Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista Antivirus 2012 Infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 Caribx

Caribx

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 12 January 2012 - 07:18 PM

Hello, Any help greatly appreciated in advance.

My laptop was recently infected with "Windows Vista Antivirus 2012" I have only been able to run my programs and internet in safe mode. With a regular boot up do get an internet connection but when I try to run any thing it hangs an I get a (not responding) message. Could some one please direct me in resolving these issues.


Thanks, Cari

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:45 AM

Posted 12 January 2012 - 08:05 PM

Hello Caribx, I moved this to the Am I Infected forum.
Please run these post logs and let me know how it is after.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
>>>>



Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode

<<><<><><><><><><><><><><><><><><><><><><><>
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

>>>>>>>>>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Edited by boopme, 12 January 2012 - 08:05 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 12 January 2012 - 09:58 PM

Thank you for responding boopme,

I ran the tools you instructed me to, here are the logs:

MiniToolBox by Farbar
Ran by Cari (administrator) on 12-01-2012 at 21:33:11
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set interface luid=loopback_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_1 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_2 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_4 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=wireless_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Cari-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : myhome.westell.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : myhome.westell.com
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1D-E0-61-35-CD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fc9c:de6e:36f3:624a%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.25(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, January 12, 2012 6:41:16 PM
Lease Expires . . . . . . . . . . : Friday, January 13, 2012 6:41:16 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218108904
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1A-80-7A-9B-BF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E75B49DA-A45C-4BE5-ADB6-6407114BCFE2}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{ABE3899E-4A54-402C-9350-879195F38C10}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.myhome.westell.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.myhome.westell.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.myhome.westell.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.myhome.westell.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.myhome.westell.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dslrouter
Address: 192.168.1.1:53

Name: google.com
Addresses: 74.125.113.99, 74.125.113.106, 74.125.113.104, 74.125.113.105
74.125.113.103, 74.125.113.147



Pinging google.com [74.125.113.99] with 32 bytes of data:



Reply from 74.125.113.99: bytes=32 time=48ms TTL=54

Reply from 74.125.113.99: bytes=32 time=137ms TTL=54



Ping statistics for 74.125.113.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 137ms, Average = 92ms

Server: dslrouter
Address: 192.168.1.1:53

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=91ms TTL=57

Reply from 209.191.122.70: bytes=32 time=89ms TTL=57



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 89ms, Maximum = 91ms, Average = 90ms

Server: dslrouter
Address: 192.168.1.1:53

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1d e0 61 35 cd ...... Intel® Wireless WiFi Link 4965AGN
8 ...00 1a 80 7a 9b bf ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{E75B49DA-A45C-4BE5-ADB6-6407114BCFE2}
11 ...00 00 00 00 00 00 00 e0 isatap.Belkin
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{ABE3899E-4A54-402C-9350-879195F38C10}
13 ...00 00 00 00 00 00 00 e0 isatap.myhome.westell.com
16 ...00 00 00 00 00 00 00 e0 isatap.myhome.westell.com
15 ...00 00 00 00 00 00 00 e0 isatap.myhome.westell.com
17 ...00 00 00 00 00 00 00 e0 isatap.myhome.westell.com
18 ...00 00 00 00 00 00 00 e0 isatap.myhome.westell.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.25 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.25 281
192.168.1.25 255.255.255.255 On-link 192.168.1.25 281
192.168.1.255 255.255.255.255 On-link 192.168.1.25 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.25 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.25 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 281 fe80::/64 On-link
9 281 fe80::fc9c:de6e:36f3:624a/128
On-link
1 306 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/12/2012 06:42:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2012 06:42:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2012 06:42:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2012 06:42:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2012 06:42:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2012 06:42:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2012 06:42:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2012 06:42:04 PM) (Source: EventSystem) (User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/12/2012 05:09:29 PM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (01/11/2012 08:58:42 PM) (Source: EventSystem) (User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (01/12/2012 06:42:09 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/12/2012 06:42:09 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/12/2012 06:42:06 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (01/12/2012 06:42:04 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/12/2012 06:41:56 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/12/2012 06:41:07 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:18:21 PM on 1/12/2012 was unexpected.

