Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake security and redirect virus


  • This topic is locked This topic is locked
35 replies to this topic

#1 diggidy

diggidy

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 15 February 2012 - 11:17 PM

I got a virus on my computer last weekend. It installed a program called av security essentials or something along those lines. I downloaded Malwarebytes and it found the virus and removed it. A google search told me that this particular virus would change my hosts file, so I took the steps to return the hosts file to normal. First I ran micrsoft fixit, and the redirect kept happening so found a manual way through cmd to do it. I did that and I still continue to get these redirects. I started the free trial for MBAM, and a little window pops up saying it blocked an attempt to forward me to a certain IP address. I believe the IP is 77.79.4.98. MBAM does block the attempt to forward me, but my free trial is almost up and im desperate to get rid of the problem. Any suggestions? Thanks

I couldn't get all the boxes to check for the GMER but ran it for the stuff I could get checked.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Brad at 22:30:45 on 2012-02-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3958.1877 [GMT -6:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxeecoms.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\WizMouse\WizMouse.exe
C:\Users\Brad\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\MATLAB\R2010a\bin\win64\MATLAB.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [WizMouse] "C:\Program Files (x86)\WizMouse\WizMouse.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Brad\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 128.104.254.254 144.92.254.254
TCP: Interfaces\{789FD6AF-4689-4597-AF73-2813EDB3777D} : DhcpNameServer = 128.104.254.254 144.92.254.254
TCP: Interfaces\{90DDFC97-5DA1-45E4-94CD-A56F2DC283A9} : DhcpNameServer = 128.104.254.254 144.92.254.254
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\aurrclvd.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\Windows\system32\drivers\AppleHFS.sys --> C:\Windows\system32\drivers\AppleHFS.sys [?]
R0 AppleMNT;AppleMNT;C:\Windows\system32\drivers\AppleMNT.sys --> C:\Windows\system32\drivers\AppleMNT.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\system32\AppleOSSMgr.exe --> C:\Windows\system32\AppleOSSMgr.exe [?]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\system32\AppleTimeSrv.exe --> C:\Windows\system32\AppleTimeSrv.exe [?]
R2 KeyAgent;KeyAgent;\??\C:\Windows\system32\drivers\KeyAgent.sys --> C:\Windows\system32\drivers\KeyAgent.sys [?]
R2 lxee_device;lxee_device;C:\Windows\system32\lxeecoms.exe -service --> C:\Windows\system32\lxeecoms.exe -service [?]
R2 MacHALDriver;Mac HAL;\??\C:\Windows\system32\drivers\MacHALDriver.sys --> C:\Windows\system32\drivers\MacHALDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-11 652360]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-19 236136]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-3-29 1839888]
R3 acpials;ALS Sensor Filter;C:\Windows\system32\DRIVERS\acpials.sys --> C:\Windows\system32\DRIVERS\acpials.sys [?]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\system32\DRIVERS\AppleBtBc.sys --> C:\Windows\system32\DRIVERS\AppleBtBc.sys [?]
R3 applemtm;Apple Multitouch Mouse;C:\Windows\system32\DRIVERS\applemtm.sys --> C:\Windows\system32\DRIVERS\applemtm.sys [?]
R3 applemtp;Apple Multitouch;C:\Windows\system32\DRIVERS\applemtp.sys --> C:\Windows\system32\DRIVERS\applemtp.sys [?]
