Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help plzzzz


  • Please log in to reply
7 replies to this topic

#1 Kakashi789

Kakashi789

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:20 PM

Posted 07 September 2011 - 02:21 AM

Hello friends my problem is that i cannot access microsoft and antivirus website when i go to www.microsoft.com or any other antivirus website like www.quickheal.com it shows the error "Check the address for typing errors such as
ww.example.com instead of
www.example.com
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Aurora is permitted to access the Web."
Any one can help me?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:50 AM

Posted 07 September 2011 - 03:39 PM

Hello and welcome.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Try running...

MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Kakashi789

Kakashi789
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:20 PM

Posted 07 September 2011 - 11:10 PM

Here's the result of mini toolbox and malewarebytes

Mini tool box:

MiniToolBox by Farbar
Ran by Hackingwite (administrator) on 08-09-2011 at 09:35:31
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set address name="Local Area Connection" gateway=101.209.76.246 gwmetric=1
set dns name="Local Area Connection" source=static addr=208.67.222.222 register=PRIMARY
add dns name="Local Area Connection" addr=208.67.220.220 index=2
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : lee-a5bcb30f324

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-1B-B9-D0-AE-3C



PPP adapter Ajay:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 101.208.127.124

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 101.208.127.124

DNS Servers . . . . . . . . . . . : 208.67.222.222

208.67.220.220

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com
Addresses: 74.125.230.112, 74.125.230.115, 74.125.230.113, 74.125.230.116
74.125.230.114



Pinging google.com [74.125.230.115] with 32 bytes of data:



Reply from 74.125.230.115: bytes=32 time=655ms TTL=43

Reply from 74.125.230.115: bytes=32 time=1159ms TTL=43



Ping statistics for 74.125.230.115:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 655ms, Maximum = 1159ms, Average = 907ms

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 208.67.222.222

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=938ms TTL=48

Reply from 72.30.2.43: bytes=32 time=1141ms TTL=48



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 938ms, Maximum = 1141ms, Average = 1039ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1b b9 d0 ae 3c ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x40004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 101.208.127.124 101.208.127.124 1
0.208.127.124 255.255.255.255 101.208.127.124 101.208.127.124 1
101.208.127.124 255.255.255.255 127.0.0.1 127.0.0.1 50
101.255.255.255 255.255.255.255 101.208.127.124 101.208.127.124 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 101.208.127.124 101.208.127.124 1
255.255.255.255 255.255.255.255 101.208.127.124 101.208.127.124 1
255.255.255.255 255.255.255.255 101.208.127.124 2 1
Default Gateway: 101.208.127.124
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [144384] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/05/2011 06:22:02 PM) (Source: Application Hang) (User: )
Description: Hanging application PupilCommander.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/05/2011 03:25:58 PM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (09/05/2011 03:25:47 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00064ed1.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/05/2011 01:32:51 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x001f1cb0.
Processing media-specific event for [svchost.exe!ws!]

Error: (09/05/2011 01:21:10 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe . Error code = 0x8007000b

Error: (09/05/2011 01:11:03 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00064ed1.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/01/2004 00:06:39 AM) (Source: Application Error) (User: )
Description: Faulting application update.exe, version 0.0.0.0, faulting module update.exe, version 0.0.0.0, fault address 0x00015b90.
Processing media-specific event for [update.exe!ws!]

Error: (01/01/2004 00:06:24 AM) (Source: Application Error) (User: )
Description: Faulting application update.exe, version 0.0.0.0, faulting module update.exe, version 0.0.0.0, fault address 0x00015b90.
Processing media-specific event for [update.exe!ws!]

Error: (01/01/2004 00:06:16 AM) (Source: Application Error) (User: )
Description: Faulting application update.exe, version 0.0.0.0, faulting module update.exe, version 0.0.0.0, fault address 0x00015b90.
Processing media-specific event for [update.exe!ws!]

Error: (01/01/2004 00:04:51 AM) (Source: Application Error) (User: )
Description: Faulting application update.exe, version 0.0.0.0, faulting module update.exe, version 0.0.0.0, fault address 0x00015b90.
Processing media-specific event for [update.exe!ws!]


