Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Antivirus Security Pro victim ...


  • Please log in to reply
15 replies to this topic

#1 jbwashbourne

jbwashbourne

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 04 November 2013 - 04:11 PM

Hello wonderful person who will help save my sanity!  I have a Windows 7 computer that has contracted the Antivirus Security Pro virus.  I've tried to reboot in safe mode with networking, but I am stuck in some sort of loop.  I can select safe mode with networking, but then it reboots and I am getting absolutely nowhere.  I have no idea what to do next.  I have downloaded FRST64.exe and have the .txt file, however I have no idea if that is what I need to do or not.  And how to create a fixlogtxt is beyond my abilities.  Any help is appreciated.

 

Thanks,

Jaime



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:27 PM

Posted 04 November 2013 - 05:42 PM

:welcome: to BC Forums, jbwashbourne!

 

Please try the following:

 

You may want to print these instructions so you can have access to them. Also, you may want to read them once before you apply them.

 

Please plug in a USB pen drive into a working computer.

 

Go to the the Farbar Recovery Scan Tool Download:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Select the download that applies to your system.

Save the program to the >> USB pen drive.

Remove USB pen drive when done.

 

Now, go to the problem computer.

Plug in the USB pen drive which has FRST.


 

Start the computer and tap the F8 key until you get to the Advanced Boot Options

Use the arrow keys to select the Repair your computer menu item

 

From there...

Select your language settings, and click: Next

Select your User account and click: OK (If you did not set a password, leave blank.)

 

On the System Recovery Options you get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Scan your computer's memory for errors

Command Prompt

 

Select: Command Prompt

 

In the Command Prompt window, at the blinking cursor type notepad and press: Enter

In Notepad, under the File menu select: Open

Double-click the Computer icon on the left.

Find the pen drive letter, remember what letter it is, click on it, and press: Open

Close out of Notepad.

 

Click the Command Prompt window

Type x:\frst.exe, or x:\frst64.exe (depending on your system 32-bit or 64-bit), and press: Enter

Note: Replace the drive letter x with the drive letter of your pen drive!

 

FRST starts, and prepares to run. Follow the prompts.

Click Yes to the Disclaimer.

 

Press the Scan button.

 

The scan runs, and, the program saves the FRST.txt, on the pen drive.

 

When done, click the Command Prompt window, type exit, and press: Enter

 

Back at the System Recovery Options, press: Shutdown

Remove the USB pen drive.

 

Plug the USB pen drive in the working computer, and please provide the FRST.txt in your reply.

 

 

 


Old duck...


#3 jbwashbourne

jbwashbourne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 05 November 2013 - 12:42 PM

