Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.DNSChanger


  • Please log in to reply
15 replies to this topic

#1 chixdigit

chixdigit

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 07 August 2010 - 11:04 PM

Hi, I am unable to download any Windows/Security-Related Updates or definitions and service packs (SP1) from Microsoft websites. This made me suspicious, so I went to Malwarebytes.org to run a scan and found that the website won't even load. I was eventually able to download "Malwarebytes' Anti-Malware" from another site and the result of the Quick Scan was that I have a "Trojan.DNSChanger" infection in two locations. Could this be the cause? My computer's pretty vulnerable right now because I haven't been able to download/install any of the important/critical updates using Windows Update (I receive this error: 80072EFD) or downloading directly from Microsoft websites (I receive the generic Internet Explorer page loading error/message. BTW, my computer has just crashed to BSOD a third time while running the "gmer.exe" file, so I'm going to leave that program alone until I hear back from someone. Any help would really be appreciated.
-Chris

DDS (Ver_10-03-17.01) - NTFSx86
Run by fOXYMORON at 19:42:28.26 on Sat 08/07/2010
Internet Explorer: 7.0.6000.16473
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1069 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\fOXYMORON\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T5234
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T5234
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T5234
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\foxymo~1\appdata\roaming\mozilla\firefox\profiles\g71v7x2p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2010-8-7 540776]
R2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2010-8-7 493144]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-8-7 352856]
R2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2010-8-7 256096]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-8-7 144960]
R2 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-8-7 643664]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-8-7 71496]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-8-7 34184]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-8-7 171240]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2010-8-7 37480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-7 135664]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2010-8-7 32008]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2010-08-08 02:36:33 0 ----a-w- c:\users\foxymoron\defogger_reenable
2010-08-07 23:19:12 0 d-----w- c:\users\foxymo~1\appdata\roaming\Malwarebytes
2010-08-07 23:18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 23:18:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 23:18:41 0 d-----w- c:\programdata\Malwarebytes
2010-08-07 23:18:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 20:58:27 0 d---a-w- c:\programdata\TEMP
2010-08-07 20:58:23 0 d-----w- c:\programdata\SpeedBit
2010-08-07 20:58:17 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-08-07 20:58:14 0 d-----w- c:\program files\DAP
2010-08-07 18:58:27 0 d-----w- c:\programdata\Google
2010-08-07 18:58:11 0 d-----w- c:\programdata\NOS
2010-08-07 09:44:27 0 d-----w- c:\users\foxymo~1\appdata\roaming\Spare Backup
2010-08-07 09:38:49 0 d-sh--we c:\programdata\Documents
2010-08-07 09:38:49 0 d-sh--we C:\Documents and Settings
2010-08-07 09:26:35 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-07 09:25:34 500224 ----a-w- c:\windows\system32\msdtcprx.dll
2010-08-07 09:25:34 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-08-07 09:24:46 3330 ----a-w- c:\windows\system32\USBMediaReaderPatch.vbs
2010-08-07 09:24:04 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-07 09:22:42 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2010-08-07 09:21:39 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-07 09:21:39 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-08-07 09:20:11 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2010-08-07 09:20:11 351232 ----a-w- c:\windows\system32\SLUI.exe
2010-08-07 09:20:11 33280 ----a-w- c:\windows\system32\slwmi.dll
2010-08-07 09:20:11 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2010-08-07 09:20:11 223232 ----a-w- c:\windows\system32\SLC.dll
2010-08-07 09:20:10 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2010-08-07 09:20:10 39936 ----a-w- c:\windows\system32\slcinst.dll
2010-08-07 09:20:10 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2010-08-07 09:20:10 186368 ----a-w- c:\windows\system32\SLLUA.exe
2010-08-07 09:17:27 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2010-08-07 09:16:22 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-08-07 09:16:22 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-08-07 09:16:22 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-08-07 09:16:22 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-08-07 09:16:22 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-08-07 09:16:22 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-08-07 09:16:21 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-08-07 09:16:21 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-08-07 09:16:21 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-08-07 09:15:13 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-08-07 09:13:48 33978 ----a-w- c:\windows\system32\RacUR.xml
