Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infection found in earlier thread. DDS & GMER logs attached.


  • This topic is locked This topic is locked
33 replies to this topic

#1 azlumberking

azlumberking

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 20 July 2012 - 11:18 AM

http://www.bleepingcomputer.com/forums/topic459450.html/page__pid__2753106#entry2753106

Hi there,

My computer is acting strange not allowing me to use some settings. I believe that there is something loaded on it that should not be there. Any help is appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Jeff Menard at 7:53:51 on 2012-07-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.682 [GMT -7:00]
.
AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
FW: BitDefender Firewall *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxeccoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files\Garmin\Training Center\gStart.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\wuauclt.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = Preserve
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
uRun: [ANT Agent] c:\program files\garmin\ant agent\ANT Agent.exe
uRun: [gStart] c:\program files\garmin\training center\gStart.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Tour]
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [lxecmon.exe] "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro800-pro900 series\ezprint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\users\jeffme~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.5\transfer utility\CameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pcmmed~1.lnk - c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{1C732DBD-A4DE-402C-AEC2-54CE5833E681} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jeff menard\appdata\roaming\mozilla\firefox\profiles\liziijsi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fptb-]http://armls.flexmls.com/
.
============= SERVICES / DRIVERS ===============
.
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 72784]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2007-4-16 266343]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-9-22 85128]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]
R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 153448]
R3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2009-7-7 28160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-15 136176]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [2010-12-11 193192]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-15 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-14 14:43:45 197075 ----a-w- c:\windows\system32\drivers\etc\hosts.tmp
2012-06-27 21:25:05 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2012-06-27 21:24:48 -------- d-----w- c:\program files\common files\xing shared
2012-06-27 21:24:40 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-06-27 21:24:31 129144 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
.
==================== Find3M ====================
.
2012-06-27 21:24:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-27 21:24:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
============= FINISH: 7:54:56.06 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-20 09:10:54
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT725050VLA380 rev.V56OA73A
Running: gmer.exe; Driver: C:\Users\JEFFME~1\AppData\Local\Temp\pgriapod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[316] kernel32.dll!CreateThread 76FDCB2E 5 Bytes JMP 695972FB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!CreateDialogParamW 76A872A2 5 Bytes JMP 69726778 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!GetAsyncKeyState 76A8863C 5 Bytes JMP 6957DD9D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!SetWindowsHookExW 76A887AD 5 Bytes JMP 695D2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!CallNextHookEx 76A88E3B 5 Bytes JMP 695F7BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!UnhookWindowsHookEx 76A898DB 5 Bytes JMP 6961EB10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!EnableWindow 76A8CD8B 5 Bytes JMP 695D9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!DefWindowProcA 76A8DB88 7 Bytes JMP 69599525 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!CreateWindowExA 76A8DC2A 5 Bytes JMP 695A335B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!CreateWindowExW 76A91305 5 Bytes JMP 695FFF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!GetKeyState 76A98CB1 5 Bytes JMP 6957DC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!DefWindowProcW 76AA03B4 7 Bytes JMP 695F7C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!IsDialogMessageW 76AA0745 5 Bytes JMP 69726EDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!CreateDialogParamA 76AA17AA 5 Bytes JMP 69726740 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!IsDialogMessage 76AA1847 5 Bytes