Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows right click shuts down page


  • This topic is locked This topic is locked
39 replies to this topic

#1 1andtwins

1andtwins

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 14 January 2011 - 11:27 AM

When I open a windows document and right click I recieve a message saying "sorry windows has encountered a problem and will need to close" and it closes and I lose all document.
also, when I receive a link from a friend in an e-mail or a link on a website, and I click on it, it won't open.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-14 10:18:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST325082 rev.3.AD
Running: gmer.exe; Driver: C:\DOCUME~1\Robin\LOCALS~1\Temp\kxtoapod.sys


---- System - GMER 1.0.15 ----

SSDT 8A73F448 ZwAllocateVirtualMemory
SSDT 8A75A7A8 ZwCreateKey
SSDT 8A71F628 ZwCreateProcess
SSDT 8A73F7C8 ZwCreateProcessEx
SSDT 8A73F020 ZwCreateThread
SSDT 8A755208 ZwDeleteKey
SSDT 8A75A620 ZwDeleteValueKey
SSDT 8A721250 ZwOpenKey
SSDT 8A75A838 ZwQueueApcThread
SSDT 8A720628 ZwReadVirtualMemory
SSDT 8A720830 ZwRenameKey
SSDT 8A6FA148 ZwSetContextThread
SSDT 8A756150 ZwSetInformationKey
SSDT 8A70B238 ZwSetInformationProcess
SSDT 8A6FA1C0 ZwSetInformationThread
SSDT 8A73F1D8 ZwSetValueKey
SSDT 8A70B1C0 ZwSuspendProcess
SSDT 8A75A8B0 ZwSuspendThread
SSDT 8A73F750 ZwTerminateProcess
SSDT 8A73F0A0 ZwTerminateThread
SSDT 8A73F3D0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8AA2360, 0x307AC7, 0xE8000020]
? C:\DOCUME~1\Robin\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[200] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 50367370 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSUDLL.dll
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[200] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 000160B0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00014930 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000152F0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[200] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes [33, C0, C2, 0C, 00] {XOR EAX, EAX; RET 0xc}
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[200] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 000152A0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[200] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 000152D0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\WINDOWS\system32\SearchIndexer.exe[3844] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 036050F0 C:\Program Files\Elf_1.13\tbElf_.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 03605270 C:\Program Files\Elf_1.13\tbElf_.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 03604870 C:\Program Files\Elf_1.13\tbElf_.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4128] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 036049D0 C:\Program Files\Elf_1.13\tbElf_.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 06A050F0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 06A05270 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 06A04870 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 06A049D0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[4228] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4228] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 066A50F0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 066A5270 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 066A4870 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 066A49D0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\internet explorer\iexplore.exe[6100] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[6100] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip 89B6B938
Device \Driver\Tcpip \Device\Ip 89AEF208
Device \Driver\Tcpip \Device\Ip 899ED1E0
Device \Driver\Tcpip \Device\Ip 89D06FA8
Device \Driver\Tcpip \Device\Ip 89CCE768
Device \Driver\Tcpip \Device\Ip 8978C4F0
Device \Driver\Tcpip \Device\Tcp 89B6B938
Device \Driver\Tcpip \Device\Tcp 89AEF208
Device \Driver\Tcpip \Device\Tcp 899ED1E0
Device \Driver\Tcpip \Device\Tcp 89D06FA8
Device \Driver\Tcpip \Device\Tcp 89CCE768
Device \Driver\Tcpip \Device\Tcp 8978C4F0

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp 89B6B938
Device \Driver\Tcpip \Device\Udp 89AEF208
Device \Driver\Tcpip \Device\Udp 899ED1E0
Device \Driver\Tcpip \Device\Udp 89D06FA8
Device \Driver\Tcpip \Device\Udp 89CCE768
Device \Driver\Tcpip \Device\Udp 8978C4F0
Device \Driver\Tcpip \Device\RawIp 89B6B938
Device \Driver\Tcpip \Device\RawIp 89AEF208
Device \Driver\Tcpip \Device\RawIp 899ED1E0
Device \Driver\Tcpip \Device\RawIp 89D06FA8
Device \Driver\Tcpip \Device\RawIp 89CCE768
Device \Driver\Tcpip \Device\RawIp 8978C4F0
Device \Driver\Tcpip \Device\IPMULTICAST 89B6B938
Device \Driver\Tcpip \Device\IPMULTICAST 89AEF208
Device \Driver\Tcpip \Device\IPMULTICAST 899ED1E0
Device \Driver\Tcpip \Device\IPMULTICAST 89D06FA8
Device \Driver\Tcpip \Device\IPMULTICAST 89CCE768
Device \Driver\Tcpip \Device\IPMULTICAST 8978C4F0
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A467ED20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:48 PM