2010-08-07 09:13:48 2048 ----a-w- c:\windows\system32\wertargets.wtl
2010-08-07 09:07:17 25600 ----a-w- c:\windows\system32\LangCleanupSysprepAction.dll
2010-08-07 09:07:17 23552 ----a-w- c:\windows\system32\lpremove.exe
2010-08-07 09:07:17 165888 ----a-w- c:\windows\system32\lpksetup.exe
2010-08-07 09:07:17 10240 ----a-w- c:\windows\system32\MUILanguageCleanup.dll
2010-08-07 09:06:07 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-08-07 09:06:07 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-08-07 09:05:54 0 d-----w- c:\windows\SMINST
2010-08-07 09:05:09 633856 ----a-w- c:\windows\system32\user32.dll
2010-08-07 09:05:09 2026496 ----a-w- c:\windows\system32\win32k.sys
2010-08-07 09:03:42 143360 ----a-w- c:\windows\system32\dunzip32.dll
2010-08-07 09:02:56 37480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-08-07 09:02:56 32008 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-08-07 09:02:55 34184 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-07 09:02:55 171240 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-07 09:02:54 71496 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-07 09:02:49 120360 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-08-07 09:02:28 0 d-----w- c:\program files\McAfee.com
2010-08-07 09:02:26 0 d-----w- c:\program files\common files\McAfee
2010-08-07 09:02:24 0 d-----w- c:\program files\McAfee
2010-08-07 09:02:21 0 d-----w- c:\programdata\McAfee
2010-08-07 09:02:07 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-08-07 09:02:07 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-08-07 09:02:07 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-08-07 09:02:07 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-08-07 09:02:07 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-08-07 09:02:07 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-08-07 08:58:40 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-08-07 08:58:40 737792 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-07 08:58:39 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-08-07 08:58:39 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-08-07 08:58:39 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-08-07 08:57:38 5120 ----a-w- c:\windows\system32\wmi.dll
2010-08-07 08:57:38 152576 ----a-w- c:\windows\system32\imagehlp.dll
2010-08-07 08:57:38 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2010-08-07 08:49:14 414208 ----a-w- c:\windows\system32\msscp.dll
2010-08-07 08:47:23 11816 ----a-w- c:\windows\BigFixClientOverride.dll
2010-08-07 08:47:08 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-08-07 08:46:34 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-08-07 08:45:56 74752 ----a-w- c:\windows\system32\drivers\rasl2tp.sys
2010-08-07 08:45:56 60928 ----a-w- c:\windows\system32\drivers\raspptp.sys
2010-08-07 08:43:37 135680 ----a-w- c:\windows\system32\wusa.exe
2010-08-07 08:43:04 229888 ----a-w- c:\windows\system32\msshsq.dll
2010-08-07 08:41:56 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-08-07 08:41:56 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-08-07 08:41:56 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-08-07 08:41:56 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-08-07 08:41:56 218624 ----a-w- c:\windows\system32\psisrndr.ax
2010-08-07 08:39:06 0 d-----w- C:\Documents
2010-08-07 08:38:32 0 d-----w- c:\programdata\Napster
2010-08-07 08:35:31 0 d-----w- c:\program files\eMachines Games
2010-08-07 08:35:28 0 d-----w- c:\programdata\WildTangent
2010-08-07 08:35:21 94208 ----a-w- c:\windows\system32\BAE.dll
2010-08-07 08:31:44 0 d-----w- c:\program files\Spare Backup
2010-08-07 08:31:09 0 d-----w- c:\program files\Microsoft WSE
2010-08-07 08:30:52 69632 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-07 08:30:20 0 ----a-w- c:\windows\system32\drivers\Gateway_T5234_MCP61PM-AM_GC47930005683.MRK
2010-08-07 08:30:20 0 ----a-w- c:\windows\system32\drivers\Gateway_T5234_MCP61PM-AM_GC47830009190.MRK
2010-08-07 08:29:07 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-08-07 08:27:11 0 d-----w- c:\programdata\Microsoft Help
2010-08-07 08:25:01 0 d-----w- c:\programdata\Adobe
2010-08-07 08:24:17 0 d-----w- C:\Graphics
2010-08-07 08:24:14 24536 ----a-w- c:\windows\system32\eMachines.bmp
2010-08-07 08:24:14 0 d---a-w- c:\windows\system32\wildtangent
2010-08-07 08:24:14 0 d---a-w- c:\windows\system32\Office
2010-08-07 08:24:14 0 d---a-w- c:\windows\system32\NetZero
2010-08-07 08:24:14 0 d---a-w- c:\windows\system32\Napster
2010-08-07 08:24:14 0 d---a-w- c:\windows\system32\AOL
2010-08-07 08:24:14 0 d---a-w- c:\windows\system32\Acceller
2010-08-07 08:23:37 0 d-----w- c:\program files\Digital Media Reader
2010-08-07 08:23:07 0 d-----w- c:\program files\Realtek
2010-08-07 08:22:56 520192 ----a-w- c:\windows\RtlExUpd.dll
2010-08-07 08:22:56 315392 ----a-w- c:\windows\HideWin.exe
2010-08-07 08:22:54 0 d-----w- c:\windows\Downloaded Installations
2010-08-07 08:21:17 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-08-07 08:20:39 0 d-----w- c:\program files\Marvell
2010-08-07 08:20:10 0 d-sh--w- c:\windows\Installer
2010-08-07 08:20:05 2 --sh--r- C:\USER
2010-08-07 08:17:50 0 d-----w- c:\program files\CONEXANT

