Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 internet security virus problems after removal


  • This topic is locked This topic is locked
22 replies to this topic

#1 spaige3

spaige3

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 10 January 2012 - 03:28 PM

I followed the steps to remove Win 7 Internet security virus. I still have some problems. When I start up I recieve problem starting box (runDLL) with C:\USERS\SCOTTP~1|AppDat\Roaming\MICROS~1\Protect\pclw.uf module could not be found. I put super anti spyware and loaded malwarebytes to get rid of the virus. My computer locks up once in awhile and is slower. I had Webroot security . Lost it with the virus and reinstalled. Are the antivirus running on top of each other? Should i restore my registry ?

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:07 AM

Posted 16 January 2012 - 11:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Using a good restore point is an option. Lets see what I can find before going that route.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

#3 spaige3

spaige3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 17 January 2012 - 08:51 AM

I was able to run the text but it wont let me copy or paste. They're un highlighted. Not sure what to do. Scott

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:07 AM

Posted 17 January 2012 - 10:25 AM

What about his one. Can you post a log?

Please download and install the latest version of HijackThis v2.0.4:

CLICK HERE to download the HijackThis Installer:
  • Save HijackThis.msi to your desktop.
  • Double-click on HijackThis.msie to run the program.
  • On Vista or Windows 7 right click on the file and select run as Administrator.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis. Or C:\Programs files (x86)\... on a 64 bit operating system.
  • Accept the license agreement by clicking the "I Accept" button.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click "Save log" to save the log file and then the log will open in Notepad.
  • Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • If your system denies write access to Host files, run HijackThis as an Administrator.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Delete the older version once you have successfully downloaded and installed the latest version via the Add/Remove Programs list.

#5 spaige3

spaige3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 17 January 2012 - 11:36 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:31:57 AM, on 1/17/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers

\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://my.msn.com/default.aspx?mypg=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant

=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch

=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:

\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:

\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -

C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F}

- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec

IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS

\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec

BioExcess\EgisTSR.exe /run
O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker

\EgisPLTSR.exe"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo

\VeriFace\PManage.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo

\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam

\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo

\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files

(x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink

\Power2Go\5.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey

App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files

\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software

\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common

Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files

\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime

\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite

\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes

\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files

\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google

\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best

Buy pc app\ClickOnceSetup.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:

\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live

\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-

A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-

8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-

EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-

46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common

files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common

files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class)

- http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:

\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945}

- C:\Program Files (x86)\Common Files\Microsoft Shared

\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe

Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown

owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files

(x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files

\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com)

- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management

Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin

\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown

owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program

Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:

\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:

\Program Files (x86)\Common Files\EgisTec\Services

\EgisTicketService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel®

Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown

owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc.

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google

Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin

\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows

\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local

Management Service (LMS) - Intel Corporation - C:\Program Files

(x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program

Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:

\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows

\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown

owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300

(ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe

(file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) -

Intel® Corporation - C:\Program Files\Common Files\Intel

\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) -

Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown

owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) -

Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) -

Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) -

Unknown owner - C:\windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -

Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User

Notification Service (UNS) - Intel Corporation - C:\Program Files

(x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) -

Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown

owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown

owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc)

- Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file

missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -

Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) -

Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110

(wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe

(file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101

(WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media

Player\wmpnetwk.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

--
End of file - 12844 bytes
Got it . I had downloaded advanced care 5 and superantispyware. I uninstalled. I notice it is still in program files. It did remove the error message but I still lock up. Thanks Scott

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:07 AM

Posted 18 January 2012 - 08:49 AM

Nothing suspicious was found on your HijackThis log.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#7 spaige3

spaige3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 19 January 2012 - 12:16 PM

I have not been able to get combo fix to run. i have the trial version of malwarebytees and web root says its uninstalled. Combo fix runs about halfway then freezes. What should I do ? Scott

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:07 AM

Posted 19 January 2012 - 02:27 PM

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#9 spaige3

spaige3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 24 January 2012 - 02:26 PM

Sorry this has taken awhile. My computer is at work and it locked up again. My webroot antivirus says it isnt compatable with 64 bit and I don't think it is protecting. The Tdsskiller scan said zero Threats. Thanks Scott

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:07 AM

Posted 25 January 2012 - 08:51 AM

Let see what this tool will find.

Webroot Zero access cleaner.

  • Please download AntiZeroAccess by Webroot to your Desktop
  • Double-click antizeroaccess.exe to run the program.
    • NOTE: If running Vista or Windows 7, make sure to Right-click on it and select Run as an Administrator.

    Posted Image
  • At the black window, type y and then press Enter.
  • Once AntiZeroAccess has finished scanning, a report AntiZeroAccess_Log.txt will be created in the same location as the program.
  • Please post the contents of the report in your next reply, and let me know how your system is running now. :thumbup:
===

#11 spaige3

spaige3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 25 January 2012 - 09:27 AM

I get an error message. Here is the log Thanks Scott

#12 spaige3

spaige3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 25 January 2012 - 09:29 AM

Sorry didn't attach

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:07 AM

Posted 25 January 2012 - 11:00 AM

Sorry this tool is not compatible with a 64bit operating system.

Try this one.

Sophos Anti-Rootkit
http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:07 AM

Posted 31 January 2012 - 10:06 AM

Are you still with me?

#15 spaige3

spaige3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 31 January 2012 - 11:50 AM

Yes i ive had starting out of safe mode and could not get my email working. I ran the TDSSkiller and there were no errors . Here is the othe log. I dont know why I have the start up problems. I ran advanced care 5 to get the computer to start up.It still will not load webroot. Thanks Scott I ran the sophos. It didnt do anything I could tell

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users