R3 CirrusFilter;CS420xLowerFilter;C:\Windows\system32\DRIVERS\CS420x64.sys --> C:\Windows\system32\DRIVERS\CS420x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-8 138360]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\system32\DRIVERS\IRFilter.sys --> C:\Windows\system32\DRIVERS\IRFilter.sys [?]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys --> C:\Windows\system32\DRIVERS\KeyMagic.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxeeserv.exe [2011-11-5 45736]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-11 17:14:20 -------- d-----w- C:\Windows\pss
2012-02-11 16:36:12 -------- d-----w- C:\Users\Brad\AppData\Roaming\Malwarebytes
2012-02-11 16:34:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-11 16:34:57 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-11 16:34:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-11 05:49:34 -------- d-----w- C:\ProgramData\PC Tools
2012-02-11 05:23:36 -------- d-sh--w- C:\Users\Brad\AppData\Roaming\AV Security Essentials
2012-02-11 05:23:36 -------- d-sh--w- C:\ProgramData\AVUZHSE
2012-02-11 05:23:16 -------- d-sh--w- C:\ProgramData\65b526
2012-02-09 23:18:14 -------- d-----w- C:\Program Files (x86)\Samsung
2012-02-09 23:17:27 770912 ----a-w- C:\Windows\SysWow64\Msfdbqp.dll
2012-02-09 23:17:27 511328 ----a-w- C:\Windows\SysWow64\Synchronization2.dll
2012-02-09 23:17:27 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-02-09 23:17:27 397152 ----a-w- C:\Windows\SysWow64\Msfdbse.dll
2012-02-09 23:17:27 253280 ----a-w- C:\Windows\SysWow64\MetaStore2.dll
2012-02-09 23:17:27 230240 ----a-w- C:\Windows\SysWow64\Msfdb.dll
2012-02-09 23:17:27 189792 ----a-w- C:\Windows\SysWow64\SimpleProviders2.dll
2012-02-09 23:17:27 171360 ----a-w- C:\Windows\SysWow64\FileSyncProvider2.dll
2012-02-09 23:17:27 156512 ----a-w- C:\Windows\SysWow64\FeedSync2.dll
2012-02-07 07:17:57 -------- d-sh--w- C:\found.000
2012-01-30 18:17:06 -------- d-----w- C:\Users\Brad\AppData\Local\ElevatedDiagnostics
2012-01-30 15:26:04 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-30 15:26:04 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-30 15:26:04 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-30 15:26:04 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-29 18:53:58 -------- d-----w- C:\Program Files (x86)\WizMouse
2012-01-26 04:23:13 -------- d-----w- C:\Users\Brad\AppData\Roaming\MathWorks
2012-01-26 04:04:52 -------- d-----w- C:\Program Files\MATLAB
2012-01-21 00:40:06 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-01-21 00:40:06 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-01-21 00:40:03 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-21 00:40:03 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-21 00:40:02 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-21 00:40:02 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-21 00:37:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-01-21 00:37:39 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-01-21 00:37:09 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-21 00:37:09 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-21 00:37:06 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-21 00:37:06 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-21 00:27:04 -------- d-----w- C:\ProgramData\Samsung
.
==================== Find3M ====================
.
2012-02-15 22:39:16 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-15 22:26:28 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 22:31:24.99 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-15 22:56:21
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\58b035659e30
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\58b035659e30 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Edited by diggidy, 15 February 2012 - 11:57 PM.


BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:07 PM

Posted 20 February 2012 - 11:47 AM

Hello diggidy,

My name is ratman. I'll be helping you with your computer problems.

Thanks for posting your log. Logs take a while to process due to intensive research that must be done. Please give me some time to look over your logs and I will post back soon.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 diggidy

diggidy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 20 February 2012 - 09:50 PM

Okay sounds great I will be waiting. Thank you

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:07 PM

Posted 21 February 2012 - 05:58 AM

Hello diggidy,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

I want you to run TDSSKiller:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

===================================================================================



Please download ComboFix from here:

Link


* IMPORTANT !!! Save ComboFix.exe to your Desktop.

  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Right click on ComboFix icon Posted Image and run as admin then follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

====================================================================================

In your next reply, please copy/paste the contents of the following:
  • TDSSKiller Log
  • C:\Combofix.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 diggidy

diggidy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 21 February 2012 - 02:27 PM

13:10:38.0554 4920 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
13:10:39.0209 4920 ============================================================
13:10:39.0209 4920 Current date / time: 2012/02/21 13:10:39.0209
13:10:39.0209 4920 SystemInfo:
13:10:39.0209 4920
13:10:39.0209 4920 OS Version: 6.1.7601 ServicePack: 1.0
13:10:39.0209 4920 Product type: Workstation
13:10:39.0209 4920 ComputerName: BRAD-PC
13:10:39.0209 4920 UserName: Brad
13:10:39.0209 4920 Windows directory: C:\Windows
13:10:39.0209 4920 System windows directory: C:\Windows
13:10:39.0209 4920 Running under WOW64
13:10:39.0209 4920 Processor architecture: Intel x64
13:10:39.0209 4920 Number of processors: 4
13:10:39.0209 4920 Page size: 0x1000
13:10:39.0209 4920 Boot type: Normal boot
13:10:39.0209 4920 ============================================================
13:10:40.0909 4920 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:10:40.0956 4920 \Device\Harddisk0\DR0:
13:10:40.0956 4920 GPT used
13:10:40.0956 4920 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {0000698A-0440-0000-4078-0000153D0000}, Name: EFI system partition, StartLBA 0x28, BlocksNum 0x64000
13:10:40.0956 4920 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {00007714-6271-0000-7754-0000BD740000}, Name: Customer, StartLBA 0x64028, BlocksNum 0x2E732080
13:10:40.0956 4920 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {426F6F74-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {1DF88A4B-C1F5-4BBC-B3F0-A0EE84DD9F7A}, Name: Recovery HD, StartLBA 0x2E7960A8, BlocksNum 0x135F20
13:10:40.0956 4920 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DC5ED8D8-0176-4EFA-B475-BB8B0D209F61}, Name: BOOTCAMP, StartLBA 0x2E8CC000, BlocksNum 0xBABA000
13:10:40.0956 4920 Initialize success
