Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Click.gethotresults.com


  • This topic is locked This topic is locked
20 replies to this topic

#1 System of a Clown

System of a Clown

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 21 September 2012 - 10:04 PM

Hello. I am sorry to repeat a topic previously posted, but I recently got hit with some sort of Google redirect virus or malware, which constantly redirects links in Google. It also has a tendency to "grey out" active windows intermittently (as though I've alt tabbed to a different app, but without actually switching; it just makes the current window inactive). I am running Windows Professional 7 64 Bit Version 6.1.7601 Service Pack 1 Build 7601. In all respects it seems to be identical to the problem detailed in http://www.bleepingcomputer.com/forums/topic467518.html and in http://www.techspot.com/community/topics/google-redirect-gethotresults-virus.184873/ - and unfortunately, those both are hopelessly confusing to me, because they apparently require a level of expertise in which I am lacking. I'd like some personalized help, please!

I'm not sure if this is revelant, but in addition to all this, one of my drives decided to format itself, completely at random and without warning. I ran a program called GetBackData for NTFS, and it looks like I'll be recover things (for a fairly hefty price) but I don't even want to bother until I get get my machine cleaned up. AVG reports a recently quarantined trojan called IDP.Trojan.DA45211B, and all search results I have found very obviously point to some junkware virus scanning package that's supposed to be just perfect for getting rid of the problem, and they are all written in extremely poor English, so naturally that set off some red flags for me immediately. In fact, I cannot find ANY apparently legitimate results for "IDP.Trojan.DA45211B" at all in any database of known virus that I could think to search, so I am very suspicious of the whole thing.

Anyway, any advice would be very helpful! Having read the previously mentioned thread, I will "Watch Topic" and turn on "Immediate Notification" as suggested, and I will not run or post anything further until instructed to do so. Thanks in advance!

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:33 AM

Posted 22 September 2012 - 08:50 AM

Hello System of a Clown ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



Please follow the instructions below:


  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the Posted Image textbox.
  • Don't copy the word "quoted"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\temp\*.exe
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %Public%\Documents\Softwrap\YOYOGAMESGM70FINAL\*.exe
    %Public%\Documents\Fonts\*.exe
    %Public%\Documents\Config\*.exe
    %Public%\Documents\*.*
    %ProgramData%\*.*
    %ProgramData%\*.
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\ComObjects*.exe
    %PROGRAMFILES%\*.*
    %PROGRAMFILES%\*.
    %ProgramFiles(x86)%\*.*
    %ProgramFiles(x86)%\*.
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %windir%\temp\*.exe
    %windir%\*.
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    dfsc.sys
    hlp.dat
    str.sys
    crexv.ocx
    /md5stop

  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened


Regards,
Georgi

cXfZ4wS.png


#3 System of a Clown

System of a Clown
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 22 September 2012 - 01:37 PM

HI, Georgi, thanks for taking the time to help me out!

Running scan now, will report results whenever they complete. I've pretty much set my weekend plans aside in order to work on this.

I thought I'd mention that last night, right before I turned in, I ran a full scan with Malware Byte and it reported that svchost.exe was a virus/malware. This morning (well, afternoon, I didn't sleep very well last night), upon waking up my machine, it ended up going to B.S.O.D., and then booting in safemode. I managed to restore to about a week ago and get back on my computer, and sure enough, right now svchost.exe *32 is eating between 600,000K and 900,000 K, which seems ridiculously high, and as I recall, is usually indicative of some sort of malware.

Edited by System of a Clown, 22 September 2012 - 01:38 PM.


#4 System of a Clown

System of a Clown
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 22 September 2012 - 01:47 PM

Okay, here's the logfile: http://pastebin.com/zLNkvwxk


EDIT - Weirdly enough, that partition that had disappeared last night has just "restored itself". Possible due to the restore point?

Edited by System of a Clown, 22 September 2012 - 02:12 PM.