Posted 19 January 2011 - 04:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 1andtwins

1andtwins
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 19 January 2011 - 05:10 PM

I received your message and ready to fix.
Robin
P.S. Please be patient with me, I am computer illiterate.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:48 PM

Posted 19 January 2011 - 05:20 PM

Let's check for rootkits first up

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 1andtwins

1andtwins
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 19 January 2011 - 05:30 PM

When I go to start, run and put in the item in quotes. It says it can not be found. When I went to TDSSKiller and extracted and ran scan it said "no threats found" put didn't give a report.

MBRCheck:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 SSHRMD.SYS
0xB9F37000 SSIDRV.SYS
0xB9F0A000 \WINDOWS\SYSTEM32\Drivers\NDIS.SYS
0xBA328000 \WINDOWS\SYSTEM32\Drivers\TDI.SYS
0xBA0C8000 MountMgr.sys
0xB9EEB000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0D8000 VolSnap.sys
0xB9E34000 iaStor.sys
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E14000 fltmgr.sys
0xB9E02000 sr.sys
0xB9DEC000 DRVMCDB.SYS
0xBA338000 PxHelp20.sys
0xB9DD5000 KSecDD.sys
0xB9D48000 Ntfs.sys
0xB9D2E000 Mup.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8AA2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8A8E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8A55000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA428000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8A31000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA430000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8A09000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB89D5000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB89B2000 \SystemRoot\system32\DRIVERS\ks.sys
0xB88B3000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB880C000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA438000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA1D8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5D6000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA1E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA440000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA75A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA208000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9CB9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB87F5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA228000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8751000 \SystemRoot\system32\DRIVERS\psched.sys
0xB918C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB7503000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB74FB000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6147000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xB6742000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB613F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB6137000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA62A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB557C000 \SystemRoot\system32\DRIVERS\update.sys
0xB9CD1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB77FF000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xB5B55000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA9CBA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xABCDD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA8BC0000 \SystemRoot\system32\drivers\sthda.sys
0xA8B9C000 \SystemRoot\system32\drivers\portcls.sys
0xA9CAA000 \SystemRoot\system32\drivers\drmk.sys
0xA9AFF000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xABCD9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA988C000 \SystemRoot\System32\Drivers\Null.SYS
0xABCD7000 \SystemRoot\System32\Drivers\Beep.SYS
0xA9BF7000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xA9A9F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA9A97000 \SystemRoot\System32\drivers\vga.sys
0xABCD5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xABCD3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA9A8F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA9A87000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA9AF3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8B69000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8B10000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8AE8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8AC2000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8AA0000 \SystemRoot\System32\drivers\afd.sys
0xA9C8A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9C7A000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8A75000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8A05000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA9C5A000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9A7F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA97D5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA987B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA983B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9A5F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA92BB000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xA9A57000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xA92B7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA92AF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8380000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xA982B000 \SystemRoot\system32\drivers\usbaudio.sys
0xA833E000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xA981B000 \SystemRoot\system32\DRIVERS\mxopswd.sys
0xA8287000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB5CA4000 \SystemRoot\System32\drivers\Dxapi.sys
0xA9527000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB50EC000 \SystemRoot\SYSTEM32\Drivers\SSFMONM.SYS
0xA9C6A000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xA98D2000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA8010000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB9CDD000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xA9928000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB51A9000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA7FF8000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA7FE2000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xBA138000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xB04A4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7F2D000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA168000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7841000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB5369000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xA6D98000 \SystemRoot\system32\DRIVERS\srv.sys
0xA6CC8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBA410000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA62BF000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA5F4000 \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
0xBA388000 \??\C:\DOCUME~1\Robin\LOCALS~1\Temp\mbr.sys
0xA469B000 \??\C:\DOCUME~1\Robin\LOCALS~1\Temp\kxtoapod.sys
0xA4677000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9C1F8000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
608 C:\WINDOWS\system32\smss.exe
680 csrss.exe
704 C:\WINDOWS\system32\winlogon.exe
748 C:\WINDOWS\system32\services.exe
760 C:\WINDOWS\system32\lsass.exe
992 C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
1012 C:\WINDOWS\system32\svchost.exe
1068 svchost.exe
1164 C:\WINDOWS\system32\svchost.exe
1240 svchost.exe
1408 svchost.exe
1532 C:\WINDOWS\system32\spoolsv.exe
1980 C:\WINDOWS\explorer.exe
208 C:\WINDOWS\stsystra.exe
216 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
236 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
248 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
308 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
344 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
400 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
480 C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
496 C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
584 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
656 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
1056 C:\Program Files\iTunes\iTunesHelper.exe
1116 C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
1152 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
1220 C:\Program Files\Dell Support\DSAgnt.exe
1276 C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
1308 C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
1364 C:\Program Files\Digital Line Detect\DLG.exe
1752 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
1924 C:\Program Files\eFax Messenger 4.4\J2GTray.exe
2024 C:\Program Files\Webshots\3.1.5.7619\Webshots.scr
2188 svchost.exe
2224 C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
2272 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
2292 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2336 C:\Program Files\Bonjour\mDNSResponder.exe
2384 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2576 C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
2740 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2804 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
2840 C:\Program Files\Maxtor\Sync\SyncServices.exe
3056 C:\WINDOWS\system32\nvsvc32.exe
3116 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3208 C:\WINDOWS\system32\svchost.exe
3336 C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
3844 C:\WINDOWS\system32\searchindexer.exe
2552 C:\Program Files\iPod\bin\iPodService.exe
3100 C:\WINDOWS\system32\dlcxcoms.exe
3604 unsecapp.exe
204 alg.exe
280 wmiprvse.exe
2780 C:\WINDOWS\system32\ctfmon.exe
1972 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
6044 C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
4460 SSU.exe
4952 C:\Program Files\Windows Live\Mail\wlmail.exe
4924 C:\Program Files\Windows Live\Contacts\wlcomm.exe
4944 C:\Program Files\Internet Explorer\iexplore.exe
5456 C:\Program Files\Internet Explorer\iexplore.exe
3752 C:\Program Files\Internet Explorer\iexplore.exe
1440 C:\Program Files\Internet Explorer\iexplore.exe
348 C:\WINDOWS\system32\searchprotocolhost.exe
2952 searchfilterhost.exe
5192 C:\WINDOWS\system32\searchprotocolhost.exe
940 C:\Documents and Settings\Robin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.ADG
PhysicalDrive2 Model Number: MaxtorOneTouch, Rev: 0125