==================== Find3M ====================

2010-08-07 09:29:50 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-07 09:29:50 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-07 09:29:50 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-07 09:29:50 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-07 09:09:10 36864 ----a-w- c:\windows\system32\wmdmps.dll
2010-08-07 09:09:10 31744 ----a-w- c:\windows\system32\wmdmlog.dll
2010-08-07 09:09:10 311296 ----a-w- c:\windows\system32\mswmdm.dll
2010-08-07 09:00:50 822784 ----a-w- c:\windows\system32\wininet.dll
2010-08-07 09:00:50 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-08-07 09:00:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-07 08:45:19 160872 ----a-w- c:\windows\system32\halmacpi.dll
2010-08-07 08:45:19 134760 ----a-w- c:\windows\system32\halacpi.dll
2010-08-07 08:44:44 356576 ----a-w- c:\windows\fonts\monbaiti.ttf
2010-08-07 08:23:13 319456 ----a-w- c:\windows\DIFxAPI.dll
2006-11-02 12:50:50 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:42:59.30 ===============

I just want to add that my browsers (FF and IE) often redirect to other websites. Most often, I'm redirected to one of these sites: videocop.com or results5.google.com. This is likely related to the other problem mentioned in my initial post.

I'm sure you guys are very busy, but can I ask how much longer until someone will be able to assist me? I really appreciate the service you guys provide. Thanks in advance for your help!

- Chris

EDIT: Under our current backlog I would expect you will have to wait 2 more days to receive help ~BP

Attached Files


Edited by Budapest, 14 August 2010 - 07:02 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:14 PM

Posted 15 August 2010 - 05:52 PM

hi,

Your log is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#3 chixdigit

chixdigit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 15 August 2010 - 10:33 PM

Hi,

Yes, I still need some help. Thanks.

- Chris

#4 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:14 PM

Posted 16 August 2010 - 05:55 PM

After you ran Malwarebytes you continued with 'remove selected' See below:

Please download Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*


When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

How Can I Reduce My Risk to Malware?


#5 chixdigit

chixdigit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 18 August 2010 - 01:38 AM

Here is the mbam log you requested. I couldn't get any updates to the program because the malwarebytes site is another website that I can't access (through IE or FF browsers) due to the current problem I have with my computer.

