Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 2012 Antispyware Virus Keeps Returning


  • Please log in to reply
13 replies to this topic

#1 Junny

Junny

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 12 December 2011 - 02:15 AM

This started about two days ago and I thought I removed it but it kept returning with vengeance. Now, I did exactly what the guide said to do through this guide here but now for some reason, Malwarebytes didn't find the infection so I had to get it done through safe mode. Now the computer is taking up such a long time to load. After inserting my password to the computer, the screen will stay black for five or so minutes before allowing me on. Usually, it'll allow me back on to doing what I have to do but now it just takes forever to do it. I was hoping to use Avast to try and nab this virus but now Avast won't even work for me. Right now I'm doing all this through safe mode.

Please help and go a bit easy on me. I'm a bit new to the whole copy/paste of logs and stuff. Thank you in advance.

Edit: And now the virus has completed halted Google Chrome.

Edited by Junny, 12 December 2011 - 09:20 PM.


BC AdBot (Login to Remove)

 


#2 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 14 December 2011 - 08:42 PM

It has been two days since my last post. My computer officially will not work outside of safe mode. I will keep trying to get it to work but my hopes are not high. If I don't receive help by Monday I will be reformatting my laptop.

I really don't want to do this so if anyone can help me before then it'll be greatly appreciated it. I run a Windows 7 obviously and followed the guide to a "T" to no avail of permanently removing the virus.

Thank you for your time in advance.

#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:07 PM

Posted 14 December 2011 - 10:40 PM

H Junny,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

As you said you can only boot into Safe Mode, please boot into Safe Mode with Networking, or download any files asked for on a clean computer, and then transfer them to the infected computer with a flash drive or CD.

:step1: Once in Safe Mode with Networking, download rkill from one of the following downloads (if you are unable to download or run rkill from one download, move to the next one.)

1. http://download.bleepingcomputer.com/grinler/rkill.com
2. http://download.bleepingcomputer.com/grinler/rkill.pif
3. http://download.bleepingcomputer.com/grinler/rkill.scr
4. http://download.bleepingcomputer.com/grinler/eXplorer.exe
5. http://download.bleepingcomputer.com/grinler/iExplore.exe
6. http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
7. http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
8. http://www.boredomsoft.org/hosted/rkill.exe
9. http://www.boredomsoft.org/hosted/rkill.com
10. http://www.boredomsoft.org/hosted/rkill.scr
11. http://www.boredomsoft.org/hosted/eXplorer.exe
12. http://www.boredomsoft.org/hosted/iExplore.exe

Please be patient while Rkill looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If it appears like Rkill did not stop the malware from running, please try running RKill again until the malware is no longer running.

Do not reboot your computer after running RKill as the malware programs will start again!

:step2: Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

:step3: Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

:step4: Rerun Malwarebytes
Still in Safe Mode with Networking, open Malwarebytes, click on the Update tab, and click the check for Updates button (the latest update as of this post is 8373.)
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware


In your next reply, please include:
  • exeHelper log
  • MiniToolBox log
  • Malwarebytes log

Edited by jntkwx, 14 December 2011 - 10:41 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 15 December 2011 - 12:09 AM

Thank you so much for helping me, Jason! Now...there's a slight snag. I've done all that you asked and even tried bringing these results to you through normal mode but the computer was lagging terribly (a problem that wasn't such a big problem until recent) and wouldn't open any of the programs. Even in safe mode with networking, I was having a hard time bringing these logs to you. The connection claimed to have reset and right now I basically just had to transfer the logs to a wordpad, then to a removable disk, and then to the emergency computer! But here are the logs:


exeHelper by Raktor

Build 20100414

Run at 23:40:44 on 12/14/11

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--



MiniToolBox by Farbar

Ran by Val (administrator) on 14-12-2011 at 23:42:03

Microsoft Windows 7 Home Premium Service Pack 1 (X64)



***************************************************************************



========================= Flush DNS: ===================================



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.



========================= IE Proxy Settings: ==============================



Proxy is not enabled.

No Proxy Server is set.



"Reset IE Proxy Settings": IE Proxy Settings were reset.



========================= FF Proxy Settings: ==============================





"Reset FF Proxy Settings": Firefox Proxy settings were reset.



Hosts file not detected in the default directory

========================= IP Configuration: ================================



Intel® Centrino® Wireless-N 6150 = Wireless Network Connection (Connected)

Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

The following helper DLL cannot be loaded: WSHELPER.DLL.





# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4



reset

set global icmpredirects=enabled





popd

# End of IPv4 configuration







Windows IP Configuration



Host Name . . . . . . . . . . . . : Val-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Wireless LAN adapter Wireless Network Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter

Physical Address. . . . . . . . . : 40-25-C2-52-C1-61

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

Physical Address. . . . . . . . . : B8-70-F4-C3-98-B5

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes



Wireless LAN adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150

Physical Address. . . . . . . . . : 40-25-C2-52-C1-60

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::ad5d:b89e:c8c0:d31%11(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Wednesday, December 14, 2011 10:18:06 PM

Lease Expires . . . . . . . . . . : Thursday, December 15, 2011 11:06:08 PM

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DHCPv6 IAID . . . . . . . . . . . : 239084994

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D0-E5-83-40-25-C2-52-C1-60

DNS Servers . . . . . . . . . . . : 192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Enabled



Tunnel adapter isatap.{9EC95200-E7E2-40AF-8760-F2C702AAD063}:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter isatap.{C0ABA79E-F362-4CCC-B89B-B24B06D8778A}:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter 6TO4 Adapter:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter isatap.{B890570A-65FE-4E74-9BD2-F30263AA3631}:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter isatap.{7B9D0C3E-6121-4939-9F97-4277FCC15647}:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter isatap.{70223A6B-6ED3-4D2E-96F3-80B257877BE8}:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Pinging google.com [74.125.115.106] with 32 bytes of data:

Reply from 74.125.115.106: bytes=32 time=34ms TTL=51

Reply from 74.125.115.106: bytes=32 time=30ms TTL=51



Ping statistics for 74.125.115.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 34ms, Average = 32ms



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:

Reply from 72.30.2.43: bytes=32 time=112ms TTL=51

Reply from 72.30.2.43: bytes=32 time=112ms TTL=51



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 112ms, Maximum = 112ms, Average = 112ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

14...40 25 c2 52 c1 61 ......Microsoft Virtual WiFi Miniport Adapter

12...b8 70 f4 c3 98 b5 ......Realtek PCIe FE Family Controller

11...40 25 c2 52 c1 60 ......Intel® Centrino® Wireless-N 6150

1...........................Software Loopback Interface 1

20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3

17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4

18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5

===========================================================================



IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 25

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.5 281

192.168.1.5 255.255.255.255 On-link 192.168.1.5 281

192.168.1.255 255.255.255.255 On-link 192.168.1.5 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.5 281

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.5 281

===========================================================================

Persistent Routes:

None



IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 306 ::1/128 On-link

11 281 fe80::/64 On-link

11 281 fe80::ad5d:b89e:c8c0:d31/128

On-link

1 306 ff00::/8 On-link

11 281 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================



Catalog5 01 mswsock.dll [File Not found] ()

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 mswsock.dll [File Not found] ()

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog9 01 mswsock.dll [File Not found] ()

Catalog9 02 mswsock.dll [File Not found] ()

Catalog9 03 mswsock.dll [File Not found] ()

Catalog9 04 mswsock.dll [File Not found] ()

Catalog9 05 mswsock.dll [File Not found] ()

Catalog9 06 mswsock.dll [File Not found] ()

Catalog9 07 mswsock.dll [File Not found] ()

Catalog9 08 mswsock.dll [File Not found] ()

Catalog9 09 mswsock.dll [File Not found] ()

Catalog9 10 mswsock.dll [File Not found] ()

x64-Catalog5 01 mswsock.dll [File Not found] ()

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 mswsock.dll [File Not found] ()

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)

x64-Catalog9 01 mswsock.dll [File Not found] ()

x64-Catalog9 02 mswsock.dll [File Not found] ()

x64-Catalog9 03 mswsock.dll [File Not found] ()

x64-Catalog9 04 mswsock.dll [File Not found] ()

x64-Catalog9 05 mswsock.dll [File Not found] ()

x64-Catalog9 06 mswsock.dll [File Not found] ()

x64-Catalog9 07 mswsock.dll [File Not found] ()

x64-Catalog9 08 mswsock.dll [File Not found] ()

x64-Catalog9 09 mswsock.dll [File Not found] ()

x64-Catalog9 10 mswsock.dll [File Not found] ()



========================= Event log errors: ===============================



Application errors:

==================

Error: (12/14/2011 10:19:16 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (12/14/2011 10:10:01 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (12/14/2011 10:01:11 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (12/14/2011 09:41:36 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: This network connection does not exist.

.



Error: (12/14/2011 09:41:36 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: 12030 (0x2efe).



Error: (12/14/2011 09:40:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: This network connection does not exist.

.



Error: (12/14/2011 09:40:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: 12030 (0x2efe).