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BF118E4CFC2D7C7489A85AC7AD11D2A979F74824
465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:48 PM

Posted 19 January 2011 - 05:35 PM

Please run this tool next.
  • Download NTBR_CD by noahdfear to the desktop.
  • Click on the NTBR_CD.exe to extract its contents to the desktop.
  • Once extracted, open the NTBR_CD folder and click on the BurnItCD application.
  • Insert a blank CD when prompted. The .iso image will be burned to the CD.
  • Boot the computer with the CD you just burned and follow the prompts.
  • Press Enter for English.
  • At the menu type 1 to select MBRWORK then hit Enter

    This screen will show the hard drive configuration.
    Posted Image
  • Type 5 to Install standard MBR code then hit Enter
  • Type 1 to select Standard then hit Enter
  • Type Y then hit Enter to confirm
  • Type E then hit Enter to exit
  • Back at the menu, type 6 to Quit.
  • Press Ctrl+Alt+Del to restart the machine.
  • Eject the CD upon restart and boot normally.

Now please run MBRCheck and TDSSKiller again
Posted Image
m0le is a proud member of UNITE

#7 1andtwins

1andtwins
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 19 January 2011 - 06:11 PM

When I rebooted the CD that I just burned there were no prompts.
I clicked on my computer, opened cd, and there were several folder icons to open.
I went to the "menu" icon and clicked on #1 to select MBRwork and then hit enter.
It did not advance to a new screen.
There was not an option of #5 install stand.MBR code

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:48 PM

Posted 19 January 2011 - 06:29 PM

Rerun TDSSKiller - it should provide you with a log.
Posted Image
m0le is a proud member of UNITE

#9 1andtwins

1andtwins
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 19 January 2011 - 06:38 PM

It said scan complete. No threats found. No report given.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:48 PM

Posted 19 January 2011 - 07:40 PM

If you are not getting a report how is it telling you that there are no threats found?

TDSSKiller always produces a report whether or not threats are found.

Please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 1andtwins

1andtwins
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 19 January 2011 - 10:06 PM

ComboFix 11-01-19.01 - Robin 01/19/2011 20:36:45.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1391 [GMT -6:00]
Running from: c:\documents and settings\Robin\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Robin\Application Data\PriceGong
c:\documents and settings\Robin\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Robin\Application Data\PriceGong\Data\z.xml
E:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))
.