- Chris

Attached Files



#6 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:14 PM

Posted 19 August 2010 - 04:14 PM

hi,

Ok we will get another download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the Combofix log in your reply:

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#7 chixdigit

chixdigit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 20 August 2010 - 04:06 PM

Here is the ComboFix log that you requested:

ComboFix 10-08-19.02 - fOXYMORON 08/20/2010 11:49:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1242 [GMT -7:00]
Running from: c:\users\fOXYMORON\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_osppsvc


((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-20 19:14 . 2010-08-20 20:29 -------- d-----w- c:\users\fOXYMORON\AppData\Local\temp
2010-08-20 19:14 . 2010-08-20 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-20 19:14 . 2010-08-20 19:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-08-17 18:39 . 2010-08-17 19:38 -------- d-----r- c:\users\fOXYMORON\m p 3
2010-08-16 08:09 . 2010-08-16 08:09 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-08-16 08:06 . 2010-08-20 06:57 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-16 07:59 . 2010-08-16 07:59 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2010-08-16 07:57 . 2010-08-16 08:09 -------- d-----w- c:\programdata\Hitman Pro
2010-08-16 07:57 . 2010-08-16 07:57 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-15 04:50 . 2010-08-15 05:25 -------- d-----w- c:\programdata\Yahoo!
2010-08-15 04:49 . 2010-08-15 04:49 -------- d-----w- c:\users\fOXYMORON\AppData\Roaming\Yahoo!
2010-08-15 04:49 . 2010-08-15 06:00 -------- d-----w- c:\program files\Yahoo!
2010-08-15 04:47 . 2010-08-15 04:50 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-15 01:40 . 2010-08-18 08:35 -------- d-----w- c:\users\fOXYMORON\AppData\Roaming\vlc
2010-08-15 01:37 . 2010-08-15 01:37 -------- d-----w- c:\program files\VideoLAN
2010-08-15 01:35 . 2010-08-15 01:35 -------- d-----w- c:\program files\IrfanView
2010-08-14 23:18 . 2010-08-14 23:24 -------- d-----w- C:\My Archives
2010-08-14 21:20 . 2010-08-14 21:20 -------- d-----w- c:\windows\PCHEALTH
2010-08-14 21:20 . 2010-08-14 21:20 -------- d-----w- c:\program files\Microsoft.NET
2010-08-14 21:20 . 2010-08-14 21:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-08-14 21:18 . 2010-08-14 21:18 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-14 21:17 . 2010-08-14 21:17 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-08-14 21:16 . 2010-08-17 06:54 -------- d-----w- c:\users\fOXYMORON\AppData\Local\Microsoft Help
2010-08-14 21:16 . 2010-08-14 21:16 -------- d-----r- C:\MSOCache
2010-08-14 20:23 . 2010-08-14 20:23 -------- d-----w- C:\PerfLogs
2010-08-14 19:58 . 2010-08-14 19:24 47560 ----a-w- c:\windows\system32\SPReview.exe
2010-08-14 19:58 . 2010-08-14 19:24 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2010-08-14 19:41 . 2008-01-19 06:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2010-08-14 19:41 . 2008-01-19 06:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2010-08-14 19:41 . 2008-01-19 06:33 599552 ----a-w- c:\windows\system32\vsp1cln.exe
2010-08-14 19:39 . 2008-01-19 06:35 475648 ----a-w- c:\windows\system32\msidcrl30.dll
2010-08-14 19:38 . 2008-01-19 06:36 296960 ----a-w- c:\windows\system32\ntshrui.dll
2010-08-14 19:37 . 2008-01-19 06:43 441400 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-08-14 19:36 . 2008-01-19 06:43 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-08-14 19:31 . 2007-12-06 04:04 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-08-14 19:30 . 2008-01-19 06:33 44032 ----a-w- c:\windows\system32\cbsra.exe
2010-08-14 17:58 . 2010-08-14 18:48 680 ----a-w- c:\users\fOXYMORON\AppData\Local\d3d9caps.dat