Error: (01/12/2012 05:18:27 PM) (Source: SSIDRV) (User: )
Description: Failed to set monitor event rule.

Error: (01/12/2012 05:18:27 PM) (Source: SSIDRV) (User: )
Description: NetMon is in invalid state.

Error: (01/12/2012 05:18:24 PM) (Source: SSIDRV) (User: )
Description: Failed to set monitor event rule.

Error: (01/12/2012 05:18:24 PM) (Source: SSIDRV) (User: )
Description: NetMon is in invalid state.


Microsoft Office Sessions:
=========================
Error: (01/12/2012 06:42:19 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe

Error: (01/12/2012 06:42:19 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe

Error: (01/12/2012 06:42:19 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe

Error: (01/12/2012 06:42:19 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe

Error: (01/12/2012 06:42:19 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe

Error: (01/12/2012 06:42:19 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe

Error: (01/12/2012 06:42:18 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe

Error: (01/12/2012 06:42:04 PM) (Source: EventSystem)(User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/12/2012 05:09:29 PM) (Source: VzCdbSvc)(User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019

Error: (01/11/2012 08:58:42 PM) (Source: EventSystem)(User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


=========================== Installed Programs ============================


(Version: 1.0.00.11050)
32 Bit HP CIO Components Installer (Version: 6.1.2)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709n (Version: 140.0.000.000)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Akamai NetSession Interface
ArcSoft Magic-i Visual Effects
Ask Toolbar (Version: 1.13.2.0)
BitTorrent (Version: 7.1.0)
BitTorrentBar Toolbar
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
Celtx (2.9.1) (Version: 2.9.1 (en-US))
Click to Disc (Version: 1.0.00.11080)
Click to Disc Editor (Version: 1.0.00)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Corel Paint Shop Pro Photo X2 (Version: 12.001.0000)
Crackle Screen Saver 1.0 (Version: 1.0)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 140.0.213.000)
DivX Setup (Version: 2.5.0.8)
DocMgr (Version: 140.0.65.000)
DocProc (Version: 140.0.100.000)
Facebook Video Calling 1.0.0.8953 (Version: 1.0.8953)
Fax (Version: 140.0.213.000)
FrostWire 4.20.7 (Version: 4.20.7.0)
GearDrvs (Version: 1)
GearDrvs (Version: 1.00.0000)
GPBaseService2 (Version: 140.0.212.000)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HiJackThis (Version: 1.0.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6500 E709 Series (Version: 14.0)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.002.002)
HPProductAssistant (Version: 140.0.213.000)
HPSSupply (Version: 140.0.212.000)
Instant Mode (Version: 1.0.4)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 24 (Version: 6.0.240)
LocationFree Player (Version: 4.02.0000)
Malwarebytes' Anti-Malware
MarketResearch (Version: 140.0.214.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 3.0.127.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MySpace Toolbar (Version: 1.0.72.0)
MySpaceIM (Version: 1.0.823.0)
Network (Version: 140.0.215.000)
Norton 360 (Version: 5.1.0.29)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
ooVoo (Version: 3.0.7031)
ooVoo Toolbar (Version: 1.0.0.0)
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
OpenOffice.org 3.3 (Version: 3.3.9567)
ProductContext (Version: 140.0.000.000)
Realtek High Definition Audio Driver
Roxio Activation Module (Version: 1.0)
Roxio Easy Media Creator Home (Version: 9.1.095)
Scan (Version: 140.0.167.000)
Setting Utility Series (Version: 3.1.00.09240)
