Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MyWebSearch/FunWebProducts


  • This topic is locked This topic is locked
12 replies to this topic

#1 srader

srader

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 01 February 2012 - 04:02 PM

I have been having trouble removing this for over a week. I have ran Super Anti-Spyware and it continually shows up. I will go through the removal process and reboot and they will still be there. I have ran Malware Bytes, and it never picks it up. I know that I'm not supposed to post logs, but I read where someone else was having a similar problem so I'm going to post the same logs.

BC AdBot (Login to Remove)

 


#2 srader

srader
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 01 February 2012 - 04:04 PM

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 30
Out of date Java installed!
Adobe Flash Player ( 10.2.152.32) Flash Player Out of Date!
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgemc.exe
``````````End of Log````````````

#3 srader

srader
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 01 February 2012 - 04:06 PM

Farbar Service Scanner Version: 01-02-2012 03
Ran by Scott Rader (administrator) on 01-02-2012 at 13:39:26
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#4 srader

srader
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 01 February 2012 - 04:07 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Scott Rader (administrator) on 01-02-2012 at 13:42:31
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ScottRader-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : NB7WDS.COM
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : E8-9A-8F-63-75-38
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : D0-DF-9A-26-B7-1D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::149b:c3bd:5c9d:f229%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.195(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 01, 2012 1:02:20 PM
Lease Expires . . . . . . . . . . : Thursday, February 02, 2012 1:02:20 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 248569754
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-90-F3-01-D0-DF-9A-26-B7-1D
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{0FF932C8-1465-4F71-8B88-D94BCBB7CA2A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.NB7WDS.COM:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
1.0.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.45.103
74.125.45.105
74.125.45.147
74.125.45.99
74.125.45.104
74.125.45.106


Pinging google.com [74.125.45.105] with 32 bytes of data:
Reply from 74.125.45.105: bytes=32 time=99ms TTL=45
Reply from 74.125.45.105: bytes=32 time=99ms TTL=45

Ping statistics for 74.125.45.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 99ms, Maximum = 99ms, Average = 99ms
1.0.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=129ms TTL=45
Reply from 98.137.149.56: bytes=32 time=229ms TTL=45

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 129ms, Maximum = 229ms, Average = 179ms
1.0.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...e8 9a 8f 63 75 38 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
11...d0 df 9a 26 b7 1d ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.195 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.195 281
192.168.0.195 255.255.255.255 On-link 192.168.0.195 281
192.168.0.255 255.255.255.255 On-link 192.168.0.195 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.195 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.195 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::149b:c3bd:5c9d:f229/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/01/2012 01:02:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2012 07:38:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (02/01/2012 07:08:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2012 07:07:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2012 07:07:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2012 10:10:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/29/2012 09:05:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2012 02:04:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2012 10:42:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/28/2012 09:26:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: dgnuiasvr.exe, version: 11.50.100.92, time stamp: 0x4e293de6
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00022353
Faulting process id: 0x10a4
Faulting application start time: 0xdgnuiasvr.exe0
Faulting application path: dgnuiasvr.exe1
Faulting module path: dgnuiasvr.exe2
Report Id: dgnuiasvr.exe3


System errors:
=============
Error: (02/01/2012 01:03:20 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/01/2012 07:09:48 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/31/2012 07:08:08 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/30/2012 07:08:53 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/29/2012 09:06:00 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/28/2012 02:05:15 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/28/2012 09:20:52 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/27/2012 07:06:10 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/25/2012 07:09:29 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/24/2012 05:47:31 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (10/24/2011 00:19:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5263 seconds with 420 seconds of active time. This session ended with a crash.

Error: (10/11/2011 04:33:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4672 seconds with 300 seconds of active time. This session ended with a crash.