2010-08-14 17:01 . 2010-08-14 17:01 -------- d-----w- c:\users\fOXYMORON\DoctorWeb
2010-08-14 16:33 . 2010-08-20 18:38 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-11 18:10 . 2010-08-11 18:10 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-08-11 18:09 . 2010-08-11 18:09 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-11 18:08 . 2010-08-11 18:08 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2010-08-10 07:49 . 2010-08-10 09:28 -------- d-----w- c:\users\fOXYMORON\AppData\Roaming\Apple Computer
2010-08-10 07:49 . 2010-08-10 07:49 -------- d-----w- c:\users\fOXYMORON\AppData\Local\Apple Computer
2010-08-10 07:47 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-10 07:47 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-10 07:47 . 2010-08-10 07:47 -------- dc----w- c:\windows\system32\DRVSTORE
2010-08-10 07:45 . 2010-08-10 07:45 -------- d-----w- c:\program files\iPod
2010-08-10 07:45 . 2010-08-10 07:47 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-10 07:45 . 2010-08-10 07:47 -------- d-----w- c:\program files\iTunes
2010-08-10 07:43 . 2010-08-10 07:44 -------- d-----w- c:\program files\QuickTime
2010-08-10 07:43 . 2010-08-10 07:45 -------- d-----w- c:\programdata\Apple Computer
2010-08-10 07:43 . 2010-08-10 07:43 -------- d-----w- c:\users\fOXYMORON\AppData\Local\Apple
2010-08-10 07:43 . 2010-08-10 07:43 -------- d-----w- c:\program files\Apple Software Update
2010-08-10 07:41 . 2010-08-10 07:41 -------- d-----w- c:\program files\Bonjour
2010-08-10 07:40 . 2010-08-10 07:45 -------- d-----w- c:\program files\Common Files\Apple
2010-08-10 07:40 . 2010-08-10 07:43 -------- d-----w- c:\programdata\Apple
2010-08-09 00:49 . 2010-08-09 00:49 13696 ----a-w- c:\windows\system32\drivers\epfilter.sys
2010-08-09 00:49 . 2010-08-09 00:50 -------- d-----w- c:\program files\Data Protection Suite
2010-08-08 16:57 . 2010-08-08 16:58 -------- d-----w- c:\users\Guest\AppData\Roaming\Spare Backup
2010-08-08 16:57 . 2010-08-08 16:57 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2010-08-08 16:57 . 2010-08-08 16:57 68880 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-07 23:19 . 2010-08-07 23:19 -------- d-----w- c:\users\fOXYMORON\AppData\Roaming\Malwarebytes
2010-08-07 23:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 23:18 . 2010-08-07 23:18 -------- d-----w- c:\programdata\Malwarebytes
2010-08-07 23:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 23:18 . 2010-08-07 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 23:05 . 2010-08-07 23:05 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2010-08-07 22:54 . 2010-08-07 22:54 -------- d-----w- c:\users\fOXYMORON\AppData\Local\Mozilla
2010-08-07 20:58 . 2010-08-07 20:58 -------- d-----w- c:\programdata\SpeedBit
2010-08-07 20:58 . 2010-08-07 20:59 -------- d-----w- c:\program files\DAP
2010-08-07 19:05 . 2010-08-07 19:05 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5F52.tmp.exe
2010-08-07 19:04 . 2010-08-07 19:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-07 18:58 . 2010-08-07 18:58 77184 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-08-07 18:58 . 2010-08-08 00:17 -------- d-----w- c:\programdata\NOS
2010-08-07 18:51 . 2010-08-07 19:40 -------- d-----w- c:\users\fOXYMORON\AppData\Local\Adobe
2010-08-07 15:42 . 2010-08-07 15:42 -------- d-----w- c:\users\fOXYMORON\AppData\Local\Seven Zip
2010-08-07 09:44 . 2010-08-15 06:29 -------- d-----w- c:\users\fOXYMORON\AppData\Roaming\Spare Backup
2010-08-07 09:44 . 2010-08-15 21:22 -------- d-----w- c:\users\fOXYMORON\AppData\Local\Google
2010-08-07 09:43 . 2010-08-15 05:09 176352 ----a-w- c:\users\fOXYMORON\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-07 09:38 . 2010-08-07 09:38 -------- d-sh--we c:\programdata\Templates