13:10:40.0956 4920 ============================================================
13:10:49.0084 4244 ============================================================
13:10:49.0084 4244 Scan started
13:10:49.0084 4244 Mode: Manual;
13:10:49.0084 4244 ============================================================
13:10:49.0957 4244 1394ohci - ok
13:10:49.0973 4244 ACPI - ok
13:10:49.0989 4244 acpials - ok
13:10:49.0989 4244 AcpiPmi - ok
13:10:50.0004 4244 adp94xx - ok
13:10:50.0004 4244 adpahci - ok
13:10:50.0020 4244 adpu320 - ok
13:10:50.0020 4244 AFD - ok
13:10:50.0035 4244 agp440 - ok
13:10:50.0051 4244 aliide - ok
13:10:50.0051 4244 amdide - ok
13:10:50.0067 4244 AmdK8 - ok
13:10:50.0082 4244 AmdPPM - ok
13:10:50.0082 4244 amdsata - ok
13:10:50.0098 4244 amdsbs - ok
13:10:50.0113 4244 amdxata - ok
13:10:50.0129 4244 AppID - ok
13:10:50.0176 4244 AppleBtBc - ok
13:10:50.0191 4244 AppleHFS - ok
13:10:50.0207 4244 AppleMNT - ok
13:10:50.0238 4244 applemtm - ok
13:10:50.0269 4244 applemtp - ok
13:10:50.0301 4244 arc - ok
13:10:50.0316 4244 arcsas - ok
13:10:50.0332 4244 AsyncMac - ok
13:10:50.0332 4244 atapi - ok
13:10:50.0379 4244 b06bdrv - ok
13:10:50.0410 4244 b57nd60a - ok
13:10:50.0441 4244 BCM43XX - ok
13:10:50.0472 4244 Beep - ok
13:10:50.0535 4244 blbdrive - ok
13:10:50.0566 4244 bowser - ok
13:10:50.0581 4244 BrFiltLo - ok
13:10:50.0597 4244 BrFiltUp - ok
13:10:50.0613 4244 Brserid - ok
13:10:50.0628 4244 BrSerWdm - ok
13:10:50.0628 4244 BrUsbMdm - ok
13:10:50.0644 4244 BrUsbSer - ok
13:10:50.0659 4244 BthEnum - ok
13:10:50.0691 4244 BTHMODEM - ok
13:10:50.0691 4244 BthPan - ok
13:10:50.0706 4244 BTHPORT - ok
13:10:50.0706 4244 BTHUSB - ok
13:10:50.0722 4244 cdfs - ok
13:10:50.0737 4244 cdrom - ok
13:10:50.0769 4244 circlass - ok
13:10:50.0800 4244 CirrusFilter - ok
13:10:50.0800 4244 CLFS - ok
13:10:50.0831 4244 CmBatt - ok
13:10:50.0831 4244 cmdide - ok
13:10:50.0831 4244 CNG - ok
13:10:50.0831 4244 Compbatt - ok
13:10:50.0847 4244 CompositeBus - ok
13:10:50.0847 4244 crcdisk - ok
13:10:50.0878 4244 CSC - ok
13:10:50.0909 4244 DfsC - ok
13:10:50.0909 4244 discache - ok
13:10:50.0925 4244 Disk - ok
13:10:50.0925 4244 dmvsc - ok
13:10:50.0940 4244 drmkaud - ok
13:10:50.0940 4244 DXGKrnl - ok
13:10:50.0956 4244 ebdrv - ok
13:10:50.0956 4244 eeCtrl - ok
13:10:50.0971 4244 elxstor - ok
13:10:51.0003 4244 EraserUtilRebootDrv - ok
13:10:51.0003 4244 ErrDev - ok
13:10:51.0018 4244 exfat - ok
13:10:51.0018 4244 fastfat - ok
13:10:51.0034 4244 fdc - ok
13:10:51.0049 4244 FileInfo - ok
13:10:51.0049 4244 Filetrace - ok
13:10:51.0049 4244 flpydisk - ok
13:10:51.0049 4244 FltMgr - ok
13:10:51.0065 4244 FsDepends - ok
13:10:51.0065 4244 Fs_Rec - ok
13:10:51.0065 4244 fvevol - ok
13:10:51.0065 4244 gagp30kx - ok
13:10:51.0065 4244 GEARAspiWDM - ok
13:10:51.0081 4244 hcw85cir - ok
13:10:51.0081 4244 HdAudAddService - ok
13:10:51.0081 4244 HDAudBus - ok
13:10:51.0081 4244 HidBatt - ok
13:10:51.0096 4244 HidBth - ok
13:10:51.0096 4244 HidIr - ok
13:10:51.0096 4244 HidUsb - ok
13:10:51.0112 4244 HpSAMD - ok
13:10:51.0112 4244 HTTP - ok
13:10:51.0112 4244 hwpolicy - ok
13:10:51.0112 4244 i8042prt - ok
13:10:51.0127 4244 iaStorV - ok
13:10:51.0127 4244 iirsp - ok
13:10:51.0127 4244 intelide - ok
13:10:51.0143 4244 intelppm - ok