Error: (12/14/2011 08:35:39 PM) (Source: SignInAssistant) (User: )

Description: StartService failed with hr = 0x8007043c



Error: (12/14/2011 08:35:39 PM) (Source: SignInAssistant) (User: )

Description: StartService failed with hr = 0x8007043c



Error: (12/14/2011 08:35:38 PM) (Source: SignInAssistant) (User: )

Description: StartService failed with hr = 0x8007043c





System errors:

=============

Error: (12/14/2011 11:06:10 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)

Description: There was an error while attempting to read the local hosts file.



Error: (12/14/2011 10:18:21 PM) (Source: Service Control Manager) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:

%%1068



Error: (12/14/2011 10:18:20 PM) (Source: DCOM) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}



Error: (12/14/2011 10:18:18 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)

Description: There was an error while attempting to read the local hosts file.



Error: (12/14/2011 10:18:19 PM) (Source: DCOM) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}



Error: (12/14/2011 10:18:14 PM) (Source: DCOM) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}



Error: (12/14/2011 10:18:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: SYSTEM)

Description: WLAN Extensibility Module has failed to start.



Module Path: C:\windows\System32\IWMSSvc.dll

Error Code: 21



Error: (12/14/2011 10:18:03 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

aswSnx

aswSP

aswTdi

discache

spldr

Wanarpv6



Error: (12/14/2011 10:18:03 PM) (Source: DCOM) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}



Error: (12/14/2011 10:17:52 PM) (Source: Service Control Manager) (User: )

Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:

%%1068





Microsoft Office Sessions:

=========================

Error: (12/14/2011 10:19:16 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (12/14/2011 10:10:01 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (12/14/2011 10:01:11 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (12/14/2011 09:41:36 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crtThis network connection does not exist.



Error: (12/14/2011 09:41:36 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt12030 (0x2efe)



Error: (12/14/2011 09:40:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crtThis network connection does not exist.



Error: (12/14/2011 09:40:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt12030 (0x2efe)



Error: (12/14/2011 08:35:39 PM) (Source: SignInAssistant)(User: )

Description: StartService failed with hr = 0x8007043c



Error: (12/14/2011 08:35:39 PM) (Source: SignInAssistant)(User: )

Description: StartService failed with hr = 0x8007043c



Error: (12/14/2011 08:35:38 PM) (Source: SignInAssistant)(User: )

Description: StartService failed with hr = 0x8007043c





=========================== Installed Programs ============================



Ad-Aware (Version: 9.5.0)

Adobe AIR (Version: 2.5.1.17730)

Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)

Adobe Flash Player 11 Plugin (Version: 11.0.1.152)

Adobe Reader X (10.1.1) MUI (Version: 10.1.1)

Ask Toolbar (Version: 1.13.1.0)

avast! Free Antivirus (Version: 6.0.1289.0)

Bamboo (Version: 5.2.4-6)

Best Buy pc app (Version: 3.2.2.1)

CCleaner (Version: 3.10)

D3DX10 (Version: 15.4.2368.0902)

DivX Setup (Version: 2.6.0.34)

GIMP 2.6.11 (Version: 2.6.11)

Google Chrome (Version: 15.0.874.121)

Google Earth (Version: 6.1.0.4857)

Google Earth (Version: 6.1.0.5001)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.2.2308.2056)

Google Update Helper (Version: 1.3.21.79)

Intel PROSet Wireless

Intel WiMAX Tutorial (Version: 1.5.3.1)

Intel® Management Engine Components (Version: 7.0.0.1144)

Intel® Processor Graphics (Version: 8.15.10.2353)

Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)

Intel® Rapid Storage Technology (Version: 10.1.2.1004)

Intel® Wireless Display

Intel® Wireless Display (Version: 2.0.29.0)

Intel® PROSet/Wireless WiMAX Software (Version: 6.02.1000)

Java Auto Updater (Version: 2.0.2.4)

Java™ 6 Update 22 (Version: 6.0.220)

JMicron Flash Media Controller Driver (Version: 1.0.57.2)

Label@Once 1.0 (Version: 1.0)

Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)

ManyCam 2.6.60 (remove only) (Version: 2.6.60)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)

Microsoft Silverlight (Version: 4.0.60831.0)

Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)

MSVCRT (Version: 15.4.2862.0708)

Norton Safe Web Lite (Version: 1.2.0.6)

OpenOffice.org 3.3 (Version: 3.3.9567)

PlayReady PC Runtime amd64 (Version: 1.3.0)

PlayReady PC Runtime x86 (Version: 1.3.0)

Realtek Ethernet Controller Driver (Version: 7.38.113.2011)

Realtek High Definition Audio Driver (Version: 6.0.1.6305)

Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)

Synaptics Pointing Device Driver (Version: 15.2.11.1)