Error: (10/07/2011 06:16:28 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83970 seconds with 2940 seconds of active time. This session ended with a crash.

Error: (09/12/2011 02:40:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14466 seconds with 720 seconds of active time. This session ended with a crash.

Error: (09/09/2011 05:26:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 434542 seconds with 13080 seconds of active time. This session ended with a crash.

Error: (08/31/2011 00:54:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9318 seconds with 780 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6612.1000)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.2) MUI (Version: 10.1.2)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Advanced SystemCare 5 (Version: 5.1.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
AVG 2011 (Version: 10.0.1518)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2109)
AVG 2012 (Version: 2012.0.1913)
Best Buy pc app (Version: 3.2.0.0)
CCleaner (Version: 3.09)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Conexant HD Audio (Version: 8.51.1.0)
D3DX10 (Version: 15.4.2368.0902)
Dragon NaturallySpeaking 11 (Version: 11.50.100)
FileHippo.com Update Checker
HP Photosmart 7510 series Basic Device Software (Version: 25.0.617.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2353)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Picasa 3 (Version: 3.8)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Realtek USB 2.0 Reader Driver (Version: 1.0.0.12)
Realtek WLAN Driver (Version: 2.00.0013)
Safety Peak Anti-Malware (Version: 1.00.0000)
Shareaza 2.5.5.0 (Version: 2.5.5.0)
Skype™ 5.5 (Version: 5.5.113)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1108)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 4.02.02)
Toshiba Book Place (Version: 2.2.6775)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.6 for x64)
TOSHIBA eco Utility (Version: 1.2.25.64)
TOSHIBA Face Recognition (Version: 3.1.8.64)
TOSHIBA Hardware Setup (Version: 4.08.06.00)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7)
TOSHIBA Media Controller (Version: 1.0.86.2)
TOSHIBA Media Controller Plug-in (Version: 1.0.6.1)
TOSHIBA PC Health Monitor (Version: 1.7.4.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.3.5109)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.0)
TOSHIBA Service Station (Version: 2.1.52)
TOSHIBA Sleep Utility (Version: 1.4.2.7)
TOSHIBA Supervisor Password (Version: 4.08.06.00)
TOSHIBA Value Added Package (Version: 1.5.4.64)
TOSHIBA Web Camera Application (Version: 2.0.0.19)
TOSHIBA Wireless LAN Indicator (Version: 1.0.3)
ToshibaRegistration (Version: 1.0.4)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 11.0.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinX DVD Ripper 5.5.0
WinZip 16.0 (Version: 16.0.9715)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 4043.86 MB
Available physical RAM: 2052.78 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 5666.92 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.95 MB

========================= Partitions: =====================================

1 Drive c: (TI106139W0E) (Fixed) (Total:450.57 GB) (Free:402.13 GB) NTFS
2 Drive d: (????) (CDROM) (Total:1.36 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\SCOTTRADER-PC

Administrator Guest Scott Rader


**** End of log ****

#5 srader

srader
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 01 February 2012 - 04:09 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Scott Rader :: SCOTTRADER-PC [administrator]

2/1/2012 1:47:12 PM
mbam-log-2012-02-01 (13-47-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193982
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 srader

srader
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 01 February 2012 - 04:11 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-01 14:11:05
-----------------------------
14:11:05.051 OS Version: Windows x64 6.1.7601 Service Pack 1
14:11:05.051 Number of processors: 4 586 0x2A07
14:11:05.051 ComputerName: SCOTTRADER-PC UserName: Scott Rader
14:11:07.141 Initialize success
14:13:46.101 AVAST engine defs: 12020100
14:13:57.021 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:13:57.031 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
14:13:57.051 Disk 0 MBR read successfully
14:13:57.051 Disk 0 MBR scan
14:13:57.071 Disk 0 Windows VISTA default MBR code
14:13:57.081 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:13:57.091 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461381 MB offset 3074048
14:13:57.151 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 947982336
14:13:57.161 Service scanning
14:13:58.301 Modules scanning
14:13:58.311 Disk 0 trace - called modules:
14:13:58.351 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:13:58.361 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800690d060]
14:13:58.371 3 CLASSPNP.SYS[fffff880017a243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004abe050]
14:13:59.821 AVAST engine scan C:\windows
14:14:02.241 AVAST engine scan C:\windows\system32
14:16:57.575 AVAST engine scan C:\windows\system32\drivers
14:17:15.924 AVAST engine scan C:\Users\Scott Rader
14:21:58.822 AVAST engine scan C:\ProgramData
14:23:22.029 Scan finished successfully
14:30:56.752 Disk 0 MBR has been saved successfully to "C:\Users\Scott Rader\Desktop\MBR.dat"
14:30:56.762 The log file has been saved successfully to "C:\Users\Scott Rader\Desktop\aswMBR.txt"

#7 srader

srader
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 01 February 2012 - 04:25 PM

Then the Super Anti-Spyware log after I have ran the previous tasks.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/01/2012 at 04:23 PM

Application Version : 5.0.1142

Core Rules Database Version : 8190
Trace Rules Database Version: 6002