System errors:
=============
Error: (09/07/2011 02:10:50 PM) (Source: Service Control Manager) (User: )
Description: The aic32p service failed to start due to the following error:
%%2

Error: (01/01/2004 01:03:42 AM) (Source: Service Control Manager) (User: )
Description: The aic32p service failed to start due to the following error:
%%2

Error: (01/01/2004 01:02:19 AM) (Source: Service Control Manager) (User: )
Description: The IPv6 Windows Firewall Support service failed to start due to the following error:
%%1083

Error: (01/01/2004 00:56:16 AM) (Source: 0) (User: )
Description: 0xC0000044SCANNER.EXEHarddiskVolume1

Error: (01/01/2004 00:56:15 AM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (01/01/2004 00:54:15 AM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (01/01/2004 00:02:18 AM) (Source: Service Control Manager) (User: )
Description: The aic32p service failed to start due to the following error:
%%2

Error: (01/01/2004 00:02:18 AM) (Source: Service Control Manager) (User: )
Description: The IPv6 Windows Firewall Support service failed to start due to the following error:
%%1083

Error: (09/06/2011 05:56:15 PM) (Source: Service Control Manager) (User: )
Description: The aic32p service failed to start due to the following error:
%%2

Error: (09/06/2011 05:55:35 PM) (Source: Service Control Manager) (User: )
Description: The aic32p service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (09/05/2011 06:22:02 PM) (Source: Application Hang)(User: )
Description: PupilCommander.exe1.0.0.0hungapp0.0.0.000000000

Error: (09/05/2011 03:25:58 PM) (Source: Application Error)(User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.21800001295d

Error: (09/05/2011 03:25:47 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.2180ntdll.dll5.1.2600.218000064ed1

Error: (09/05/2011 01:32:51 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.2180unknown0.0.0.0001f1cb0

Error: (09/05/2011 01:21:10 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe . Error code = 0x8007000b
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

Error: (09/05/2011 01:11:03 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.2180ntdll.dll5.1.2600.218000064ed1

Error: (01/01/2004 00:06:39 AM) (Source: Application Error)(User: )
Description: update.exe0.0.0.0update.exe0.0.0.000015b90

Error: (01/01/2004 00:06:24 AM) (Source: Application Error)(User: )
Description: update.exe0.0.0.0update.exe0.0.0.000015b90

Error: (01/01/2004 00:06:16 AM) (Source: Application Error)(User: )
Description: update.exe0.0.0.0update.exe0.0.0.000015b90

Error: (01/01/2004 00:04:51 AM) (Source: Application Error)(User: )
Description: update.exe0.0.0.0update.exe0.0.0.000015b90


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 10 Plugin (Version: 10.3.181.14)
Guardian AntiVirus
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HijackThis 2.0.2 (Version: 2.0.2)
IDT Audio (Version: 5.10.5407.0)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
KGB Archiver 2 (Version: 2.0.2)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
MSVC90_x86 (Version: 1.0.1.2)
Nokia Connectivity Cable Driver (Version: 7.1.34.0)
Nokia PC Suite (Version: 7.1.62.1)
Platypus
WebFldrs XP (Version: 9.50.7523)
Windows Imaging Component (Version: 3.0.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 1015.29 MB
Available physical RAM: 521.61 MB
Total Pagefile: 2446 MB
Available Pagefile: 2015.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.85 MB

========================= Partitions: =====================================

1 Drive c: (Local Disk) (Fixed) (Total:48.83 GB) (Free:17.43 GB) NTFS
2 Drive d: () (Fixed) (Total:48.83 GB) (Free:6.17 GB) NTFS
3 Drive e: () (Fixed) (Total:51.39 GB) (Free:0.39 GB) NTFS

========================= Users: ========================================

User accounts for \\LEE-A5BCB30F324

Administrator Guest Hackingwite
HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini123103-01.dmp
C:\WINDOWS\Minidump\Mini123103-02.dmp
C:\WINDOWS\Minidump\Mini123103-03.dmp

**** End of log ****

#4 Kakashi789

Kakashi789
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:20 PM

Posted 07 September 2011 - 11:11 PM

And here's malewarebytes

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7674

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/1/2004 12:29:21 AM
mbam-log-2004-01-01 (00-29-21).txt

Scan type: Quick scan
Objects scanned: 254340
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 143