2011-01-19 23:01 . 2011-01-19 23:01 -------- d-----w- c:\windows\LastGood
2011-01-16 22:11 . 2011-01-16 22:11 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\Flip Video
2011-01-13 23:28 . 2011-01-13 23:28 -------- d-----w- c:\windows\system32\drivers\NSS
2011-01-13 23:28 . 2011-01-13 23:28 -------- d-----w- c:\program files\Norton Security Scan
2011-01-10 16:48 . 2011-01-10 16:52 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\Babylon
2011-01-10 16:47 . 2011-01-10 16:47 -------- d-----w- c:\program files\Babylon
2011-01-10 16:47 . 2011-01-20 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2011-01-10 16:47 . 2011-01-19 22:58 -------- d-----w- c:\documents and settings\Robin\Application Data\Babylon
2011-01-10 16:46 . 2011-01-10 16:48 -------- d-----w- c:\program files\FoxTabFlvPlayer
2011-01-02 00:24 . 2011-01-02 00:24 -------- d-----w- c:\program files\Webshots Daily Features
2010-12-22 19:54 . 2010-10-12 21:57 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-12-22 19:54 . 2010-10-12 21:57 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-12-22 19:54 . 2010-10-12 21:57 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-12-22 19:47 . 2010-12-22 19:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{346564C3-1CD0-440B-AE7A-F644B66D2026}
2010-12-22 19:45 . 2010-12-22 19:45 -------- d-----w- c:\program files\Webroot
2010-12-22 19:01 . 2011-01-19 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\webroot
2010-12-22 18:58 . 2010-12-22 18:58 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2004-08-10 17:02 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 16:51 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-10 16:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-10 16:51 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-10 16:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-10 16:51 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-14_02.23.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-16 23:07 . 2011-01-19 22:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-16 23:07 . 2011-01-13 08:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-16 23:07 . 2011-01-19 22:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-05-16 23:07 . 2011-01-13 08:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-16 23:07 . 2011-01-19 22:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-05-16 23:07 . 2011-01-13 08:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-01-15 19:51 . 2011-01-15 19:51 234656 c:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe
+ 2011-01-15 19:51 . 2011-01-15 19:51 311456 c:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files\Elf_1.13\tbElf_.dll" [2011-01-03 4162344]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 16:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}]
2011-01-03 16:13 4162344 ----a-w- c:\program files\Elf_1.13\tbElf_.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files\Elf_1.13\tbElf_.dll" [2011-01-03 4162344]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
"{B80F591E-FE9A-46CF-A13E-180377240586}"= "c:\program files\Elf_1.13\tbElf_.dll" [2011-01-03 4162344]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-04-23 169984]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-13 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-26 299008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-14 307200]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2010-12-22 1392784]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe" [2010-11-07 286720]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-10-17 3825080]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 106496]

c:\documents and settings\Robin\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
Webshots.lnk - c:\program files\Webshots\3.1.5.7619\Launcher.exe [2011-1-1 157088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-23 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer

R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10753\AGCoreService.exe [5/20/2010 2:38 AM 20480]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [12/22/2010 1:54 PM 45072]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [12/22/2010 1:46 PM 3275112]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2010 10:37 PM 136176]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2011-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 04:37]

2011-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 04:37]

2011-01-18 c:\windows\Tasks\Norton Security Scan for Robin.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-13 14:06]

2011-01-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44]

2011-01-20 c:\windows\Tasks\User_Feed_Synchronization-{60333225-B7CF-4B01-A71F-48232966453F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070423
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-19 20:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-19 21:04:42
ComboFix-quarantined-files.txt 2011-01-20 03:04
ComboFix2.txt 2011-01-14 02:29

Pre-Run: 189,449,437,184 bytes free
Post-Run: 189,496,983,552 bytes free

- - End Of File - - 33BCD83E2AB50B40E89714380EC5CB8B

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:48 PM

Posted 20 January 2011 - 06:13 PM

Now please run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#13 1andtwins

1andtwins
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 21 January 2011 - 05:27 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5565

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/21/2011 11:35:53 AM
mbam-log-2011-01-21 (11-35-53).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 314832
Time elapsed: 1 hour(s), 23 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:48 PM

Posted 21 January 2011 - 07:15 PM

How's the PC now?

Please run ESET finally, this removes all the infected files and other stuff that hangs around

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#15 1andtwins

1andtwins
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 21 January 2011 - 09:31 PM

It is still doing the same thing.
1. when i right click on a word document it says "word has unexpectantly reached an error and must now close". it closes and loses all work done

2. Also, when I click on a "link" it will open a new internet page but it is blank and won't connect to the link.

However, I did run the ESEt online scan as you requested. No threat found




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users