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:33 AM

Posted 23 September 2012 - 06:16 AM

Hi,



IMPORTANT NOTE: One or more of the identified infections is related to the rootkit TDL4. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:



STEP 1



Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



STEP 2



We need to run an OTL Fix



  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :OTL
    FF - prefs.js..extensions.enabledAddons: ifanykhnaj@ifanykhnaj.org:2.5
    [1832/11/29 00:15:48 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qi3iwgps.default\extensions\ifanykhnaj@ifanykhnaj.org.xpi
    O4 - HKLM..\Run: [] File not found
    :reg
    [HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
    ""="%systemroot%\system32\wbem\wbemess.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
    ""="%systemroot%\system32\wbem\wbemess.dll"
    :commands
    [emptytemp]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.


Regards,
Georgi

Edited by B-boy/StyLe/, 23 September 2012 - 06:17 AM.

cXfZ4wS.png


#6 System of a Clown

System of a Clown
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 23 September 2012 - 11:41 AM

In the time it took me to read your reply, Avast (which I installed last night) blocked at least 8 malicious URL's. I'm going to go ahead and reformat and reinstall my OS. However, I am concerned that my secondary drives and partitions still may hold on to the problem. If it's okay with you, I'd like to check back with you after I've completed reformatting.

#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:33 AM

Posted 23 September 2012 - 12:51 PM

Hi,


No problems, I completely understand why you would rather play safe.
The reformat is the best solution if you have nothing to lose.
Ok, report back when you are done so we can recheck the system. :)



Regards,
Georgi

cXfZ4wS.png


#8 System of a Clown

System of a Clown
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 23 September 2012 - 02:52 PM

To be honest, I lost a LOT. I had to sacrifice my entire directory of music, and video. But I'd rather lose these things than have my identity stolen. I am done with my reinstall and and now in the process of doing the many steps necessary to get my machine back up to speed (i.e. reinstalling stuff, applying Windows updates and rebooting ad nauseum), etc. I'm also systematically changing every password I can think of.

Do you want me to wait until I'm done with all this before I download and re-run OTL?

#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:33 AM

Posted 23 September 2012 - 06:03 PM

Hi,



We do have tools which can remove the visible infection, but as I mentioned above there will be no guarantee that the system will be 100% clean afterwards.
To avoid problems like this in the future I would recommend you to perform disk imaging on your partitions. This would help you against the most of the malware around.

  • It is always a good idea to do a backup of all important files just in case something happens it.
  • Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
  • The download link is here.
  • The tutorials can be found here.
  • Be sure to read the tutorial first.

Also you can try COMODO Firewall or a similar HIPS software to prevent malware from loading or gaining access to the MBR.

Posted Image


Do you want me to wait until I'm done with all this before I download and re-run OTL?


Yes please. However please don't run any fixes with OTL - only a scan as described above. Also I need you to run TDSSKiller with the instructions as before as well.



Regards,
Georgi

cXfZ4wS.png


#10 System of a Clown

System of a Clown
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 23 September 2012 - 06:24 PM

Georgi,

As soon as I am able to afford it, I am going to buy an external hard drive and run regular system image backups. I don't want this to happen again.

I will check out Macrium Reflect, and once I've read the tutorials, I'll probably make use of it. In the meantime, I have an internal drive that I can use for backups; it'll do for now, I suppose.

Where can I get COMODO Firewall? I want to make sure I download it from s safe source! :)

I think all my updates are done, so I'm running a scan with OTL as described in your first post, and will post results as soon as I get them.

#11 System of a Clown

System of a Clown
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 23 September 2012 - 06:52 PM

Here are the results...

OTL.txt: http://pastebin.com/RWxBfRsj
EXTRAS.txt: http://pastebin.com/cU5WW2DK

EDIT: Forgive me, it seems I had more updates to install. Feel free to look at those logs, but in the interests of completeness, I'll do another scan after I'm reasonably sure the updates are done. That's the most annoying thing about reinstalling Windows 7: there always seem to be MORE updates, haha.

I'll probably have something new to report tomorrow, after work. Obviously I can't do much with this PC (it's my home PC) from work.

Edited by System of a Clown, 23 September 2012 - 07:45 PM.


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:33 AM

Posted 24 September 2012 - 06:47 AM

As soon as I am able to afford it, I am going to buy an external hard drive and run regular system image backups. I don't want this to happen again.