Shop for HP Supplies (Version: 14.0)
SolutionCenter (Version: 140.0.214.000)
SonicStage Mastering Studio (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter Custom Preset (Version: 2.3)
SonicStage Mastering Studio Plugins (Version: 2.4)
Sony Video Shared Library (Version: 3.3.00)
Spy Sweeper (Version: 6.1)
Spy Sweeper Core (Version: 4.4.0.85)
Status (Version: 140.0.256.000)
SupportSoft Assisted Service (Version: 15)
Synaptics Pointing Device Driver (Version: 9.1.13.0)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.213.000)
VAIO Camera Capture Utility (Version: 2.7.03.09250)
VAIO Center Access Bar (Version: 1.00.1001)
VAIO Content Folder Setting (Version: 1.0.01.09270)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 2.1.00.09284)
VAIO Content Metadata Manager Setting (Version: 2.1.00.09281)
VAIO Content Metadata XML Interface Library (Version: 2.1.00.09202)
VAIO Control Center (Version: 2.1.00.09190)
VAIO DVD Menu Data Basic (Version: 1.0.00.08130)
VAIO Entertainment Center (Version: 3.00.1005)
VAIO Entertainment Platform (Version: 3.0.00.06280)
VAIO Event Service (Version: 3.3.00.11020)
VAIO Help and Support (Version: 4.10.1105.CRVP)
VAIO Launcher (Version: 1.1.00.09190)
VAIO Media (Version: 6.0.10)
VAIO Media 6.0 (Version: 6.0.10)
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.2
VAIO Media Redistribution 6.0 (Version: 6.0.10)
VAIO Media Registration Tool (Version: 6.0.10)
VAIO Media Registration Tool 6.0 (Version: 6.0.10)
VAIO Movie Story (Version: 1.1.00.10160)
VAIO Movie Story Template Data (Version: 1.1.00.09281)
VAIO MusicBox (Version: 1.1.01.09240)
VAIO MusicBox Sample Music (Version: 1.0.01.09210)
VAIO OOBE and Welcome Center (Version: 4.00.1115.US)
VAIO Original Function Setting (Version: 1.2.00.11100)
VAIO PC Wireless LAN Wizard (Version: 1.01.1015)
VAIO Power Management (Version: 2.3.01.10310)
VAIO Productivity Center (Version: 3.00.1015)
VAIO Security Center (Version: 6.00.1015)
VAIO Service Utility (Version: 1.2.0.0)
VAIO Startup Assistant (Version: 1.00.1019)
VAIO Survey (Version: 5.00.7207)
VAIO Update 3 (Version: 3.0.04.09200)
VAIO Wallpaper Contents (Version: 1.0.00.09200)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Video Free Files Convert 1.1 (Version: 1.1)
WebReg (Version: 140.0.213.017)
WIDCOMM Bluetooth Software 6.1.0.2200 (Version: 6.1.0.2200)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinDVD for VAIO (Version: 8.0-B8.411)
WinRAR archiver
Wireless Switch Setting Utility (Version: 3.6.00.18210)
Xvid 1.2.1 final uninstall (Version: 1.2)
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 2037.81 MB
Available physical RAM: 1406.98 MB
Total Pagefile: 4291.91 MB
Available Pagefile: 3853.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.81 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:178.22 GB) (Free:119.72 GB) NTFS

========================= Users: ========================================

User accounts for \\CARI-PC

Admin Administrator Cari
Guest

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini081011-01.dmp
C:\Windows\Minidump\Mini102911-01.dmp
C:\Windows\Minidump\Mini110111-01.dmp

**** End of log ****


----------------------------------------------------------------------------------------
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/12/2012 at 21:45:23.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 01/12/2012 at 21:45:26.

----------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 6.0.6000

9:50:50 PM 1/12/2012
mbam-log-1-12-2012 (21-50-50).txt

Scan type: Quick Scan
Objects scanned: 35499
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:45 AM

Posted 12 January 2012 - 10:28 PM

Hello, Did you do this part?
Please download TDSSKiller.zip and and extract it.



