Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

audio ads running in the background after security shield infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 xenabc

xenabc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 21 February 2012 - 06:53 AM

My computer (running on Windows XP) was infected by the Security Shield virus ~2 days ago. I googled and found instructions to remove it at bleepingcomputer, including downloading and running Malwarebytes. I eventually got the program running, however as it took >4 hrs to scan someone unknowingly closed down my computer while I was away.

Nonetheless, the next time I started the computer the Security Shield didn't pop up anymore, instead I had a pop-up message saying 'Missing Virus Definitions: VPTray.exe - Ordinal Not Found'. Again I googled and found someone with similar experience, and their problem was solved after using ComboFix. I realise now that I probably shouldn't have done what I did, which was downloading and running ComboFix myself. Anyway, after restarting my computer twice ComboFix found a problem with 'rootkit'.

I ran Malwarebytes again, and it found 2 instances of 'rootkit.0access.h', which it quarantined/deleted.

While I don't get the pop-up messages anymore, I now encounter audio of ads running in the background and clicking noises instead. When I open the Windows Task Manager I can see that there is a few 'QEYV74~1.com' under user name 'system' which is pretty suspicious.

I am fairly certain my computer is still infected by some virus which is beyond my amateur skills to fix, so am asking for help here.

I tried to follow the instructions about DDS and GMER logs, however, my computer crashed twice after attempting to run GMER.

Here is my DDS log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Owner at 21:58:27 on 2012-02-21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1789.477 [GMT 11:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\QRYV74~1.COM
C:\WINDOWS\system32\qryv740Pi.com
C:\WINDOWS\system32\QRYV74~1.COM
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://au.yahoo.com/
uSearch Page = hxxp://www.telstra.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Telstra BigPond Home Internet Explorer
mSearch Page = hxxp://au.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Samsung_AppInst] d:\samsungsoftware\AppInst.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [PPAP] "c:\program files\common files\pplivenetwork\PPAP.exe" -background
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [EssSpkPhone] essspk.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
IE: &U使用米人下载并收藏 - c:\program files\namirobot\data\du.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
LSP: mswsock.dll
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9701758C-4373-482E-B13C-776C048EC890} - hxxp://xmp.down.sandai.net/kankan/KankanPlayer.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://upexe.pplive.com/config/pplite/pluginsetup.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{528B5C76-73E3-41A6-BBA7-0077B15FD67A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{597DCDDD-0BFE-4AA6-9BA1-D7CFC1157C26} : DhcpNameServer = 192.168.0.3
TCP: Interfaces\{5F66579E-ABD5-4DE4-A026-2143462E7B2B} : DhcpNameServer = 192.168.0.3
TCP: Interfaces\{73527131-9738-421E-B8AF-7057FF1B9EA5} : NameServer = 203.12.160.35,203.12.160.36
TCP: Interfaces\{73527131-9738-421E-B8AF-7057FF1B9EA5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AADA794B-5C34-4B30-810D-8656F05DAAB6} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C8DF2C66-DC52-45C6-9E8F-C3D217087BA8} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D02490C3-33DD-444E-A08A-4F3967E00707} : DhcpNameServer = 61.9.211.33 61.9.188.33
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\9l3vc5wa.default\
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-1-12 217088]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-18 652360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-10 106104]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-1-12 36640]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-10-20 45056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-18 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-21 40776]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120217.004\naveng.sys [2012-2-18 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120217.004\navex15.sys [2012-2-18 1576312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S2 ikhlayer;Vwkernel;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-7-19 2831232]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-10-20 1684736]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [2007-6-6 81536]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [2007-6-6 87040]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\samsung\kies\wiselinkpro\wiselinkpro.exe --> c:\program files\samsung\kies\wiselinkpro\WiselinkPro.exe [?]
S3 qcusbser;ACER Android USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2011-10-8 105984]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-1-12 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-1-12 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-1-12 123648]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-8-18 215936]
.
=============== Created Last 30 ================
.
2012-02-21 08:26:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-20 11:19:39 -------- d-----w- c:\windows\system32\KB905474
2012-02-20 11:02:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-02-20 10:56:11 -------- d-----w- c:\windows\ServicePackFiles
2012-02-20 10:51:52 -------- d-----w- c:\windows\ie8updates
2012-02-20 10:45:51 -------- d-----w- c:\program files\MSXML 4.0
2012-02-20 09:42:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-02-20 09:35:11 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-02-20 09:35:11 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-02-20 09:33:35 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-20 09:33:31 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-20 09:33:31 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-20 09:33:30 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-20 09:33:28 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-20 09:33:28 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-20 09:33:27 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-20 09:33:24 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-20 09:30:57 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-02-20 09:30:57 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-02-20 09:30:55 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-02-20 09:30:54 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-02-20 09:16:52 -------- d-----w- c:\windows\system32\PreInstall
2012-02-20 08:22:55 -------- d-sha-r- C:\cmdcons
2012-02-20 08:20:19 98816 ----a-w- c:\windows\sed.exe
2012-02-20 08:20:19 518144 ----a-w- c:\windows\SWREG.exe
2012-02-20 08:20:19 256000 ----a-w- c:\windows\PEV.exe
2012-02-20 08:20:19 208896 ----a-w- c:\windows\MBR.exe
2012-02-20 08:20:10 -------- d-s---w- C:\ComboFix
2012-02-20 08:02:15 -------- d-----w- c:\windows\3425144298
2012-02-19 03:07:03 87176 ----a-w- c:\windows\system32\qryv740Pi.com
2012-02-18 22:19:55 87176 ----a-w- c:\windows\system32\qryv740Pi.com_
2012-02-18 12:54:59 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-02-18 12:54:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-18 12:54:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 12:54:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 12:41:41 9604712 ----a-w- C:\mbam-setup.exe
2012-02-18 12:35:58 1008141 ----a-w- C:\iExplore.exe
2012-02-18 12:30:44 1008141 ----a-w- C:\rkill.com
2012-02-18 12:05:35 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-02-04 07:49:28 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-01-03 01:28:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 22:00:40.76 ===============

Much thanks.

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:27 PM

Posted 21 February 2012 - 04:12 PM

Hello xenabc,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


We need to get a little more information before we begin.


1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

2.
Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:27 PM

Posted 23 February 2012 - 06:54 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 2-3 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:27 PM

Posted 25 February 2012 - 11:38 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users