TOSHIBA Application Installer (Version: 9.0.1.1)

TOSHIBA Assist (Version: 4.02.02)

Toshiba Book Place (Version: 2.2.6775)

TOSHIBA Bulletin Board (Version: 1.6.08.64)

TOSHIBA Disc Creator (Version: 2.1.0.7 for x64)

TOSHIBA eco Utility (Version: 1.2.24.64)

TOSHIBA Face Recognition (Version: 3.1.9.64)

TOSHIBA Flash Cards Support Utility (Version: 1.63.0.12C)

TOSHIBA Hardware Setup (Version: 1.63.1.34C)

TOSHIBA HDD Protection (Version: 2.2.1.12)

TOSHIBA HDD/SSD Alert (Version: 3.1.64.8)

TOSHIBA Media Controller (Version: 1.0.86.2)

TOSHIBA Media Controller Plug-in (Version: 1.0.6.1)

TOSHIBA PC Health Monitor (Version: 1.7.5.64)

TOSHIBA Quality Application (Version: 1.0.3)

TOSHIBA Recovery Media Creator (Version: 2.1.3.5109)

TOSHIBA ReelTime (Version: 1.7.17.64)

TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.0)

TOSHIBA Service Station (Version: 2.1.52)

TOSHIBA Sleep Utility (Version: 1.4.2.7)

TOSHIBA Supervisor Password (Version: 1.63.51.2C)

TOSHIBA Value Added Package (Version: 1.5.4.64)

TOSHIBA VIDEO PLAYER (Version: 4.00.6.08-A)

TOSHIBA Web Camera Application (Version: 2.0.0.19)

TOSHIBA Wireless Display Monitor (Version: 1.0.1)

TOSHIBA Wireless LAN Indicator (Version: 1.0.3)

ToshibaRegistration (Version: 1.0.4)

Utility Common Driver (Version: 1.0.52.2C)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)

WebTablet IE Plugin (Version: 1.1.0.7)

WebTablet Netscape Plugin (Version: 1.1.0.5)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3538.0513)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

WinRAR 4.01 (32-bit) (Version: 4.01.0)

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar



**** End of log ****



Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org



Database version: 8373



Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 8.0.7601.17514



12/14/2011 11:47:07 PM

mbam-log-2011-12-14 (23-47-07).txt



Scan type: Quick scan

Objects scanned: 172273

Time elapsed: 1 minute(s), 11 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

(No malicious items detected)



Registry Values Infected:

(No malicious items detected)



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

(No malicious items detected)



Files Infected:

c:\Users\Val\AppData\Local\Temp\pvj.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Val\AppData\Local\Temp\rkalgbyias (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Val\local settings\yvj.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Users\Val\local settings\application data\yvj.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:07 PM

Posted 15 December 2011 - 11:28 AM

Hi Junny,

Does your computer lag in Safe Mode as well as normal mode (or just in normal mode)?

There's a missing file that's required for the internet to work successfully, so that might be why you're experiencing the connection being reset.

:step1: Please download SystemLook from here and save it to your desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    mswsock.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

:step2: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

:step3: Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
When prompted to update the definitions, click Yes.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 15 December 2011 - 11:55 AM

No. It runs normally in safe mode. Well now, isn't a missing file just lovely. Caught a small snag involving the whole aswMBR scan. It just completely halted everything only allowing me to move the mouse but that could be because I was running firefox. Here are the logs:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:44 on 15/12/2011 by Val
Administrator - Elevation successful

========== filefind ==========

Searching for "mswsock.dll"
C:\Windows\System32\mswsock.dll --a---- 326144 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1D5185A4C7E6695431AE4B55C3D7D333
C:\Windows\system64\mswsock.dll --a---- 326144 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1D5185A4C7E6695431AE4B55C3D7D333
C:\Windows\SysWOW64\mswsock.dll --a---- 232448 bytes [03:24 21/11/2010] [03:24 21/11/2010] 8999B8631C7FD9F7F9EC3CAFD953BA24
C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll --a---- 326144 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1D5185A4C7E6695431AE4B55C3D7D333
C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll --a---- 232448 bytes [03:24 21/11/2010] [03:24 21/11/2010] 8999B8631C7FD9F7F9EC3CAFD953BA24

-= EOF =-

Farbar Service Scanner
Ran by Val (administrator) on 15-12-2011 at 11:50:11
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
********************************************************