Your MBAM did not update
Yours Malwarebytes' Anti-Malware 1.24
Now at 1.60


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 13 January 2012 - 12:44 PM

Hello, Yes I did run TDSSkiller. I just did not see the report option:


12:40:42.0819 1320 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
12:40:43.0116 1320 ============================================================
12:40:43.0116 1320 Current date / time: 2012/01/13 12:40:43.0116
12:40:43.0116 1320 SystemInfo:
12:40:43.0116 1320
12:40:43.0116 1320 OS Version: 6.0.6000 ServicePack: 0.0
12:40:43.0116 1320 Product type: Workstation
12:40:43.0116 1320 ComputerName: CARI-PC
12:40:43.0116 1320 UserName: Cari
12:40:43.0116 1320 Windows directory: C:\Windows
12:40:43.0116 1320 System windows directory: C:\Windows
12:40:43.0116 1320 Processor architecture: Intel x86
12:40:43.0116 1320 Number of processors: 2
12:40:43.0116 1320 Page size: 0x1000
12:40:43.0116 1320 Boot type: Safe boot with network
12:40:43.0116 1320 ============================================================
12:40:44.0317 1320 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000, SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
12:40:44.0364 1320 Initialize success



--------------------------------------------------------------------------------------
As for MBAM I am only able to run it in Safe mode, here is the log:



Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.01

Windows Vista x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.6000.16982
Cari :: CARI-PC [administrator]

Protection: Disabled

1/13/2012 12:22:24 AM
mbam-log-2012-01-13 (01-30-32).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294235
Time elapsed: 36 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2A123C3-A500-90BD-A120-04B53A2C8952} (Trojan.Ertfor) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2A123C3-A500-90BD-A120-04B53A2C8952} (Trojan.Ertfor) -> No action taken.
HKCU\SOFTWARE\3XQZ6EO4AP (Trojan.FakeAlert.SA) -> No action taken.
HKCU\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Cari\AppData\Local\buk.exe (Spyware.Agent) -> No action taken.
C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job (Trojan.FraudPack) -> No action taken.

(end)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:45 AM

Posted 13 January 2012 - 04:12 PM

Hmmm I think we may have a zeroaccess rootkit.

You did also click the Remove Selected in the MBAM scan as I see no Action Taken in the log.

Try from Normal mode first. If needed use Safe Mode with Networking.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

Edited by boopme, 13 January 2012 - 04:13 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 13 January 2012 - 07:26 PM

Hi, I just removed the entries from MBAM earlier today

I did run ESET and it produced no log. I am still having issues in normal mode. I was able to begin running MBAM in this mode but it froze half way through the process and my other programs are not responding.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:45 AM

Posted 13 January 2012 - 09:34 PM

Hello, It does appear that perhaps a zeroaccess is taking over,

We need a deeper look. Please go here....
Preparation Guide .

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 14 January 2012 - 02:10 PM

Hi Boopme,

I've followed the steps up until DDS, It seems to be hanging. The computer is not frozen nor does the DDS application appear to be either. It has just been at the processing stage for quite a while. Does this typically take longer than the 3 minute window it states?

#10 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 14 January 2012 - 05:59 PM

A screen shot of task manager processes running,

I see many svchost.exe running but no cpu usage is shown.


Posted Image

Edited by Caribx, 14 January 2012 - 06:00 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:45 AM

Posted 14 January 2012 - 07:27 PM

Hi cari,just got back.
If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 18 January 2012 - 12:17 PM

Hi Boopme,


I ran OTL and posted my logs, was I also supposed to run GMER after OTL and post that log as well? Also, typically how log does it take to receive a response in the log forum?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:45 AM

Posted 18 January 2012 - 05:05 PM

Hi Cari, you have done great!!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 3 - 5 days and ALL logs are amswered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users