Scan type : Complete Scan
Total Scan Time : 00:47:36

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 641
Memory threats detected : 0
Registry items scanned : 43639
Registry threats detected : 9
File items scanned : 41174
File threats detected : 12

Adware.Tracking Cookie
C:\Users\Scott Rader\AppData\Roaming\Microsoft\Windows\Cookies\1I8SUJFU.txt [ /statcounter.com ]
C:\Users\Scott Rader\AppData\Roaming\Microsoft\Windows\Cookies\PVOZCNZD.txt [ /www.googleadservices.com ]
C:\Users\Scott Rader\AppData\Roaming\Microsoft\Windows\Cookies\SOE9KJSI.txt [ /avgtechnologies.112.2o7.net ]
C:\Users\Scott Rader\AppData\Roaming\Microsoft\Windows\Cookies\GT3CJKLI.txt [ /ad.yieldmanager.com ]
C:\Users\Scott Rader\AppData\Roaming\Microsoft\Windows\Cookies\B1EO1GG7.txt [ /amazon-adsystem.com ]
C:\Users\Scott Rader\AppData\Roaming\Microsoft\Windows\Cookies\GOL8P919.txt [ /ads.bleepingcomputer.com ]
C:\Users\Scott Rader\AppData\Roaming\Microsoft\Windows\Cookies\051P3THG.txt [ /eset.122.2o7.net ]
C:\Users\Scott Rader\AppData\Roaming\Microsoft\Windows\Cookies\PIIOD9N4.txt [ /banners.archerytalk.com ]
C:\USERS\SCOTT RADER\Cookies\1I8SUJFU.txt [ Cookie:scott rader@statcounter.com/ ]
C:\USERS\SCOTT RADER\Cookies\PVOZCNZD.txt [ Cookie:scott rader@www.googleadservices.com/pagead/conversion/1056304736/ ]
C:\USERS\SCOTT RADER\Cookies\GT3CJKLI.txt [ Cookie:scott rader@ad.yieldmanager.com/ ]
C:\USERS\SCOTT RADER\Cookies\051P3THG.txt [ Cookie:scott rader@eset.122.2o7.net/ ]

Adware.MyWebSearch/FunWebProducts
(x64) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
(x64) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
(x64) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
(x64) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
(x64) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus
(x64) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1
(x64) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
(x64) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus
(x64) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:23 PM

Posted 01 February 2012 - 05:23 PM

Hi srader, and welcome to the forums! :thumbsup:

14:13:57.081 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:13:57.091 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461381 MB offset 3074048
14:13:57.151 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 947982336


This certainly looks like it could be the issue here. I would imagine you're experiencing redirects and some slowness issues as well? I think we'll need to take this to the next level:

One or more of the identified infections is a backdoor trojan/rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you still wish to continue cleaning:

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

**********************************

While you are waiting for the MRT helper, we should at least create a zip of your MBR so that you can attach it in the Malware Removal forum should it be asked of you.

Try this please. You will need a USB drive and a clean computer.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download dumpit to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply in the other forum.

Note: You may have more than one zipped file on your USB. Your helper will help you find the correct zip to attach. :thumbup2:

Please make no further changes to the infected machine unless instructed to do so by your helper.

Best of luck, and please be patient!

bloopie

Edited by bloopie, 01 February 2012 - 06:24 PM.


#9 srader

srader
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 01 February 2012 - 07:18 PM

When I run the gmer all of the boxes are grayed out except for Services, Registry, and Files.

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:23 PM

Posted 01 February 2012 - 09:29 PM

Hi again,

Please make sure you've disabled your antivirus and antispyware programs prior to running GMER, this is important!

Also, AVG is not one of the preferred antivirus installations currently. AVG used to be pretty good, but it's not kept up with the latest infections as other AV's have. It may also cause problems running some of the needed tools to clean your machine. More on that later.

Make fully sure AVG is disabled during the run of GMER, and if still a problem, uninstall AVG and try again.

If you've already done so, and you still have trouble, try this:

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
After Rkill finishes, please do not reboot the computer, or you will need to run the application again!

Now try to run GMER again. If the selections you mentioned earlier are your only choices, then proceed with the scan and post the log as it is.

As described above,

if you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.


Let me know how you make out!:)

bloopie

Edited by bloopie, 01 February 2012 - 10:13 PM.


#11 srader

srader
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 02 February 2012 - 04:39 PM

Done. Thank you for your help. I still had the same problems with running the GMER program.

What would you recommend as the best free anti-software?

#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:23 PM

Posted 02 February 2012 - 04:48 PM

Hello,

Thank you for your help.

It's my pleasure.:)

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

I still had the same problems with running the GMER program.

That's okay, as long as you post what you can in the Malware Removal forum and let them know of the problem with GMER.

Good luck!! :thumbup2:

bloopie

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 02 February 2012 - 05:12 PM

Malware topic here: http://www.bleepingcomputer.com/forums/topic441087.html

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users