Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware, Virus--Redirecting search results


  • This topic is locked This topic is locked
2 replies to this topic

#1 fishb8

fishb8

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 10 February 2012 - 02:56 AM

I'm on vacation visiting my parents, and every year, my father has a new virus attack on his computer and has stopped using it. He's running Windows Vista and when I arrived his system was inoperable. I was able to restore to a backup, and that fixed most of his issues. I ran security scans with windows essentials and IOBit Malware fighter. It found and deleted:

Exploit: Java/CVE-2011-3544.N

Items:
file:C:\Users\Owner\AppData\Local\Temp\jar_cache5285920102528309587.tmp->arjwtjssnfugspuf/pycyqpltpvpjdrqllfsgg.class
file:C:\Users\Owner\AppData\Local\Temp\jar_cache560707896116285352.tmp->arjwtjssnfugspuf/pycyqpltpvpjdrqllfsgg.class

After this, I still have hijacking from search results in Google Chrome and Firefox. I don't know what else to do to get rid of this. I'm posting the information according to your instructions.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Owner at 21:50:15 on 2012-02-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1824 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Wi-Fi Connect\WiFiConnect.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Program Files\IObit\IObit Malware Fighter\IWsIMF.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5668E
uSearch Bar =
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5668E
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - c:\program files\verizontb\auxi\verizonAu.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\skype.lnk - c:\windows\installer\{aa59dde4-b672-4621-a016-4c248204957a}\SkypeIcon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\snapde~1.lnk - c:\windows\twain_32\ca561a\SnapDetect.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{33A56068-9554-43F5-9A0D-83B3E039FF9F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75DA16F0-2E37-4EDB-8A55-B4A59D61E1FD} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\jcvptso7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2012-1-22 821592]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-12-1 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-12-1 185640]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2012-1-22 20336]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2012-1-22 30600]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2012-1-22 19792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca7e9ee8f8abc0;Google Update Service (gupdate1ca7e9ee8f8abc0);c:\program files\google\update\GoogleUpdate.exe [2009-12-16 133104]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-18 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-16 133104]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2009-7-23 11264]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2011-1-2 655872]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-4-4 10112]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 RCVistaSvc;RCVistaSvc;c:\program files\max registry cleaner\rcvistaservice.exe --> c:\program files\max registry cleaner\RCVistaService.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-02-09 11:17:52 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{34d0bc14-f371-4726-986c-3319a08c8641}\offreg.dll
2012-02-08 14:34:31 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{34d0bc14-f371-4726-986c-3319a08c8641}\mpengine.dll
2012-02-03 02:24:31 -------- d-----w- c:\users\owner\40 th ANNIVERSARY
2012-02-02 16:54:26 -------- d-----w- c:\programdata\Wi-Fi Connect
2012-02-02 16:54:26 -------- d-----w- c:\programdata\WEngineLite
2012-02-02 16:54:26 -------- d-----w- c:\program files\Wi-Fi Connect
2012-02-02 16:54:26 -------- d-----w- c:\program files\common files\Verizon Shared
2012-02-02 16:54:23 7640576 ----a-w- c:\windows\WiFi_Connect.msi
2012-02-02 16:53:46 -------- d-----w- c:\programdata\WiFiTemp
2012-02-01 04:29:40 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-01-30 08:49:41 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-01-30 08:49:41 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-01-30 08:47:10 -------- d-----w- c:\program files\verizontb
2012-01-30 08:46:07 23896576 ----a-w- c:\windows\VzInHomeAgentInstaller.msi
2012-01-30 06:37:43 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4665b7c9-ba44-4b4b-95bd-0754d3044bbc}\gapaengine.dll
2012-01-30 04:44:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-30 03:31:51 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9f6cf309-6b55-4302-b794-b0351f8231ca}\mpengine.dll
2012-01-29 22:58:06 14480368 ----a-w- c:\users\owner\VZ_Activation.exe
2012-01-29 22:50:39 -------- d-----w- c:\users\owner\appdata\local\SupportSoft
2012-01-29 22:50:24 -------- d-----w- c:\program files\VERIZONDM
2012-01-29 22:50:18 9795072 ----a-w- c:\windows\VerizonDM.msi
2012-01-29 22:50:17 -------- d-----w- c:\program files\Verizon
2012-01-29 22:50:17 -------- d-----w- c:\program files\common files\SupportSoft
2012-01-22 17:57:24 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-22 17:09:18 98304 ----a-w- c:\windows\system32\redmonnt.dll
2012-01-22 17:08:43 -------- d-----w- c:\program files\FoxTabPDFConverter
2012-01-22 16:47:14 -------- d-----w- c:\windows\CheckSur
2012-01-22 11:06:14 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-01-22 11:06:14 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-22 11:06:14 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-22 11:06:13 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-22 11:06:12 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-01-22 11:06:11 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-22 11:06:11 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-01-22 11:05:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-01-22 11:04:26 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-22 11:04:26 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-22 11:04:22 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-22 11:03:35 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-01-22 11:02:01 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-22 11:01:35 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-22 11:01:32 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-22 11:00:23 2043904 ----a-w- c:\windows\system32\win32k.sys