13:10:51.0143 4244 IpFilterDriver - ok
13:10:51.0143 4244 IPMIDRV - ok
13:10:51.0143 4244 IPNAT - ok
13:10:51.0159 4244 IRENUM - ok
13:10:51.0174 4244 IRRemoteFlt - ok
13:10:51.0174 4244 isapnp - ok
13:10:51.0174 4244 iScsiPrt - ok
13:10:51.0190 4244 kbdclass - ok
13:10:51.0205 4244 kbdhid - ok
13:10:51.0205 4244 KeyAgent - ok
13:10:51.0221 4244 KeyMagic - ok
13:10:51.0221 4244 KSecDD - ok
13:10:51.0221 4244 KSecPkg - ok
13:10:51.0221 4244 ksthunk - ok
13:10:51.0252 4244 lltdio - ok
13:10:51.0283 4244 LSI_FC - ok
13:10:51.0283 4244 LSI_SAS - ok
13:10:51.0283 4244 LSI_SAS2 - ok
13:10:51.0283 4244 LSI_SCSI - ok
13:10:51.0283 4244 luafv - ok
13:10:51.0299 4244 MacHALDriver - ok
13:10:51.0330 4244 MBAMProtector - ok
13:10:51.0330 4244 megasas - ok
13:10:51.0330 4244 MegaSR - ok
13:10:51.0346 4244 Modem - ok
13:10:51.0361 4244 monitor - ok
13:10:51.0377 4244 mouclass - ok
13:10:51.0377 4244 mouhid - ok
13:10:51.0377 4244 mountmgr - ok
13:10:51.0377 4244 mpio - ok
13:10:51.0377 4244 mpsdrv - ok
13:10:51.0393 4244 MRxDAV - ok
13:10:51.0393 4244 mrxsmb - ok
13:10:51.0393 4244 mrxsmb10 - ok
13:10:51.0393 4244 mrxsmb20 - ok
13:10:51.0393 4244 msahci - ok
13:10:51.0408 4244 msdsm - ok
13:10:51.0408 4244 Msfs - ok
13:10:51.0408 4244 mshidkmdf - ok
13:10:51.0408 4244 msisadrv - ok
13:10:51.0439 4244 MSKSSRV - ok
13:10:51.0439 4244 MSPCLOCK - ok
13:10:51.0439 4244 MSPQM - ok
13:10:51.0439 4244 MsRPC - ok
13:10:51.0439 4244 mssmbios - ok
13:10:51.0455 4244 MSTEE - ok
13:10:51.0455 4244 MTConfig - ok
13:10:51.0455 4244 Mup - ok
13:10:51.0471 4244 NativeWifiP - ok
13:10:51.0471 4244 NAVENG - ok
13:10:51.0471 4244 NAVEX15 - ok
13:10:51.0486 4244 NDIS - ok
13:10:51.0486 4244 NdisCap - ok
13:10:51.0502 4244 NdisTapi - ok
13:10:51.0502 4244 Ndisuio - ok
13:10:51.0517 4244 NdisWan - ok
13:10:51.0517 4244 NDProxy - ok
13:10:51.0517 4244 NetBIOS - ok
13:10:51.0517 4244 NetBT - ok
13:10:51.0533 4244 nfrd960 - ok
13:10:51.0564 4244 Npfs - ok
13:10:51.0564 4244 nsiproxy - ok
13:10:51.0564 4244 Ntfs - ok
13:10:51.0580 4244 Null - ok
13:10:51.0611 4244 NVHDA - ok
13:10:51.0627 4244 nvlddmkm - ok
13:10:51.0658 4244 nvraid - ok
13:10:51.0658 4244 nvstor - ok
13:10:51.0689 4244 nv_agp - ok
13:10:51.0705 4244 ohci1394 - ok
13:10:51.0720 4244 Parport - ok
13:10:51.0720 4244 partmgr - ok
13:10:51.0720 4244 pci - ok
13:10:51.0736 4244 pciide - ok
13:10:51.0736 4244 pcmcia - ok
13:10:51.0736 4244 pcw - ok
13:10:51.0736 4244 PEAUTH - ok
13:10:51.0767 4244 PptpMiniport - ok
13:10:51.0767 4244 Processor - ok
13:10:51.0783 4244 Psched - ok
13:10:51.0783 4244 ql2300 - ok
13:10:51.0798 4244 ql40xx - ok
13:10:51.0798 4244 QWAVEdrv - ok
13:10:51.0798 4244 RasAcd - ok
13:10:51.0814 4244 RasAgileVpn - ok
13:10:51.0814 4244 Rasl2tp - ok
13:10:51.0814 4244 RasPppoe - ok
13:10:51.0829 4244 RasSstp - ok
13:10:51.0829 4244 rdbss - ok
13:10:51.0829 4244 rdpbus - ok
13:10:51.0829 4244 RDPCDD - ok
13:10:51.0845 4244 RDPDR - ok
13:10:51.0845 4244 RDPENCDD - ok
13:10:51.0845 4244 RDPREFMP - ok
13:10:51.0845 4244 RDPWD - ok
13:10:51.0845 4244 rdyboost - ok
13:10:51.0861 4244 RFCOMM - ok
13:10:51.0861 4244 rspndr - ok
13:10:51.0861 4244 s3cap - ok
13:10:51.0876 4244 sbp2port - ok
13:10:51.0876 4244 scfilter - ok
13:10:51.0892 4244 secdrv - ok
13:10:51.0892 4244 Serenum - ok
13:10:51.0892 4244 Serial - ok