2010-08-07 09:24 . 2007-08-01 02:27 3330 ----a-w- c:\windows\system32\USBMediaReaderPatch.vbs
2010-08-07 09:09 . 2010-08-07 09:09 -------- d-----w- c:\windows\I386
2010-08-07 09:09 . 2007-01-27 09:21 101160 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2010-08-07 09:09 . 2007-01-27 09:01 354304 ----a-w- c:\windows\system32\idecoiins.dll
2010-08-07 09:09 . 2007-01-27 09:01 354304 ----a-w- c:\windows\system32\idecoi.dll
2010-08-07 09:09 . 2006-11-08 08:55 986624 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2010-08-07 09:09 . 2006-11-08 08:54 258048 ----a-w- c:\windows\system32\drivers\HSXHWBS2.sys
2010-08-07 09:09 . 2006-11-08 08:53 659968 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2010-08-07 09:09 . 2006-11-07 02:54 172032 ----a-w- c:\windows\system32\Uci32114.dll
2010-08-07 09:09 . 2006-08-04 10:39 386560 ----a-w- c:\windows\system32\drivers\XAudio.exe
2010-08-07 09:09 . 2006-08-04 10:39 8192 ----a-w- c:\windows\system32\drivers\XAudio.sys
2010-08-07 09:09 . 2006-06-19 07:26 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-08-07 09:09 . 2006-06-19 07:26 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-08-07 09:05 . 2010-08-07 08:30 -------- d-----w- c:\windows\SMINST
2010-08-07 09:02 . 2010-08-11 18:33 -------- d-----w- c:\programdata\McAfee
2010-08-07 09:02 . 2006-11-02 08:46 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-08-07 08:47 . 2006-11-16 23:05 11816 ----a-w- c:\windows\BigFixClientOverride.dll
2010-08-07 08:39 . 2010-08-07 08:39 -------- d-----w- C:\Documents
2010-08-07 08:38 . 2010-08-07 15:51 -------- d-----w- c:\programdata\Napster
2010-08-07 08:35 . 2010-08-07 15:39 -------- d-----w- c:\program files\eMachines Games
2010-08-07 08:35 . 2010-08-16 08:09 -------- d-----w- c:\programdata\WildTangent
2010-08-07 08:35 . 2006-01-31 19:54 94208 ----a-w- c:\windows\system32\BAE.dll
2010-08-07 08:31 . 2010-08-07 08:31 -------- d-----w- c:\program files\Microsoft WSE
2010-08-07 08:30 . 2010-08-07 08:30 -------- d-----w- c:\program files\Java
2010-08-07 08:30 . 2010-08-07 08:30 -------- d-----w- c:\program files\Common Files\Java
2010-08-07 08:30 . 2010-08-07 08:30 -------- d-----w- c:\windows\system32\Macromed
2010-08-07 08:30 . 2010-08-07 23:41 -------- d-----w- c:\program files\Google
2010-08-07 08:29 . 2010-08-07 08:29 -------- d-----w- c:\program files\CyberLink
2010-08-07 08:29 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-08-07 08:29 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-08-07 08:27 . 2010-08-14 21:27 -------- d-----w- c:\programdata\Microsoft Help
2010-08-07 08:24 . 2010-08-07 18:11 -------- d-----w- C:\Graphics
2010-08-07 08:24 . 2007-09-04 02:29 -------- d---a-w- c:\windows\system32\wildtangent
2010-08-07 08:24 . 2007-09-04 02:29 -------- d---a-w- c:\windows\system32\Office
2010-08-07 08:24 . 2007-09-04 02:29 -------- d---a-w- c:\windows\system32\NetZero
2010-08-07 08:24 . 2007-09-04 02:29 -------- d---a-w- c:\windows\system32\Napster
2010-08-07 08:24 . 2007-09-04 02:29 -------- d---a-w- c:\windows\system32\AOL
2010-08-07 08:24 . 2007-09-04 02:29 -------- d---a-w- c:\windows\system32\Acceller
2010-08-07 08:22 . 2010-08-07 08:22 315392 ----a-w- c:\windows\HideWin.exe
2010-08-07 08:22 . 2007-01-12 08:54 520192 ----a-w- c:\windows\RtlExUpd.dll
2010-08-07 08:22 . 2010-08-07 08:22 -------- d-----w- c:\windows\Downloaded Installations
2010-08-07 08:21 . 2007-04-06 22:53 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-08-07 08:20 . 2010-08-07 08:20 -------- d-----w- c:\program files\Marvell