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Photo Imager (Spyware.Agent) -> Value: System Photo Imager -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\3com_dmi\mshostms.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\admin\application data\0y2r.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\documents and settings\admin\application data\5exbxdqyq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\admin\application data\KB485280.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\common files\perfperf.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\SET970.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\mslogup.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\perfet.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\perfsvc.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\perfupet.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-3315397921-3507933803-711699861-3543\hdnekbjk.exe (Trojan.PasswordStealer) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\0eezqvr.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\0pabwrc.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\0to0vbl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\0vrmm6y.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\1okkfww.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\2nii6uu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\2pkk6rm.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\3qlbcxn.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\3qwchy1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\3whdyy6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\5grcs9o.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\5m70nju.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\9ju5q1g.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\9ssneez.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\9w1sooj.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\aa6mm6yy6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\aqg1x703.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\bgrsndezpqr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\brrnddzp.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\c3eezqqlccx.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\c9yezqbbc7.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\cc6oo6aa6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\cs9o1aqrm.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\cy70uvqw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\dzpplbbxnn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\dzuu6gg6ss.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\e9a1mh0nje.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\eagrnie4v.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\ee1vqhxx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\eezqqlcc.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\ezqqlccx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\f70bx5y7.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\faa6mm6yy6k.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\fag1xdi86u.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\fbrrnddzpp.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\fbrrns6e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\ffbrrnddzpp.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\fvvrhhdt.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\g1ndduzvqq.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\glhcc6oo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\hdyy6kk6.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\hhdttpffbrr.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\hxdjjkf0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\hxxtjjfv.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\hxyte885wh.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\hyytkk9q1mi.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\hyytkkfwwri.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\i3kkfwwritt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\idj3k0qh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\iyze86q81c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\jjaavmmhyy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\kkfwwriidj.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\lgg6ss6ee.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\lhxxtjjf.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\llhx70tpu3w.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\lw9s1okk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\m3oojaavmmh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\m6yy6kk6.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\m70njuzv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\miiduupgg9.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\miiduupggb.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\mm6yy6kk6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\mmhyytkkfw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\n0j70vrmm6.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\ne0aavmm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\ni1eaavmmh.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\nii6uu70rxs.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\njj3k0qhh2t.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\njj5a70rrn.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\o70plgg6s.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\ozeva6rcyd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\pggbssne.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\plbbxnnj.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\pq70rnii6u.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\q1ghm3i0jz.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\qmhxyte885.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\qmmhyytkkf.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\qqlccxooja.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\rcsneju3ww.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\rmm6yy6kk.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\rmm6yy6kk6w.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\s6ee6qlccxo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\s6ee6qq6.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\sneezqqlcc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\tjjfvvrh.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\too6aa60hdy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\tpkk6rmi.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\u00mc5y1oz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\u5qqrrhydt.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\upggbssnee.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\uu6gg6ss6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\vfbwxc86o8.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\vgrcs9o1aqr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\vqq6cc6oo.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\vqq6cc6oo6a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\vrhhdttpff.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\w02dyy6kk6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\w6ijj5a70r.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\w70xtoo6a.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\wbm1d70u.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\xnn0j70v.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\xs1okkv8w.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\xtejzf682ny.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\xtjjfvvr.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\xtoo6kgg.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\xy70zva3cc.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\xy70zvqq6c.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\y0aavmmhyy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\y6kk6ww6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\yj2vqq6cc6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\yokkfwwri.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\ytkkfwwr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\start menu\Programs\Startup\yytkkfww.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\VRT1.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\VRT2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\VRT4.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.nt authority\loglsaet.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\local settings\temporary internet files\Content.IE5\HBRKDTOS\tyf[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\localservice.nt authority.000\local settings\temporary internet files\Content.IE5\052RC5IN\logo[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice.nt authority\local settings\temporary internet files\Content.IE5\4Z01CTED\tyf[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice.nt authority\local settings\temporary internet files\Content.IE5\KH6NW9K9\tyf[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice.nt authority.000\local settings\temporary internet files\Content.IE5\GTU781EZ\tyf[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice.nt authority.000\local settings\temporary internet files\Content.IE5\GTU781EZ\tyf[2].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice.nt authority.000\local settings\temporary internet files\Content.IE5\GTU781EZ\tyf[3].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice.nt authority.000\local settings\temporary internet files\Content.IE5\GTU781EZ\tyf[4].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\WINDOWS\logupet.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\p6gcgiw2i9.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\hackingwite\application data\kb1013444.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\admin\application data\updates\updates.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\Ajay\application data\updates\updates.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\admin\application data\mousedriver.bat (Trojan.Agent) -> Quarantined and deleted successfully.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:50 AM

Posted 10 September 2011 - 09:54 AM

Sorry I lost you,every now and then someoneslips thru.

you have a Backdoor infection. So I need totell you this. first.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.



If to clean is desired then the next step is....
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Kakashi789

Kakashi789
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:20 PM

Posted 10 September 2011 - 11:17 PM

Sorrt but when u was not reply i downloaded a tool named advance system care and it cleaned my pc and now i can access microsoft and antivirus website but i will do the steps u told to do it for removing it

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:50 AM

Posted 11 September 2011 - 01:18 PM

Hi, for spme reason ypour MBAm log is dated 1/1/2004 12:29:21 AM
mbam-log-2004-01-01 (00-29-21).txt


This may indicare a more serious issue.

Please run all listed scans.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Kakashi789

Kakashi789
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:20 PM

Posted 12 September 2011 - 02:02 AM

I only kept that date to 2004 coz for running some programs coz they dont expire :P




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users