Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jyv, Hello4, probably others


  • This topic is locked This topic is locked
22 replies to this topic

#1 Shannara4

Shannara4

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 14 August 2011 - 11:43 AM

Now when I turn on my computer, several windows pop up. I have been unplugging my internet connection because I'm sure the malware is trying to do something nasty. It opens up many copies of jyv.exe and it opens up Hello4. One of these, or maybe something else, won't let me run any anti-spyware programs. Malwarebytes, Super anti-spyware, hijack-this will all open and run for 10 seconds then close. Here is the dds log.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Run by Naruto at 20:19:02 on 2011-08-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.93 [GMT -4:00]
.
FW: Personal Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\3094504238:3516697927.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\iqy.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\Documents and Settings\Naruto\Local Settings\Application Data\jyv.exe
C:\WINDOWS\system32\config\systemprofile\566e0.com
C:\WINDOWS\Fonts\566e0.com
C:\WINDOWS\system32\566e0.com
C:\Documents and Settings\LocalService\Local Settings\Application Data\566e0.exe
C:\Documents and Settings\All Users\Application Data\566e0.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gamefaqs.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Google Update] "c:\documents and settings\naruto\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [1653478294] c:\documents and settings\naruto\local settings\application data\jyv.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\MCUPDA~1.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask .exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [1653478294] c:\documents and settings\networkservice\local settings\application data\iqy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_20.dll
LSP: mswsock.dll
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\wmfhotfix.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\naruto\application data\mozilla\firefox\profiles\m20fbyk4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\naruto\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava11.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava12.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava13.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava14.dll
FF - plugin: c:\program files\opera\program\plugins\NPJava32.dll
FF - plugin: c:\program files\opera\program\plugins\NPJPI142_06.dll
FF - plugin: c:\program files\opera\program\plugins\NPOJI610.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2005-4-6 67584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-8 121216]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2009-2-18 131072]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2009-2-18 124416]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-4-6 245760]
.
=============== File Associations ===============
.
exefile="c:\documents and settings\networkservice\local settings\application data\iqy.exe" -a "%1" %*
.
=============== Created Last 30 ================
.
2011-08-10 22:31:31 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-08-10 22:31:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-10 22:01:22 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-08-10 21:51:31 41984 ----a-w- c:\documents and settings\all users\application data\566e0.exe
2011-08-10 21:51:00 41984 ----a-w- c:\windows\system32\566e0.com
2011-08-10 21:37:07 113664 ----a-w- c:\documents and settings\all users\application data\bo01sNjj.exe_
2011-08-10 21:37:07 113664 ----a-w- c:\documents and settings\all users\application data\bo01sNjj.exe
2011-08-10 21:20:16 -------- d-----w- c:\documents and settings\naruto\application data\SUPERAntiSpyware.com
2011-08-10 21:19:57 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-10 20:52:50 401408 ----a-w- c:\documents and settings\naruto\local settings\application data\jyv .exe
2011-08-10 20:52:50 39432 ----a-w- c:\documents and settings\naruto\local settings\application data\jyv.exe
2011-08-10 20:52:25 41992 ----a-w- c:\documents and settings\naruto\local settings\application data\cfj.exe
.
==================== Find3M ====================
.
2011-08-10 10:34:08 41984 ----a-w- c:\windows\fonts\566e0.com
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 01:02:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JB-75GVA0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xF8386660]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82F7EAB8]
3 CLASSPNP[0xF86B8FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x82CE6F08]
\Driver\00000944[0x82C63030] -> IRP_MJ_CREATE -> 0xF8386660
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82F6D31B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:21:21.14 ===============

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 15 August 2011 - 05:41 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Any underlined text in my posts indicates a clickable link.
  • If you have any questions at all, please stop and ask before proceeding.
Posted Image Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • GMER log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Shannara4

Shannara4
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 16 August 2011 - 05:40 PM

I had to use safe mode to even open GMER. It ran for about 20 seconds then it closed. I renamed the file on my thumb drive, copied it to my desktop and tried again. It closed again. When it was open it said "TDL4@MBR code has been found" in red text first thing. When it was scanning, the only thing that stood out was, "cdrom.sys - suspicious PE modifications." I don't know if either of these will help, but that's all I could get from this.

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 16 August 2011 - 10:00 PM

Shannara4:

I'd like to see the Attach.txt log from DDS (run DDS again if you need to). Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • The Attach.txt log from DDS
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Shannara4

Shannara4
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 17 August 2011 - 03:50 PM

Neither of these finished running either. Combofix didn't even ask me to install Windows Recovery Console. DDS did finish and I attached the attatch.txt. I did this in safe mode. In regular windows it opens up many blank windows that slow my already old computer to a crawl. If you need me to, I will try and run DDS in regular mode.Attached File  attach.zip   5.55KB   1 downloads

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 17 August 2011 - 04:48 PM

Shannara4:

See if this will run to completion:

Posted Image Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Shannara4

Shannara4
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 17 August 2011 - 09:44 PM

Yes! This did finish scanning. Again, I did run this in safe mode. I can try it in normal windows if you need me to do so. I just saved the log and did not choose to fix anything. Leaving the window open until you can give me the next step.Attached File  aswMBR.zip   826bytes   2 downloads

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 18 August 2011 - 08:09 AM

Shannara4:

Excellent! Please do this next:

Posted Image Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'FixMBR' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.
Posted Image Try running Combofix again.

Please include the following in your next post:
  • aswMBR log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Shannara4

Shannara4
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 18 August 2011 - 05:45 PM

I had left aswMBR open in safe mode without an internet connection. I clicked fix. It said it fixed the TDL4@MBR and was confirming. It froze on that. After a few hours I restarted the computer. This time I ran windows in safe mode with networking and allowed aswMBR to download an update. I scanned again and this time it quit like the other programs after 30 seconds. Before it quit I saw that it found something in system32/drivers/cdrom.sys. It said wind32:sirefef -F [drp]. I saw that aswMBR just started "Scanning Services" when it shut down.

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 18 August 2011 - 08:16 PM

Shannara4:

Please run DDS for me again and post only the DDS.txt log

Please include the following in your next post:
  • DDS.txt log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 Shannara4

Shannara4
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 19 August 2011 - 06:29 PM

Now DDS won't work. I click it, the hourglass comes up for a second, but it doesn't open.

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 19 August 2011 - 10:42 PM

Shannara4:

Please try this:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Please include the following in your next post:
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 Shannara4

Shannara4
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 21 August 2011 - 06:09 PM

This opens and then closes about 2 seconds after I click Scan.

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 21 August 2011 - 09:22 PM

Shannara4:

Please do this:

Posted Image Delete your existing copy of ComboFix and download a new one from either of the links below.

Link 1
Link 2

**This time, rename ComboFix.exe to shannara.com and save it to c:\ instead of your desktop**

Next, boot into the Safe Mode

Navigate to c:\shannara.com and double click on it & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 Shannara4

Shannara4
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 22 August 2011 - 04:49 PM

Nope. It doesn't even finish installing before it closes. While I was in C:/ I noticed TDSS Killer did leave a partial log. It found this "3094504238:3516697927.exe" I'll attach the file though that's all it shows.
Attached File  TDSSKiller archive.zip   750bytes   3 downloads




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users