JMP 69726EB5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!CreateDialogIndirectParamA 76AA26F1 5 Bytes JMP 697267B0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!CreateDialogIndirectParamW 76AA9A62 5 Bytes JMP 697267E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!SetKeyboardState 76AB0987 5 Bytes JMP 697277A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!DialogBoxParamW 76AB10B0 5 Bytes JMP 6953170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!DialogBoxIndirectParamW 76AB2EF5 5 Bytes JMP 6972640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!SendInput 76AB2F75 5 Bytes JMP 6972774D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!EndDialog 76AB326E 5 Bytes JMP 69727189 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!SetCursorPos 76AC6FB2 5 Bytes JMP 69727826 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!DialogBoxParamA 76AC8152 5 Bytes JMP 697263A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!DialogBoxIndirectParamA 76AC847D 5 Bytes JMP 69726473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!MessageBoxIndirectA 76ADD4D9 5 Bytes JMP 69726330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!MessageBoxIndirectW 76ADD5D3 5 Bytes JMP 697262B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!MessageBoxExA 76ADD639 5 Bytes JMP 69726253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!MessageBoxExW 76ADD65D 5 Bytes JMP 697261EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] USER32.dll!keybd_event 76ADD972 5 Bytes JMP 6972770A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[316] SHELL32.dll!SHRestricted + D95 75E489A8 4 Bytes [CF, 01, F6, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[316] SHELL32.dll!SHRestricted + D9D 75E489B0 8 Bytes [E0, 61, F5, 68, 79, F7, F5, ...] {LOOPNZ 0x63; CMC ; PUSH 0x68f5f779}
.text C:\Program Files\Internet Explorer\iexplore.exe[316] ole32.dll!OleLoadFromStream 75B21E80 5 Bytes JMP 69726BE7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] kernel32.dll!CreateThread 76FDCB2E 5 Bytes JMP 695972FB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CreateDialogParamW 76A872A2 5 Bytes JMP 69726778 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!GetAsyncKeyState 76A8863C 5 Bytes JMP 6957DD9D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!SetWindowsHookExW 76A887AD 5 Bytes JMP 695D2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CallNextHookEx 76A88E3B 5 Bytes JMP 695F7BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!UnhookWindowsHookEx 76A898DB 5 Bytes JMP 6961EB10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!EnableWindow 76A8CD8B 5 Bytes JMP 695D9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!DefWindowProcA 76A8DB88 7 Bytes JMP 69599525 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CreateWindowExA 76A8DC2A 5 Bytes JMP 695A335B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CreateWindowExW 76A91305 5 Bytes JMP 695FFF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!GetKeyState 76A98CB1 5 Bytes JMP 6957DC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!DefWindowProcW 76AA03B4 7 Bytes JMP 695F7C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!IsDialogMessageW 76AA0745 5 Bytes JMP 69726EDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CreateDialogParamA 76AA17AA 5 Bytes JMP 69726740 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!IsDialogMessage 76AA1847 5 Bytes JMP 69726EB5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CreateDialogIndirectParamA 76AA26F1 5 Bytes JMP 697267B0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CreateDialogIndirectParamW 76AA9A62 5 Bytes JMP 697267E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!SetKeyboardState 76AB0987 5 Bytes JMP 697277A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!DialogBoxParamW 76AB10B0 5 Bytes JMP 6953170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!DialogBoxIndirectParamW 76AB2EF5 5 Bytes JMP 6972640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!SendInput 76AB2F75 5 Bytes JMP 6972774D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!EndDialog 76AB326E 5 Bytes JMP 69727189 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!SetCursorPos 76AC6FB2 5 Bytes JMP 69727826 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!DialogBoxParamA 76AC8152 5 Bytes JMP 697263A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!DialogBoxIndirectParamA 76AC847D 5 Bytes JMP 69726473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!MessageBoxIndirectA 76ADD4D9 5 Bytes JMP 69726330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!MessageBoxIndirectW 76ADD5D3 5 Bytes JMP 697262B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!MessageBoxExA 76ADD639 5 Bytes JMP 69726253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!MessageBoxExW 76ADD65D 5 Bytes JMP 697261EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!keybd_event 76ADD972 5 Bytes JMP 6972770A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] SHELL32.dll!SHRestricted + D95 75E489A8 4 Bytes [CF, 01, F6, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] SHELL32.dll!SHRestricted + D9D 75E489B0 8 Bytes [E0, 61, F5, 68, 79, F7, F5, ...] {LOOPNZ 0x63; CMC ; PUSH 0x68f5f779}