2010-08-07 08:20 . 2010-08-07 08:29 -------- d-----w- c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 05:52 . 2010-08-16 05:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-08-14 22:34 . 2010-08-14 22:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-14 21:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-08-14 20:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-08-14 20:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-08-14 20:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-14 20:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-08-14 20:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-08-14 20:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-08-14 20:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-08-14 20:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-14 20:07 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-08-14 20:07 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-08-07 18:58 . 2010-08-08 16:55 53632 ----a-w- c:\users\Guest\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-07 15:53 . 2010-08-07 08:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 09:42 . 2010-08-07 09:42 -------- d-----w- c:\users\fOXYMORON\AppData\Roaming\SampleView
2010-08-07 09:38 . 2010-08-07 09:38 -------- d-sh--we c:\programdata\Start Menu
2010-08-07 09:38 . 2010-08-07 09:38 -------- d-sh--we c:\programdata\Favorites
2010-08-07 09:38 . 2010-08-07 09:38 -------- d-sh--we c:\programdata\Documents
2010-08-07 09:38 . 2010-08-07 09:38 -------- d-sh--we c:\programdata\Desktop
2010-08-07 08:30 . 2010-08-07 08:30 0 ----a-w- c:\windows\system32\drivers\Gateway_T5234_MCP61PM-AM_GC47930005683.MRK
2010-08-07 08:23 . 2010-08-07 08:23 -------- d-----w- c:\program files\Digital Media Reader
2010-08-07 08:23 . 2010-08-07 08:23 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-08-07 08:23 . 2010-08-07 08:23 -------- d-----w- c:\program files\Realtek
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3955aa73-8c60-4a9b-acdb-0c2edb1b6748}]
2010-06-10 01:31 38272 ----a-w- c:\program files\Data Protection Suite\epbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 09:20 561552 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Data Protection Suite"="c:\program files\Data Protection Suite\sss.exe" [2010-06-10 584064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-06 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-06 81920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-04 40072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S1 mchInjDrv;madCodeHook DLL injection driver;c:\program files\Data Protection Suite\epinj.sys [2010-06-10 7744]
S2 EntryProtect;EntryProtect;c:\program files\Data Protection Suite\epservice.exe [2010-06-10 145280]
S2 sbupdate;SentryBay Update Service;c:\program files\Data Protection Suite\sbupdate.exe [2010-06-10 104832]
S3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys [2010-08-09 13696]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 23:41]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 23:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T5234
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\fOXYMORON\AppData\Roaming\Mozilla\Firefox\Profiles\g71v7x2p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Data Protection Suite\ffext\components\epstub.dll
FF - component: c:\program files\Data Protection Suite\ffext\components\plstub.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-BigFix - c:\program files\Bigfix\bigfix.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-20 13:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\FOXYMO~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1380)
c:\program files\Data Protection Suite\epclient.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Data Protection Suite\ep.exe
.
**************************************************************************
.
Completion time: 2010-08-20 13:32:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-20 20:32