13:10:51.0892 4244 sermouse - ok
13:10:51.0907 4244 sffdisk - ok
13:10:51.0907 4244 sffp_mmc - ok
13:10:51.0907 4244 sffp_sd - ok
13:10:51.0907 4244 sfloppy - ok
13:10:51.0923 4244 SiSRaid2 - ok
13:10:51.0923 4244 SiSRaid4 - ok
13:10:51.0923 4244 Smb - ok
13:10:51.0970 4244 spldr - ok
13:10:51.0970 4244 SRTSP - ok
13:10:51.0985 4244 SRTSPL - ok
13:10:51.0985 4244 SRTSPX - ok
13:10:51.0985 4244 srv - ok
13:10:51.0985 4244 srv2 - ok
13:10:51.0985 4244 srvnet - ok
13:10:52.0017 4244 stexstor - ok
13:10:52.0017 4244 storflt - ok
13:10:52.0032 4244 storvsc - ok
13:10:52.0032 4244 swenum - ok
13:10:52.0079 4244 SymEvent - ok
13:10:52.0079 4244 Tcpip - ok
13:10:52.0095 4244 TCPIP6 - ok
13:10:52.0095 4244 tcpipreg - ok
13:10:52.0095 4244 TDPIPE - ok
13:10:52.0095 4244 TDTCP - ok
13:10:52.0110 4244 tdx - ok
13:10:52.0126 4244 TermDD - ok
13:10:52.0126 4244 tssecsrv - ok
13:10:52.0141 4244 TsUsbFlt - ok
13:10:52.0141 4244 TsUsbGD - ok
13:10:52.0157 4244 tunnel - ok
13:10:52.0157 4244 uagp35 - ok
13:10:52.0157 4244 udfs - ok
13:10:52.0173 4244 uliagpkx - ok
13:10:52.0173 4244 umbus - ok
13:10:52.0173 4244 UmPass - ok
13:10:52.0188 4244 usbccgp - ok
13:10:52.0188 4244 usbcir - ok
13:10:52.0188 4244 usbehci - ok
13:10:52.0204 4244 usbhub - ok
13:10:52.0204 4244 usbohci - ok
13:10:52.0204 4244 usbprint - ok
13:10:52.0204 4244 usbscan - ok
13:10:52.0219 4244 USBSTOR - ok
13:10:52.0219 4244 usbuhci - ok
13:10:52.0219 4244 usbvideo - ok
13:10:52.0235 4244 vdrvroot - ok
13:10:52.0235 4244 vga - ok
13:10:52.0235 4244 VgaSave - ok
13:10:52.0235 4244 vhdmp - ok
13:10:52.0251 4244 viaide - ok
13:10:52.0251 4244 vmbus - ok
13:10:52.0251 4244 VMBusHID - ok
13:10:52.0251 4244 volmgr - ok
13:10:52.0266 4244 volmgrx - ok
13:10:52.0266 4244 volsnap - ok
13:10:52.0266 4244 vsmraid - ok
13:10:52.0266 4244 vwifibus - ok
13:10:52.0282 4244 vwififlt - ok
13:10:52.0297 4244 WacomPen - ok
13:10:52.0297 4244 WANARP - ok
13:10:52.0297 4244 Wanarpv6 - ok
13:10:52.0313 4244 Wd - ok
13:10:52.0313 4244 Wdf01000 - ok
13:10:52.0329 4244 WfpLwf - ok
13:10:52.0344 4244 WIMMount - ok
13:10:52.0375 4244 WinUsb - ok
13:10:52.0391 4244 WmiAcpi - ok
13:10:52.0407 4244 ws2ifsl - ok
13:10:52.0407 4244 WudfPf - ok
13:10:52.0407 4244 WUDFRd - ok
13:10:52.0469 4244 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:10:52.0500 4244 \Device\Harddisk0\DR0 - ok
13:10:52.0516 4244 Boot (0x1200) (e1efdc90fba6e651a6f3021c63e75c21) \Device\Harddisk0\DR0\Partition0
13:10:52.0516 4244 \Device\Harddisk0\DR0\Partition0 - ok
13:10:52.0531 4244 Boot (0x1200) (180fefed7cb7787c34235591ea80d630) \Device\Harddisk0\DR0\Partition1
13:10:52.0531 4244 \Device\Harddisk0\DR0\Partition1 - ok
13:10:52.0563 4244 Boot (0x1200) (b1d6fca22d8366e70e0b4ee6dc893ac8) \Device\Harddisk0\DR0\Partition2
13:10:52.0563 4244 \Device\Harddisk0\DR0\Partition2 - ok
13:10:52.0563 4244 Boot (0x1200) (4f56a49d117e2b2d39adeb4ab1e9e4a9) \Device\Harddisk0\DR0\Partition3
13:10:52.0563 4244 \Device\Harddisk0\DR0\Partition3 - ok
13:10:52.0578 4244 ============================================================
13:10:52.0578 4244 Scan finished
13:10:52.0578 4244 ============================================================
13:10:52.0594 4204 Detected object count: 0
13:10:52.0594 4204 Actual detected object count: 0