.text C:\Program Files\Internet Explorer\iexplore.exe[3092] ole32.dll!OleLoadFromStream 75B21E80 5 Bytes JMP 69726BE7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\real\realplayer\Update\realsched.exe[3844] kernel32.dll!SetUnhandledExceptionFilter 76FBA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!EnableWindow 76A8CD8B 5 Bytes JMP 695D9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxParamW 76AB10B0 5 Bytes JMP 6953170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxIndirectParamW 76AB2EF5 5 Bytes JMP 6972640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxParamA 76AC8152 5 Bytes JMP 697263A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!DialogBoxIndirectParamA 76AC847D 5 Bytes JMP 69726473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxIndirectA 76ADD4D9 5 Bytes JMP 69726330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxIndirectW 76ADD5D3 5 Bytes JMP 697262B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxExA 76ADD639 5 Bytes JMP 69726253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4668] USER32.dll!MessageBoxExW 76ADD65D 5 Bytes JMP 697261EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] kernel32.dll!CreateThread 76FDCB2E 5 Bytes JMP 695972FB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!CreateDialogParamW 76A872A2 5 Bytes JMP 69726778 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!GetAsyncKeyState 76A8863C 5 Bytes JMP 6957DD9D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!SetWindowsHookExW 76A887AD 5 Bytes JMP 695D2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!CallNextHookEx 76A88E3B 5 Bytes JMP 695F7BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!UnhookWindowsHookEx 76A898DB 5 Bytes JMP 6961EB10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!EnableWindow 76A8CD8B 5 Bytes JMP 695D9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!DefWindowProcA 76A8DB88 7 Bytes JMP 69599525 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!CreateWindowExA 76A8DC2A 5 Bytes JMP 695A335B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!CreateWindowExW 76A91305 5 Bytes JMP 695FFF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!GetKeyState 76A98CB1 5 Bytes JMP 6957DC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!DefWindowProcW 76AA03B4 7 Bytes JMP 695F7C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!IsDialogMessageW 76AA0745 5 Bytes JMP 69726EDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!CreateDialogParamA 76AA17AA 5 Bytes JMP 69726740 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!IsDialogMessage 76AA1847 5 Bytes JMP 69726EB5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!CreateDialogIndirectParamA 76AA26F1 5 Bytes JMP 697267B0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!CreateDialogIndirectParamW 76AA9A62 5 Bytes JMP 697267E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!SetKeyboardState 76AB0987 5 Bytes JMP 697277A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!DialogBoxParamW 76AB10B0 5 Bytes JMP 6953170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!DialogBoxIndirectParamW 76AB2EF5 5 Bytes JMP 6972640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!SendInput 76AB2F75 5 Bytes JMP 6972774D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!EndDialog 76AB326E 5 Bytes JMP 69727189 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!SetCursorPos 76AC6FB2 5 Bytes JMP 69727826 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!DialogBoxParamA 76AC8152 5 Bytes JMP 697263A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!DialogBoxIndirectParamA 76AC847D 5 Bytes JMP 69726473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!MessageBoxIndirectA 76ADD4D9 5 Bytes JMP 69726330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!MessageBoxIndirectW 76ADD5D3 5 Bytes JMP 697262B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!MessageBoxExA 76ADD639 5 Bytes JMP 69726253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!MessageBoxExW 76ADD65D 5 Bytes JMP 697261EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] USER32.dll!keybd_event 76ADD972 5 Bytes JMP 6972770A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] SHELL32.dll!SHRestricted + D95 75E489A8 4 Bytes [CF, 01, F6, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] SHELL32.dll!SHRestricted + D9D 75E489B0 8 Bytes [E0, 61, F5, 68, 79, F7, F5, ...] {LOOPNZ 0x63; CMC ; PUSH 0x68f5f779}
.text C:\Program Files\Internet Explorer\iexplore.exe[4772] ole32.dll!OleLoadFromStream 75B21E80 5 Bytes JMP 69726BE7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys
AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys

---- Files - GMER 1.0.15 ----

File C:\Users\Jeff Menard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jeff Menard\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\94S5MH33\assets.phoenix.edu\0.2\projects\cob\webcms\3.4\flash\universalmediaplayer\flowplayer\swfs_3.2 0 bytes
File C:\Users\Jeff Menard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jeff Menard\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\94S5MH33\assets.phoenix.edu\0.2\projects\cob\webcms\3.4\flash\universalmediaplayer\flowplayer\swfs_3.2\flowplayer.commercial-3.2.5.swf 0 bytes
File C:\Windows\$NtUninstallKB38064$\3313391336 0 bytes
File C:\Windows\$NtUninstallKB38064$\646951487 0 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 23 July 2012 - 12:23 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 24 July 2012 - 10:11 AM

Hi there,

I will work on the combo fix now.

Thanks:)

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
BitDefender Antivirus
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.42.34 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (3.6) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Common Files BitDefender BitDefender Update Service livesrv.exe
BitDefender BitDefender 2010 vsserv.exe
BitDefender BitDefender 2010 bdagent.exe
BitDefender BitDefender 2010 seccenter.exe
BitDefender BitDefender 2010 uiscan.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 24 July 2012 - 06:21 PM

OK let me know when it is done



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 26 July 2012 - 11:06 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 27 July 2012 - 02:04 PM

Sorry for the delay. I had to go out of town. I am back and working on the combofix scan. I tried it the other day but was not able to wait around for it to finish.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 27 July 2012 - 02:47 PM

Greetings


No problem but if it is taking to long again just let me know and I may try something else


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 27 July 2012 - 05:38 PM

Ok,

It took too long again and then a window popped up saying that I was infected by something called zero access. I also am not getting a notice that my recycle bin is corrupted and needs to emptied. This has happend a couple times today. I did not get a log, just the pop up windo from combofix. I will try to run it one more time. If the same windo pops up I will copy it word for word and post it.

Thanks,


Thanks,

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 27 July 2012 - 08:50 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 29 July 2012 - 11:32 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 31 July 2012 - 01:05 PM

working on farbar right now.

Thanks,

#12 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 31 July 2012 - 01:27 PM

I was not able to open it through notepad so I went back to safemode and clicked on it through my thumb drive. Not sure if that changes anything.

Thanks,



Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by Jeff Menard at 31-07-2012 11:16:46
Running from F:\
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-31 11:16 - 2012-07-31 11:16 - 00000000 ____D C:\FRST
2012-07-27 15:54 - 2012-07-27 17:42 - 00000000 ___SD C:\32788R22FWJFW
2012-07-27 13:22 - 2012-07-27 15:54 - 00000000 ___SD C:\ComboFix
2012-07-27 07:21 - 2012-07-27 15:31 - 00001098 ____A C:\Windows\PFRO.log
2012-07-24 07:26 - 2012-07-24 07:26 - 00000063 ____A C:\Users\Jeff Menard\Downloads\93097574f02a3e0.js
2012-07-19 15:55 - 2012-07-19 15:55 - 00000000 ____D C:\Users\All Users\PASettings
2012-07-19 15:55 - 2012-07-19 15:55 - 00000000 ____D C:\Users\All Users\Application Data\PASettings
2012-07-19 15:54 - 2012-07-19 15:59 - 00000000 ____D C:\Users\All Users\SecurityAgent
2012-07-19 15:54 - 2012-07-19 15:59 - 00000000 ____D C:\Users\All Users\Application Data\SecurityAgent
2012-07-19 15:54 - 2012-07-19 15:55 - 00000000 ____D C:\Program Files\SecurityAgent
2012-07-19 15:54 - 2012-07-19 15:54 - 00000840 ____A C:\Users\Jeff Menard\Desktop\SecurityAgent.lnk
2012-07-19 15:54 - 2011-12-09 05:20 - 00180224 ____A (Intel Corporation) C:\Windows\System32\ijl11.dll
2012-07-19 15:54 - 1999-12-09 11:19 - 00147456 ____A (Info-ZIP) C:\Windows\System32\vbzip10.dll
2012-07-15 11:54 - 2012-07-15 11:54 - 00000000 ____D C:\Users\Jeff Menard\Documents\attachments_2012_07_15
2012-07-10 16:17 - 2012-07-10 16:17 - 00000714 ____A C:\Windows\setupact.log
2012-07-10 16:17 - 2012-07-10 16:17 - 00000000 ____A C:\Windows\setuperr.log
2012-07-10 15:18 - 2012-07-10 15:18 - 00007741 ____A C:\Users\Jeff Menard\Desktop\summitschoolaz_org.htm
2012-07-06 03:01 - 2012-07-31 03:01 - 00026862 ____A C:\Windows\IE9_main.log