I will check out Macrium Reflect, and once I've read the tutorials, I'll probably make use of it. In the meantime, I have an internal drive that I can use for backups; it'll do for now, I suppose.





Hi,

It's not necessary needed to have an external hard drive to do a backup of your system drive. I keep my image file on the D:\ Drive. Also I created a macrium rescue DVD to be able to access and restore my image before Windows starts. I keep the rest of my important documents to a usb flash drive. There are a lot of cloud services available (like Microsoft SkyDrive or Google Drive) that you can use to keep less sensitive data.
Let me see if the computer is already clean and then proceed with the image.
Also if you use your browser to store passwords, links to your favorite websites etc maybe it is a good idea to use a software like MozBackup (for Mozilla Firefox) or Google Chrome Backup(for Google Chrome)



Where can I get COMODO Firewall? I want to make sure I download it from s safe source! :)





Comodo can be downloaded from here:
Comodo Firewall 5.10.228257.2253 x86
Comodo Firewall 5.10.228257.2253 x64

It's a great tool to add another layer of protection. It takes some knowledge to configure it for individual purposes but once done, you should not have a problem with it.
There are so many reviews on YouTube about this product that will show you how to tune it.



I think all my updates are done, so I'm running a scan with OTL as described in your first post, and will post results as soon as I get them.
EDIT: Forgive me, it seems I had more updates to install. Feel free to look at those logs, but in the interests of completeness, I'll do another scan after I'm reasonably sure the updates are done. That's the most annoying thing about reinstalling Windows 7: there always seem to be MORE updates, haha.
I'll probably have something new to report tomorrow, after work. Obviously I can't do much with this PC (it's my home PC) from work.



Don't worry. Take your time. Also don't forget to scan the computer with TDSSKiller. This utility is very important because your pc was infected with MBR rootkit.



Regards,
Georgi

cXfZ4wS.png


#13 System of a Clown

System of a Clown
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 24 September 2012 - 04:05 PM

Okay, here are the logs:

OTL: http://pastebin.com/U2Q5Up74

Two logs were generated by TDSSKiller, as follows:

Log 1: http://pastebin.com/41pjkdCF
Log 2: http://pastebin.com/FnDW8UiR

#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:33 AM

Posted 26 September 2012 - 02:50 PM

Hi,


I am sorry for the delay.
The logs looks ok to me.
Just to be sure:


Let's check for leftovers.
The most of them should take no more than 5 minutes each.
Eset could take up to an hour or two depending on the size of your hard drive and the speed of your computer.
You can run these scans at night when you are not there and the computer is idle.



STEP 1


  • Please download RogueKiller and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.



STEP 2


  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.



STEP 3


I'd like us to scan your machine with ESET OnlineScan


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


STEP 4



Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


STEP 5



  • Also please download ListParts to your Desktop.
  • Double click ListParts64.exe to launch the program.
  • Put check mark on List BCD.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.


STEP 6



Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Regards,
Georgi

cXfZ4wS.png


#15 System of a Clown

System of a Clown
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 30 September 2012 - 11:44 AM

Okay, all the logs are ready to share. Sorry it I didn't get this done sooner, I was very pressed for time this week. Also, please note that COMODO firewill was VERY, VERY interested in all the apps that you had me run, and asked for my input about four dozen times for each. I allowed them, so hopefully it didn't interfere with their scans.

Step 1 - RogueKiller

LOG: http://pastebin.com/xBBbCRsU

Step 2 - Malwarebytes

LOG: http://pastebin.com/NYxJpvM4

I actually already had this installed, so I just downloaded the latest definitions and scanned as asked.

Step 3 - ESET

LOG: http://pastebin.com/qsnWun7u

This took about 8 and a half hours! It also ended up finding about 9 items that no other scan has found! How is that possible?

Step 4 - Farbar

LOG: http://pastebin.com/PFfqzHYk

Step 5 - ListParts

LOG: http://pastebin.com/CT2bmeed

Step 6 - Security Check

LOG: http://pastebin.com/zmK7MRt4




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users