ComboFix 12-02-21.02 - Brad 02/21/2012 13:16:48.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3958.2647 [GMT -6:00]
Running from: c:\users\Brad\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 19:21 . 2012-02-21 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 22:39 . 2012-02-15 22:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-15 22:39 . 2012-02-15 22:39 -------- d-----w- c:\program files (x86)\Java
2012-02-15 22:26 . 2012-02-15 22:26 -------- d-----w- c:\windows\system32\Macromed
2012-02-15 15:50 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 15:50 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 15:50 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 15:50 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 15:50 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 15:50 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 15:50 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 15:50 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-11 16:36 . 2012-02-11 16:36 -------- d-----w- c:\users\Brad\AppData\Roaming\Malwarebytes
2012-02-11 16:34 . 2012-02-11 16:34 -------- d-----w- c:\programdata\Malwarebytes
2012-02-11 16:34 . 2012-02-11 16:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-11 16:34 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 05:49 . 2012-02-11 17:05 -------- d-----w- c:\programdata\PC Tools
2012-02-11 05:23 . 2012-02-11 05:24 -------- d-sh--w- c:\users\Brad\AppData\Roaming\AV Security Essentials
2012-02-11 05:23 . 2012-02-11 05:23 -------- d-sh--w- c:\programdata\AVUZHSE
2012-02-11 05:23 . 2012-02-11 16:34 -------- d-sh--w- c:\programdata\65b526
2012-02-09 23:18 . 2012-02-09 23:19 -------- d-----w- c:\program files (x86)\Samsung
2012-02-09 23:17 . 2012-02-09 23:17 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-02-09 23:17 . 2012-02-09 23:17 770912 ----a-w- c:\windows\SysWow64\Msfdbqp.dll
2012-02-09 23:17 . 2012-02-09 23:17 511328 ----a-w- c:\windows\SysWow64\Synchronization2.dll
2012-02-09 23:17 . 2012-02-09 23:17 397152 ----a-w- c:\windows\SysWow64\Msfdbse.dll
2012-02-09 23:17 . 2012-02-09 23:17 253280 ----a-w- c:\windows\SysWow64\MetaStore2.dll
2012-02-09 23:17 . 2012-02-09 23:17 230240 ----a-w- c:\windows\SysWow64\Msfdb.dll
2012-02-09 23:17 . 2012-02-09 23:17 189792 ----a-w- c:\windows\SysWow64\SimpleProviders2.dll
2012-02-09 23:17 . 2012-02-09 23:17 171360 ----a-w- c:\windows\SysWow64\FileSyncProvider2.dll
2012-02-09 23:17 . 2012-02-09 23:17 156512 ----a-w- c:\windows\SysWow64\FeedSync2.dll
2012-02-07 07:17 . 2012-02-07 07:17 -------- d-----w- C:\found.000
2012-01-30 18:17 . 2012-01-30 18:17 -------- d-----w- c:\users\Brad\AppData\Local\ElevatedDiagnostics
2012-01-30 15:26 . 2012-02-13 20:08 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-30 15:26 . 2012-02-13 20:08 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-30 15:26 . 2012-02-13 20:08 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-30 15:26 . 2012-02-13 20:08 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-29 18:53 . 2012-01-29 18:53 -------- d-----w- c:\program files (x86)\WizMouse
2012-01-26 04:23 . 2012-01-26 04:23 -------- d-----w- c:\users\Brad\AppData\Roaming\MathWorks
2012-01-26 04:04 . 2012-01-26 04:04 -------- d-----w- c:\program files\MATLAB
2012-01-26 03:49 . 2012-01-26 03:49 -------- d-----w- c:\program files\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 22:39 . 2011-11-06 00:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 22:26 . 2011-09-06 03:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-26 3077528]
"WizMouse"="c:\program files (x86)\WizMouse\WizMouse.exe" [2011-09-30 121648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-03-29 115624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brad\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [2010-04-14 45736]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [x]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [x]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-14 1052328]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-19 236136]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [x]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [x]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-06 138360]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 35665450
*Deregistered* - 35665450
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760]
"lxeemon.exe"="c:\program files (x86)\Lexmark Pro700 Series\lxeemon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro700 Series\ezprint.exe" [2010-05-17 148280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 128.104.254.254 144.92.254.254
FF - ProfilePath - c:\users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\aurrclvd.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-21 13:24:22
ComboFix-quarantined-files.txt 2012-02-21 19:24
.
Pre-Run: 68,407,660,544 bytes free
Post-Run: 68,042,366,976 bytes free
.
- - End Of File - - 951190E983FCD23BCA462F267F67BB34