============ 3 Months Modified Files ========================

2012-07-31 11:07 - 2011-12-02 17:40 - 01593772 ____A C:\Windows\WindowsUpdate.log
2012-07-31 11:07 - 2006-11-02 06:01 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-31 11:07 - 2006-11-02 06:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 11:07 - 2006-11-02 05:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-31 11:07 - 2006-11-02 05:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-31 11:05 - 2010-12-11 16:44 - 00029538 ____A C:\Users\All Users\lxecJSW.log
2012-07-31 11:05 - 2010-12-11 16:44 - 00029538 ____A C:\Users\All Users\Application Data\lxecJSW.log
2012-07-31 10:08 - 2011-02-15 18:42 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-31 07:47 - 2011-02-15 18:42 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-31 03:01 - 2012-07-06 03:01 - 00026862 ____A C:\Windows\IE9_main.log
2012-07-28 04:43 - 2012-04-07 18:25 - 00000484 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2012-07-27 17:40 - 2010-12-11 16:03 - 00060948 ____A C:\Users\All Users\lxecscan.log
2012-07-27 17:40 - 2010-12-11 16:03 - 00060948 ____A C:\Users\All Users\Application Data\lxecscan.log
2012-07-27 17:39 - 2010-02-09 18:31 - 00000052 ____A C:\Windows\System32\ashttpstats.csv
2012-07-27 15:32 - 2010-02-09 18:48 - 00000376 ____A C:\Users\Jeff Menard\AppData\Roamingprivacy.xml
2012-07-27 15:31 - 2012-07-27 07:21 - 00001098 ____A C:\Windows\PFRO.log
2012-07-24 07:26 - 2012-07-24 07:26 - 00000063 ____A C:\Users\Jeff Menard\Downloads\93097574f02a3e0.js
2012-07-19 15:54 - 2012-07-19 15:54 - 00000840 ____A C:\Users\Jeff Menard\Desktop\SecurityAgent.lnk
2012-07-10 16:19 - 2006-11-02 03:33 - 00716862 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-10 16:17 - 2012-07-10 16:17 - 00000714 ____A C:\Windows\setupact.log
2012-07-10 16:17 - 2012-07-10 16:17 - 00000000 ____A C:\Windows\setuperr.log
2012-07-10 15:18 - 2012-07-10 15:18 - 00007741 ____A C:\Users\Jeff Menard\Desktop\summitschoolaz_org.htm
2012-07-06 10:32 - 2012-02-05 12:11 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-05 15:51 - 2011-08-22 19:35 - 00000808 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-05 15:46 - 2006-11-02 03:22 - 59768832 ____A C:\Windows\System32\config\software_previous
2012-07-05 15:46 - 2006-11-02 03:22 - 37224448 ____A C:\Windows\System32\config\components_previous
2012-07-05 15:46 - 2006-11-02 03:22 - 36700160 ____A C:\Windows\System32\config\system_previous
2012-07-05 15:46 - 2006-11-02 03:22 - 01572864 ____A C:\Windows\System32\config\default_previous
2012-07-05 15:46 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-07-05 15:46 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-06-27 14:24 - 2012-06-27 14:24 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-06-27 14:24 - 2012-06-27 14:24 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-06-27 14:24 - 2012-06-27 14:24 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-06-27 14:24 - 2012-06-27 14:24 - 00000847 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-27 14:24 - 2009-12-18 13:58 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-06-27 14:24 - 2003-03-18 19:14 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-06-27 14:24 - 2003-02-21 03:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-06-27 13:14 - 2011-12-02 17:26 - 00001356 ____A C:\Users\Jeff Menard\AppData\Local\d3d9caps.dat
2012-06-20 18:36 - 2012-06-20 18:36 - 00612352 ____A C:\Users\Jeff Menard\Documents\business card(1).pub
2012-05-30 09:07 - 2012-05-30 09:07 - 00739840 ____A (Google Inc.) C:\Users\Jeff Menard\Downloads\ChromeSetup.exe
2012-05-24 17:09 - 2012-05-24 17:08 - 00203534 ____A C:\Users\Jeff Menard\Documents\regbackup.reg
2012-05-14 23:55 - 2012-05-14 18:05 - 00075776 ____A C:\Users\Jeff Menard\Desktop\5-15-12 bid list.xls
2012-05-13 20:31 - 2012-05-13 20:34 - 19396334 ____A C:\Users\Jeff Menard\Desktop\all Contract.zip
2012-05-11 03:05 - 2006-11-02 03:23 - 00000219 ____A C:\Windows\win.ini
2012-05-10 22:03 - 2006-11-02 05:47 - 00468720 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-07 12:10 - 2012-05-06 20:55 - 00162816 ____A C:\Users\Jeff Menard\Desktop\5-7-12 master.xls
2012-05-07 12:10 - 2012-05-06 19:49 - 00074752 ____A C:\Users\Jeff Menard\Desktop\5-7-12 bid list.xls