2012-01-22 10:59:11 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-22 10:58:27 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-22 10:58:27 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-22 10:56:41 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-22 10:56:31 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-01-22 09:06:53 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-22 09:06:53 9728 ----a-w- c:\windows\system32\lsass(524).exe
2012-01-22 09:06:53 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-22 09:06:53 72704 ----a-w- c:\windows\system32\secur32(552).dll
2012-01-22 09:06:53 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-22 09:06:53 377344 ----a-w- c:\windows\system32\winhttp(571).dll
2012-01-22 09:06:53 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-22 09:06:53 278528 ----a-w- c:\windows\system32\schannel(551).dll
2012-01-22 09:06:53 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-22 09:06:53 1259008 ----a-w- c:\windows\system32\lsasrv(523).dll
.
==================== Find3M ====================
.
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:58:50.27 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/3/2008 9:42:27 PM
System Uptime: 2/9/2012 3:16:54 AM (18 hours ago)
.
Motherboard: ECS | | MCP61PM-GM
Processor: AMD Athlon™ 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3000/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 196.413 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 4.08 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1207: 1/30/2012 5:32:04 AM - Windows Update
RP1209: 1/30/2012 5:36:31 AM - Advanced SystemCare RestorePoint
RP1211: 1/30/2012 6:00:30 AM - IObit Uninstaller RestorePoint
RP1212: 1/30/2012 6:01:42 AM - Removed Ask Toolbar.
RP1214: 1/30/2012 6:05:53 AM - IObit Uninstaller RestorePoint
RP1215: 1/30/2012 6:06:17 AM - Removed Microsoft Money Shared Libraries
RP1216: 1/30/2012 6:42:14 AM - Windows Update
RP1217: 1/30/2012 6:49:13 AM - Windows Update
RP1218: 1/30/2012 6:55:00 AM - Windows Update
RP1219: 1/30/2012 7:00:42 AM - Windows Update
RP1220: 1/30/2012 8:48:16 AM - Windows Update
RP1221: 1/30/2012 8:52:42 AM - Windows Update
RP1222: 1/30/2012 8:57:54 AM - Windows Update
RP1223: 1/30/2012 9:23:10 AM - Windows Update
RP1224: 1/30/2012 10:04:25 AM - Windows Update
RP1225: 1/30/2012 12:30:40 PM - Windows Update
RP1227: 1/30/2012 10:40:29 PM - Windows Update
RP1228: 1/31/2012 8:28:44 PM - Windows Update
RP1229: 2/1/2012 3:00:11 AM - Windows Update
RP1230: 2/1/2012 8:08:56 AM - Windows Update
RP1232: 2/1/2012 8:22:25 AM - Advanced SystemCare RestorePoint
RP1234: 2/2/2012 3:00:13 AM - Windows Update
RP1235: 2/2/2012 3:29:22 AM - Windows Update
RP1236: 2/2/2012 7:42:23 AM - Windows Update
RP1237: 2/2/2012 9:25:11 AM - Windows Update
RP1238: 2/3/2012 12:47:26 AM - Scheduled Checkpoint
RP1239: 2/3/2012 3:00:11 AM - Windows Update
RP1241: 2/4/2012 12:00:10 AM - Scheduled Checkpoint
RP1243: 2/4/2012 3:00:12 AM - Windows Update
RP1244: 2/4/2012 3:28:26 AM - Windows Update
RP1246: 2/4/2012 8:18:21 AM - Advanced SystemCare RestorePoint
RP1248: 2/5/2012 12:00:16 AM - Scheduled Checkpoint
RP1250: 2/5/2012 1:42:00 AM - Windows Update
RP1252: 2/5/2012 3:00:11 AM - Windows Update
RP1254: 2/6/2012 3:00:13 AM - Windows Update
RP1255: 2/6/2012 3:28:13 AM - Windows Update
RP1256: 2/6/2012 4:34:28 PM - Windows Update
RP1257: 2/7/2012 3:00:11 AM - Windows Update
RP1258: 2/7/2012 7:25:18 AM - Windows Update
RP1259: 2/8/2012 6:34:06 AM - Windows Update
RP1260: 2/8/2012 8:14:42 AM - Windows Update
RP1262: 2/9/2012 12:00:06 AM - Scheduled Checkpoint
RP1264: 2/9/2012 3:00:13 AM - Windows Update
RP1266: 2/9/2012 8:43:36 PM - Advanced SystemCare RestorePoint
RP1268: 2/9/2012 9:04:11 PM - IObit Uninstaller RestorePoint
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
Advanced SystemCare 3
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belkin Wireless USB Adapter Setup
Bonjour
Canon MP Navigator EX 1.0
Canon MP210 series
Canon MP210 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Carbonite Online Backup Setup
Compatibility Pack for the 2007 Office system
Cool Record Edit Pro
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DHTML Editing Component
Digital Voice Editor 3
Diner Dash
ESET Online Scanner v3
Eyewitness World Atlas
Free Sound Recorder
Gateway Games
Gateway Recovery Center Installer
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IHA_MessageCenter
IObit Malware Fighter
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 4
Junk Mail filter update
Juno
jZip
LabelPrint
Max Registry Cleaner
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2000 Premium
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
NVIDIA Drivers
Power2Go 5.0
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Segoe UI
Skype Click to Call
Skype™ 5.5
Smart Copy
Soft Data Fax Modem with SmartCP
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
USB PC Camera
Verizon Download Manager
Verizon Toolbar
Vz In Home Agent
Wi-Fi Connect
Windows Driver Package - NVIDIA Corporation (nvstor32) HDC (07/02/2007 5.10.2600.0995)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip 12.1
XPS Viewer
Yahoo! Messenger
Yahoo! Search Protection
.
==== Event Viewer Messages From Past Week ========
.
2/9/2012 7:53:04 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s).
2/9/2012 7:53:04 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
2/9/2012 7:53:04 PM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
2/9/2012 7:53:04 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/9/2012 3:24:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2633171).