#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:07 PM

Posted 21 February 2012 - 03:22 PM

Hi diggidy,

How is your machine behaving now?

Are you still getting redirects?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 diggidy

diggidy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 21 February 2012 - 05:35 PM

I'm not sure. The redirects weren't happening very often so i'm not sure if the problem is fixed or not. But, MBAM has not popped up saying it has blocked any redirect attempts.

#8 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:07 PM

Posted 21 February 2012 - 06:22 PM

Hi,

Please try Google Analytics and tell me where it takes you.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#9 diggidy

diggidy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 22 February 2012 - 12:38 AM

It took me to the google analytics page. However, I just logged onto skype, and Malware bytes warned me that it was trying to forward me to the IP 89.28.94.60 through skype.exe.

#10 diggidy

diggidy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 22 February 2012 - 12:46 AM

I found this website, http://ip-address-lookup-v4.com/89/28/2 , which says this IP is used as a target address for a trojan and uses skype to infect you. Does this mean that my skype is infected or what?

#11 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:07 PM

Posted 22 February 2012 - 06:59 AM

Hi diggidy,

IP 89.28.94.60 resolves to Moldavia. Did you try to call/connect to someone in that country?

I'd like you to run a Quick Scan with MBAM. Please ensure that the MBAM's definitions database is up to date.

Please copy/paste contents of log in your next reply.

What issues do you still see?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#12 diggidy

diggidy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 22 February 2012 - 11:36 AM

Did I definetly did not try to call anybody from there. Here is the log.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Brad :: BRAD-PC [administrator]

Protection: Enabled

2/11/2012 10:37:13 AM
mbam-log-2012-02-11 (10-37-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178626
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=8050&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Brad\AppData\Local\Temp\0.5113773393963813.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

(end)

#13 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:07 PM

Posted 22 February 2012 - 11:39 AM

Hi,

Thanks for the log. MBAM picked up couple of other things.

How's your machine now?

How's Skype?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#14 diggidy

diggidy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 22 February 2012 - 01:09 PM

I logged into Skype and I didn't get get a redirect notice, but it still makes me nervous. I'm using windows as a dual-boot on my Macbook pro, and i've been thinking about upgrading the hard drive, and may just do that and reinstall windows. Could uninstalling and then reinstalling skype do any good?

#15 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:07 PM

Posted 23 February 2012 - 09:20 AM

Hello diggidy,

I logged into Skype and I didn't get get a redirect notice, but it still makes me nervous. I'm using windows as a dual-boot on my Macbook pro, and i've been thinking about upgrading the hard drive, and may just do that and reinstall windows

When we have finished the cleaning process, your machine will be clear of all active malware. A decision to reinstall windows is entirely up to you.

Could uninstalling and then reinstalling skype do any good?

If skype is no longer showing redirects it means we have cleared the malware that was causing this so an uninstall/reinstall should not make any difference.

We need to bring your Java up to date.

  • Update your Java version here:

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====================================================================================

I'd like us to scan your machine with ESET OnlineScan
  • Right click on the following link and open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


In your next reply, please copy/paste the contents of the following:
  • ESETScan
How is your machine running now?

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users