ZeroAccess:
C:\Windows\Installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}
C:\Windows\Installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\L

ZeroAccess:
C:\Users\Jeff Menard\AppData\Local\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}
C:\Users\Jeff Menard\AppData\Local\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\@
C:\Users\Jeff Menard\AppData\Local\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\L
C:\Users\Jeff Menard\AppData\Local\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 1790.77 MB
Available physical RAM: 1424.81 MB
Total Pagefile: 3828.04 MB
Available Pagefile: 3620.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.29 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:228.13 GB) (Free:134.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:227.87 GB) (Free:227.74 GB) NTFS
4 Drive f: (STORE N GO) (Removable) (Total:3.73 GB) (Free:2.72 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 3822 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 32 KB
Partition 2 Primary 228 GB 10 GB
Partition 3 Primary 228 GB 238 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C ACER NTFS Partition 228 GB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 228 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 4032 KB

==================================================================================

Disk: 5
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 F STORE N GO FAT32 Removable 3818 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-30 06:01

======================= End Of Log ==========================


Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by Jeff Menard at 2012-07-31 11:18:12
Running from F:\

================== Search: ".services.exe" ===================

=== End Of Search ===

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 01 August 2012 - 06:38 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}
C:\Users\Jeff Menard\AppData\Local\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 03 August 2012 - 11:07 AM

Did you want me to paste the code box into something? I went back to system recovery option and opened command prompt but was not sure what to do from there or how to run FRST64.

Thanks,

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 03 August 2012 - 12:44 PM

Greetings


1. Open notepad.
first I want you to open notepad
2. Please copy the contents of the code box below
To do this highlight the contents of the box and right click on it - select copy
C:\Windows\Installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}
C:\Users\Jeff Menard\AppData\Local\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}

3. Paste this into the open notepad.
notepad we opened in step 1. - right click in the the opened notepad and select paste
4. Save it on the flash drive as fixlist.txt
How did you run frst the first time?
go ahead and save the fixlist.txt right next to where you saved FRST when you ran it before EX.. if you ran it from the desktop the put the fixlist right next to it on the desktop[/list]
5. run FRST the way you ran it the first time you got the report and this time press fix


send me the report it makes please



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users