2/9/2012 3:20:34 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/9/2012 3:20:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter service to connect.
2/9/2012 3:20:34 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The pipe state is invalid.
2/9/2012 3:20:34 AM, Error: Service Control Manager [7000] - The Terminal Services service failed to start due to the following error: The pipe state is invalid.
2/9/2012 3:20:34 AM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The pipe state is invalid.
2/9/2012 3:20:34 AM, Error: Service Control Manager [7000] - The IHA_MessageCenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/9/2012 3:20:34 AM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The pipe state is invalid.
2/9/2012 3:18:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2633171~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
2/9/2012 3:18:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2633171_client~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
2/9/2012 3:18:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2633171_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
2/9/2012 3:18:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Installed(Installed) state
2/9/2012 3:18:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Installed(Installed) state
2/9/2012 3:18:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2644615~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
2/9/2012 3:18:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2633171~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
2/9/2012 3:18:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2644615~31bf3856ad364e35~x86~~6.0.1.0 () into Installed(Installed) state
2/9/2012 3:18:45 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2633171~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
2/9/2012 3:18:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/9/2012 3:17:10 AM, Error: volmgr [46] - Crash dump initialization failed!
2/9/2012 3:16:10 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
2/9/2012 12:00:05 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Partition_1.
2/9/2012 10:52:33 AM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
2/9/2012 1:50:46 PM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/9/2012 1:50:46 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/9/2012 1:50:46 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
2/9/2012 1:50:46 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/8/2012 9:14:50 PM, Error: Service Control Manager [7031] - The Terminal Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/8/2012 8:57:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/8/2012 8:56:57 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 001E902B94A4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2/8/2012 8:35:41 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001E902B94A4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2/8/2012 8:25:53 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.39 for the Network Card with network address 001E902B94A4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/8/2012 8:25:52 AM, Error: EventLog [6008] - The previous system shutdown at 8:23:11 AM on 2/8/2012 was unexpected.
2/8/2012 8:21:12 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001E902B94A4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/8/2012 8:16:51 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 001E902B94A4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/8/2012 8:16:50 AM, Error: EventLog [6008] - The previous system shutdown at 8:14:41 AM on 2/8/2012 was unexpected.
2/8/2012 6:23:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/8/2012 3:04:47 PM, Error: Service Control Manager [7031] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/6/2012 4:37:07 PM, Error: EventLog [6008] - The previous system shutdown at 4:34:07 PM on 2/6/2012 was unexpected.
2/6/2012 2:24:24 AM, Error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 3 time(s).
2/6/2012 2:24:24 AM, Error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 3 time(s).
2/6/2012 2:24:24 AM, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
2/4/2012 3:17:45 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/3/2012 9:07:13 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Amazon.com: Uniden Big Button Cordless Phone and Digital Answering System (EZAI2997): Electronics, owned by Owner, failed to print on printer Canon MP210 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 4096984. Number of bytes printed: 800436. Total number of pages in the document: 9. Number of pages printed: 0. Client computer: \\OWNER-PC. Win32 error code returned by the print processor: 1. Incorrect function.
2/3/2012 9:06:42 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Amazon.com: Plantronics Clarity XLC2 Amplified Cordless Big Button Speakerphone: Electronics, owned by Owner, failed to print on printer Canon MP210 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 4145940. Number of bytes printed: 3528764. Total number of pages in the document: 8. Number of pages printed: 0. Client computer: \\OWNER-PC. Win32 error code returned by the print processor: 1. Incorrect function.
2/3/2012 3:18:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
2/2/2012 8:37:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
2/2/2012 8:37:12 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/2/2012 8:33:34 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
2/2/2012 8:33:34 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
2/2/2012 8:33:34 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
2/2/2012 8:33:34 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================

I ran the GMER program and scanned it. It said that it found no system modifications, and there was nothing listed besides that.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:43 AM

Posted 10 February 2012 - 06:40 PM

Hi

Please run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:43 AM

Posted 19 February 2012 - 06:38 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users