Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection blocks some IP's and redirects others


  • This topic is locked This topic is locked
5 replies to this topic

#1 javox

javox

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 15 March 2011 - 12:38 PM

Infection seems to have access to an IP list where virus program redirects some and block others. For example Yahoo,MegaUpload, Altavista, etc are being redirected. Any browser is redirected equally (mic explorer, firefox, etc) also programs such us jdownloader also is blocked.

I looked into the hosts file and there where a bunch of sites added to the local host but after deleting those the issue kept the same.

I runned some online antivirus but none finds anything or finds but issue keeps the same.

So guys i thank a lot any help.

I am pasting
DDS.txt

Also attach.txt and Gmer log ready.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jav at 13:34:53,03 on 15/03/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.1790.1104 [GMT -3:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Documents and Settings\All Users\Datos de programa\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Archivos de programa\Cobian Backup 8\cbInterface.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe
C:\Archivos de programa\Cobian Backup 10\cbVSCService.exe
C:\DOCUME~1\Jav\CONFIG~1\Temp\RtkBtMnt.exe
C:\Archivos de programa\Cobian Backup 8\cbService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Archivos de programa\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqbam08.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Archivos de programa\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\A - Computacion\Antivirus\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\archivos de programa\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\archiv~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\archivos de programa\panda security\panda security toolbar\PandaSecurityDx.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [IBP]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [aliim] c:\archivos de programa\trademanager\aliim.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\archivos de programa\realtek\audio\drivers\AzMixerSel.exe
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\archivos de programa\hp\hp software update\HPWuSchd2.exe
mRun: [PSUNMain] "c:\archivos de programa\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\datos de programa\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [Cobian Backup 10 Interface] "c:\archivos de programa\cobian backup 10\cbInterface.exe" -service
mRun: [Cobian Backup 8 interface] "c:\archivos de programa\cobian backup 8\cbInterface.exe" -service
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\hpdigi~1.lnk - c:\archivos de programa\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\window~1.lnk - c:\archivos de programa\windows desktop search\WindowsSearch.exe
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287704753921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archiv~1\archiv~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\archivos de programa\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jav\datosd~1\mozilla\firefox\profiles\4001m2ij.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.cprogramming.com/tutorial/lesson1small.html
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\archivos de programa\panda security\panda id protect\firefox\components\FFKeypad.dll
FF - component: c:\documents and settings\jav\datos de programa\mozilla\firefox\profiles\4001m2ij.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - component: c:\documents and settings\jav\datos de programa\mozilla\firefox\profiles\4001m2ij.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency.dll
FF - plugin: c:\archivos de programa\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\archivos de programa\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\archivos de programa\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\archivos de programa\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\archivos de programa\mozilla firefox\plugins\npww.dll
FF - plugin: c:\archivos de programa\opera\program\plugins\np_gp.dll
FF - plugin: c:\documents and settings\jav\datos de programa\mozilla\firefox\profiles\4001m2ij.default\extensions\{4d144bc3-23fb-47de-90c5-63ccb0139ccf}\plugins\npww.dll
FF - plugin: c:\documents and settings\jav\datos de programa\mozilla\firefox\profiles\4001m2ij.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - Ext: Flash Video Downloader (Youtube Downloader): artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com
FF - Ext: Page Hacker: pagehacker-nico@nc - %profile%\extensions\pagehacker-nico@nc
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: TradeManager-Plugin: {4D144BC3-23FB-47de-90C5-63CCB0139CCF} - %profile%\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
FF - Ext: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - %profile%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\archivos de programa\java\jre6\lib\deploy\jqs\ff
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\archivos de programa\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\archivos de programa\panda security\panda id protect\Firefox
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\archivos de programa\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-2-3 28552]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\archivos de programa\cobian backup 10\cbVSCService.exe [2011-3-14 67584]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\archivos de programa\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
R2 StarWindService;StarWind iSCSI Service;c:\archivos de programa\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2009-12-18 135664]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-12-12 38912]
S3 PORTMON;PORTMON;\??\c:\documents and settings\jav\mis documentos\downloads\portmon\portmsys.sys --> c:\documents and settings\jav\mis documentos\downloads\portmon\PORTMSYS.SYS [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\archivos de programa\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\archivos de programa\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2011-03-15 09:42:59 -------- d-----w- C:\Peliculas
2011-03-14 21:26:26 -------- d-----w- c:\archivos de programa\Cobian Backup 8
2011-03-14 21:09:27 -------- d-----w- c:\archivos de programa\Cobian Backup 10
2011-03-14 20:46:29 -------- d-----w- c:\docume~1\jav\datosd~1\Panda Security
2011-03-14 20:40:23 -------- d-----w- c:\docume~1\jav\datosd~1\SurfSecret Privacy Suite
2011-03-14 20:39:48 -------- d-----w- c:\docume~1\jav\config~1\datosd~1\panda2_0dn
2011-03-14 20:39:45 -------- d-----w- c:\docume~1\alluse~1\datosd~1\Panda Security URL Filtering
2011-03-14 20:39:34 -------- d-----w- c:\docume~1\jav\datosd~1\pandasecuritytb
2011-03-14 20:38:43 -------- d-----w- c:\docume~1\alluse~1\datosd~1\Panda Security
2011-03-10 21:03:22 -------- d-----w- c:\archivos de programa\MySQL
2011-03-10 21:03:21 -------- d-----w- c:\docume~1\alluse~1\datosd~1\MySQL
2011-03-10 11:05:35 -------- d-----w- c:\documents and settings\jav\applogs
2011-03-10 11:05:34 -------- d--h--w- C:\jexepackres
2011-03-09 18:12:10 -------- d-----w- c:\windows\system32\aliedit
2011-03-09 18:11:58 -------- d-----w- c:\archivos de programa\trademanager
2011-02-24 21:49:58 -------- d-----w- c:\docume~1\jav\datosd~1\EurekaLog
2011-02-15 04:29:58 112024 ----a-w- c:\archivos de programa\mozilla firefox\plugins\npww.dll
.
==================== Find3M ====================
.
2010-12-16 21:39:53 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
.
============= FINISH: 13:35:59,26 ===============

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:37 PM

Posted 20 March 2011 - 05:18 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 javox

javox
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 21 March 2011 - 01:03 PM

Hi m0le, thank you for your time. What do you think about this?

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:37 PM

Posted 21 March 2011 - 05:00 PM

There isn't anything obvious there but the symptoms seem to be rootkit in nature.

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Also run MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

Edited by m0le, 25 March 2011 - 09:28 PM.

Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:37 PM

Posted 25 March 2011 - 09:29 PM

Are you still there?
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:37 PM

Posted 27 March 2011 - 07:33 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users