syswow64\wemd0w0f1.dll
2010-05-17 23:00:11 136192 ----a-w- c:\windows\system32\msihost.exe
2010-05-13 10:03:37 118 ----a-w- c:\windows\system32\MRT.INI
2010-05-12 23:57:00 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 23:57:00 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-08 23:39:56 0 d-----w- c:\program files (x86)\WM Converter

==================== Find3M ====================

2055-09-19 06:29:11 2012 ------w- c:\windows\syswow64\NAV_75_cltDynam.dat
2010-06-03 18:11:45 146 ---ha-w- c:\users\anonym~1\appdata\roaming\wklnhst.dat
2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-13 21:11:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
2010-04-13 21:05:19 61224 ---ha-w- c:\users\anonymous\GoToAssistDownloadHelper.exe
2010-04-13 00:29:27 153376 ------w- c:\windows\syswow64\javaws.exe
2010-04-13 00:29:26 145184 ------w- c:\windows\syswow64\javaw.exe
2010-04-13 00:29:25 145184 ------w- c:\windows\syswow64\java.exe
2010-04-13 00:29:19 411368 ------w- c:\windows\syswow64\deployJava1.dll
2010-04-10 03:45:50 112192 ----a-w- c:\windows\system32\cad.exe
2010-04-10 03:45:50 112192 ----a-w- C:\test.exe
2010-04-05 08:52:57 266240 ------w- c:\windows\syswow64\CSHelper.exe
2010-04-05 08:52:57 225280 ------w- c:\windows\syswow64\CSInstru.DLL
2010-03-29 16:13:51 455680 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 16:13:51 432128 ----a-w- c:\windows\system32\jucheck.exe
2010-03-29 16:13:51 41984 ----a-w- c:\windows\system32\jureg.exe
2010-03-29 16:13:51 172032 ----a-w- c:\windows\system32\jusched.exe
2010-03-29 16:13:04 55072 ------w- c:\windows\syswow64\jureg.exe
2010-03-15 09:31:48 165376 ----a-w- c:\windows\syswow64\unrar.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-12-30 12:43:16 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009123020091231\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:23:18.48 ===============

Attached Files


Edited by Orange Blossom, 07 June 2010 - 06:38 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:34 AM

Posted 11 June 2010 - 11:28 AM

Hi helpmyinfctdpos, and welcome to Bleeping Computer.

Your machine is severely infected - I hope this will be a warning for you - you need to take some preventive steps in the future...

QUOTE
Also, I'd like to know how vulnerable my data may have been while this PC was connected to the internet. Not only did I have my financial particulars on it, but I had documents & video files connected to it that I'm worried
about. Is there a way to trace the locations that data was sent to from this PC?

I know of no way of checking that... However, this infection is a security risk (as most infections nowadays) - ThreatExpert Report... I'll ask you to change your password later, however, if you have a possibility to change them now from a known clean computer, please do so...

Please do the following:

Firstly,
Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Secondly,
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:34 AM

Posted 05 July 2010 - 05:32 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users