Service Check:
==============

File Check:
===========
C:\Windows\System32\svchost.exe
[2011-04-06 21:50] - [2011-03-01 03:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-15 11:51:09
-----------------------------
11:51:09.346 OS Version: Windows x64 6.1.7601 Service Pack 1
11:51:09.346 Number of processors: 4 586 0x2A07
11:51:09.346 ComputerName: VAL-PC UserName: Val
11:51:10.547 Initialize success
11:53:39.777 AVAST engine error: 2
11:53:43.614 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:53:43.614 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
11:53:43.630 Disk 0 MBR read successfully
11:53:43.630 Disk 0 MBR scan
11:53:43.630 Disk 0 Windows VISTA default MBR code
11:53:43.646 Service scanning
11:53:45.081 Modules scanning
11:53:45.081 Disk 0 trace - called modules:
11:53:45.112 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
11:53:45.128 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006aeb060]
11:53:45.128 3 CLASSPNP.SYS[fffff880017c343f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006aea060]
11:53:45.143 5 thpdrv.sys[fffff88001bc3cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005cc3050]
11:53:45.143 Scan finished successfully
11:53:57.389 Disk 0 MBR has been saved successfully to "C:\Users\Val\Desktop\MBR.dat"
11:53:57.405 The log file has been saved successfully to "C:\Users\Val\Desktop\aswMBR.txt"

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:07 PM

Posted 15 December 2011 - 12:08 PM

Hi Junny,

Interestingly, the file I thought was missing isn't missing after all.

Let's upload a file for a second opinion on what it actually is.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Go to Virustotal: http://www.virustotal.com/

When the Virustotal page has finished loading, click the Choose File button and navigate to the following file and click Send File.

C:\Windows\System32\svchost.exe

If prompted to reanalyze a file, please do so.

Please post back the website address (URL) of the Virustotal result in your next post.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 15 December 2011 - 12:23 PM

Really? Great! That's a start at least! Here is the following url:

http://www.virustotal.com/file-scan/report.html?id=f9e237d44c423b913302917d509dae155d7bafcc53c432defb91d6636acc08a3-1323969226

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:07 PM

Posted 15 December 2011 - 12:33 PM

Hi Junny,

Well, the VirusTotal result is clean.

If you boot into normal mode, open the task manager (pressing the Ctrl+Shift+Esc keys), click on the Processes tab, and then click on the CPU column. What is the image name of the process using the most CPU?

In normal mode (if you can, otherwise do this in Safe Mode):
Rerun SystemLook.
Type in:
:filefind
svchost.exe
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 15 December 2011 - 12:54 PM

Well, due to the unfortunate measures of a still lagging computer, I couldn't open up the task manager at all no matter what I tried. Same thing goes for SystemLook but here is the log once again:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:52 on 15/12/2011 by Val
Administrator - Elevation successful

========== filefind ==========

Searching for "svchost.exe"
C:\Windows\System32\svchost.exe --a---- 27648 bytes [02:50 07/04/2011] [08:07 01/03/2011] 6F68F63794097E54F36474ED4384B759
C:\Windows\system64\svchost.exe --a---- 27648 bytes [02:50 07/04/2011] [08:07 01/03/2011] 6F68F63794097E54F36474ED4384B759
C:\Windows\SysWOW64\svchost.exe --a---- 21504 bytes [02:50 07/04/2011] [08:05 01/03/2011] ECDB182F885292145826C58252B53000
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe --a---- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe --a---- 27648 bytes [02:50 07/04/2011] [08:07 01/03/2011] 6F68F63794097E54F36474ED4384B759
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe --a---- 27648 bytes [02:50 07/04/2011] [08:10 01/03/2011] 635455A95EB8EC47AC72142E501465ED
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe --a---- 21504 bytes [02:50 07/04/2011] [08:05 01/03/2011] ECDB182F885292145826C58252B53000
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe --a---- 21504 bytes [02:50 07/04/2011] [08:07 01/03/2011] A91A288C91F9D9F1CFA4FAA9893C4D55

-= EOF =-

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:07 PM

Posted 15 December 2011 - 01:16 PM

Hi Junny,

I've asked a colleague for some assistance. Please be patient until I hear back from them.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 15 December 2011 - 02:42 PM

I'm sorry for being such a bother. I'll wait patiently for your co-worker.

But, I did manage to get the taskmamager open for a brief moment and I don't remember correctly but I'm positive the one using the most CPU is csrss.exe file. I'll try my hardest to run SystemLook in normal mode.

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:07 PM

Posted 15 December 2011 - 03:06 PM

Hi Junny,

With the information you have provided I believe you will need help from the malware removal team. Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 15 December 2011 - 05:04 PM

Well that's unfortunate. But thank you very much for your time, Jason and I'm sorry that things have been a bit stressful about this. I have done what you asked and posted in the forum.

Thank you and have a nice day.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users