Pre-Run: 58,138,124,288 bytes free
Post-Run: 58,372,177,920 bytes free

- - End Of File - - A2534A3CE6A0F1915C28B7542E03E060


#8 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:14 PM

Posted 20 August 2010 - 06:38 PM

ok any better now? If you have a router in your set up reboot both your router and computer.

How Can I Reduce My Risk to Malware?


#9 chixdigit

chixdigit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 21 August 2010 - 01:43 AM

No change. This is becoming very frustrating for me.... Did anything 'stick out' as suspicious from the ComboFix log?

#10 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:14 PM

Posted 21 August 2010 - 08:43 AM

No, i dont recognize anything that might be malware in the log. We will get another download to use. Its called TDSSkiller:

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. click the start scan button. In Vista you may have to right click on it and "Run as Admin."

Once the scan completes you can click the continue button.

"The utility will automatically selects an action (Cure or Delete) for known malacious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C:) as TDSSKiller.2.4.0.0_01.08.2010_17.32.21_log.txt (name, version, date, time)
Please post the log report

How Can I Reduce My Risk to Malware?


#11 chixdigit

chixdigit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 21 August 2010 - 02:14 PM

I've attached the TDSSKiller log that you requested. Again, there were no infections found.

I've also attached a log from a MalwareBytes' Anti-Malware scan that I ran last week. In it you'll see that it found a DNS Changer trojan that it supposedly removed. However, everytime I rerun the program, that same DNS Changer trojan appears again.

I hope this helps and I really hope that we can figure this thing out. I'll wait to hear back from you about what the next step is.

- Chris

Attached Files



#12 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:14 PM

Posted 21 August 2010 - 08:15 PM

QUOTE
a DNS Changer trojan that it supposedly removed

I saw that. Do you use a router? Check the DNS settings in your router and make sure they have not been changed by the malware. Also we will get another download to use:


Please also download MBRCheck to your desktop

http://ad13.geekstogo.com/MBRCheck.exe

* Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
* It will show a Black screen with some information that will contain either the below line if no problem is found:
o Done! Press ENTER to exit...

* Or you will see more information like below if a problem is found:
o Found non-standard or infected MBR.
o Enter 'Y' and hit ENTER for more options, or 'N' to exit:

* Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
* MBRCheck will create a log on your desktop named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
* Attach this log to your next message.

How Can I Reduce My Risk to Malware?


#13 chixdigit

chixdigit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 22 August 2010 - 09:59 AM

Finally a scan that did not come up clean! I've attached the log as you requested. Also, our router is in a roommates room and that roommate is still asleep. Once he's awake, how can we know if the DNS has changed or not? Nobody living in this house is very computer literate...

- Chris

Attached Files



#14 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:14 PM

Posted 22 August 2010 - 03:40 PM

hi,

Lets hold off on the Routers possible corrupt DNS settings for now. Based on the MBR log we will write a new master boot record to the drive. We could use the Windows recovery console but I dont think its as straight forward in Vista as it is in XP so we will use the utility itself to do it.

As a precaution if theres any content you dont want to lose, files etc that you created you should pull them off or back them up before preceding.


Run MBRCheck.exe again but, when prompted, enter Y this time for further options.
At the "Options" prompt enter 2 - this will overwrite the malicious boot code.
When asked for the "Physical Drive Number", enter 0
When asked for the "MBR Code to write", enter 3 (For Vista)
Enter YES to confirm your actions - it needs to be YES and not Y.

immediately reboot your machine. Post the new .txt file created on your desktop.

How Can I Reduce My Risk to Malware?


#15 chixdigit

chixdigit
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 25 August 2010 - 01:39 AM

Shelf Life,

The last instructions that you gave to me (and I followed them to a "T") killed my computer!!!! I'm using a different machine to write this here. I don't know what to do about the Vista...it won't boot up now...even from the CD tray. Please help....!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users