Thank you for your immediate reply!  I am very thankful that you folks are out there providing this service.  Here is the FST.txt info:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by SYSTEM on MININT-NQE2JFQ on 04-11-2013 12:46:56
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AS2014] - C:\ProgramData\WpD73333\WpD73333.exe [594736 2013-11-02] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\WpD73333\WpD73333.exe -sm,
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AgentMonitor] - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\Washbourne Family\...\Run: [Facebook Update] - C:\Users\Washbourne Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-05] (Facebook Inc.)
HKU\Washbourne Family\...\Run: [AS2014] - C:\ProgramData\WpD73333\WpD73333.exe [594736 2013-11-02] ()
Startup: C:\Users\Washbourne Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-10-13] (Advanced Micro Devices, Inc.)
S2 MCLIENT; C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
S1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-08-20] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-09] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20131101.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131102.007\ENG64.SYS [126040 2013-10-07] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131102.007\EX64.SYS [2099288 2013-10-07] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-11] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-04 12:46 - 2013-11-04 12:46 - 00000000 ____D C:\FRST
2013-11-04 11:12 - 2013-11-04 11:32 - 00000000 ___HD C:\mnt
2013-11-04 11:12 - 2013-11-04 11:12 - 00000000 ___HD C:\ProgramData\Backup
2013-11-02 13:48 - 2013-11-04 11:40 - 00001668 _____ C:\Users\Washbourne Family\Desktop\Antivirus Security Pro.lnk
2013-11-02 13:48 - 2013-11-04 11:40 - 00000118 _____ C:\Users\Washbourne Family\Desktop\Antivirus Security Pro support.url
2013-11-02 13:14 - 2013-11-02 13:14 - 00000616 _____ C:\Users\Washbourne Family\Desktop\iExplore - Shortcut.lnk
2013-11-02 13:13 - 2013-11-02 13:13 - 00000630 _____ C:\Users\Washbourne Family\Desktop\mbam-setup - Shortcut.lnk
2013-11-02 13:07 - 2013-11-02 13:51 - 00002690 _____ C:\Users\Washbourne Family\Desktop\Rkill.txt
2013-11-02 13:07 - 2013-11-02 13:07 - 00000000 ____D C:\Users\Washbourne Family\Desktop\rkill
2013-11-02 12:29 - 2013-11-02 12:52 - 00000000 ____D C:\Users\Washbourne Family\AppData\Local\NPE
2013-11-02 12:27 - 2013-11-02 12:27 - 00000000 _____ C:\Users\Washbourne Family\AppData\Roaming\SharedSettings.ccs
2013-11-02 12:26 - 2013-11-02 12:28 - 00000000 ____D C:\ProgramData\WpD73333
2013-10-25 11:55 - 2013-10-25 12:08 - 00012499 _____ C:\Users\Washbourne Family\Documents\Proposed Budget.xlsx
2013-10-16 16:56 - 2013-10-16 16:56 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-10-12 15:13 - 2013-10-12 15:13 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-10-12 15:13 - 2013-10-12 15:13 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-10-12 15:04 - 2013-10-13 15:50 - 00000000 ____D C:\Program Files\office.tmp
2013-10-12 12:16 - 2013-10-14 08:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-10-12 12:15 - 2013-10-12 12:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2013-10-12 12:13 - 2013-10-12 12:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-10-11 21:22 - 2013-10-11 21:22 - 00000000 ___RD C:\Users\Washbourne Family\SkyDrive
2013-10-11 21:22 - 2013-10-11 21:22 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-11 21:22 - 2013-10-11 21:22 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-10-11 21:14 - 2013-10-11 21:14 - 00572088 _____ (Microsoft Corporation) C:\Users\Washbourne Family\Downloads\Setup.X86.en-US_O365HomePremRetail_cfbbd6e7-a54d-4595-9185-b09c0500354c_TX_PR_.exe
2013-10-09 01:21 - 2013-11-04 11:40 - 00001578 _____ C:\Windows\setupact.log
2013-10-09 01:21 - 2013-11-02 13:37 - 00011856 _____ C:\Windows\PFRO.log
2013-10-09 01:21 - 2013-10-09 01:21 - 00000000 _____ C:\Windows\setuperr.log
2013-10-09 01:13 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 01:13 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 01:13 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 01:13 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 01:13 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 01:13 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 01:13 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 01:13 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 01:13 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 01:13 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 01:13 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 01:13 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 01:13 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 01:13 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-09 01:13 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-09 01:13 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-09 01:13 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-09 01:13 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-09 01:13 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-09 01:13 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-09 01:13 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-09 01:13 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-09 01:13 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-09 01:13 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-09 01:13 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-09 01:13 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-09 01:13 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-09 01:13 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-09 01:13 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 01:13 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-09 01:13 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-08 14:15 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-08 14:15 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-08 14:15 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-08 14:15 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-08 14:15 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-08 14:15 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-08 14:15 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-08 14:15 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-08 14:15 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-08 14:15 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-08 14:15 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-08 14:15 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-08 14:15 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-08 14:15 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-08 14:15 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-08 14:15 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-08 14:15 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-08 14:15 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-08 14:15 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-08 14:15 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-08 14:15 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 14:14 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-08 14:14 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-08 14:14 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-08 14:14 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-08 14:14 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-08 14:14 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-08 14:14 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-08 14:14 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-08 14:14 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-08 14:14 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-08 14:14 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-08 14:14 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-08 14:14 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-08 14:14 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-08 14:14 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-08 14:14 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-08 14:14 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-08 14:14 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-08 14:14 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-08 14:14 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-08 14:14 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-08 14:14 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-08 14:14 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-08 14:14 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-08 14:14 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-08 14:14 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-08 14:14 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-08 14:14 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-08 14:14 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-08 14:14 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 14:14 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-07 09:59 - 2013-10-16 16:56 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-06 11:45 - 2013-10-06 11:45 - 00000000 ____D C:\Windows\System32\Tasks\Norton One
2013-10-06 11:43 - 2013-10-06 11:43 - 00000000 ____D C:\Windows\System32\Drivers\MCLIENTx64
2013-10-06 11:43 - 2013-10-06 11:43 - 00000000 ____D C:\Program Files (x86)\Norton One
2013-10-06 11:12 - 2013-10-06 11:43 - 00001284 _____ C:\Users\Washbourne Family\Desktop\Norton Installation Files.lnk

==================== One Month Modified Files and Folders =======

2013-11-04 12:46 - 2013-11-04 12:46 - 00000000 ____D C:\FRST
2013-11-04 11:42 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-04 11:42 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-04 11:41 - 2013-04-21 13:49 - 00000432 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-11-04 11:41 - 2011-08-12 17:48 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-04 11:41 - 2011-05-31 14:43 - 00000000 ____D C:\ProgramData\PDFC
2013-11-04 11:40 - 2013-11-02 13:48 - 00001668 _____ C:\Users\Washbourne Family\Desktop\Antivirus Security Pro.lnk
2013-11-04 11:40 - 2013-11-02 13:48 - 00000118 _____ C:\Users\Washbourne Family\Desktop\Antivirus Security Pro support.url
2013-11-04 11:40 - 2013-10-09 01:21 - 00001578 _____ C:\Windows\setupact.log
2013-11-04 11:40 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-04 11:34 - 2011-09-10 12:06 - 00000000 ____D C:\ProgramData\Recovery
2013-11-04 11:32 - 2013-11-04 11:12 - 00000000 ___HD C:\mnt
2013-11-04 11:12 - 2013-11-04 11:12 - 00000000 ___HD C:\ProgramData\Backup
2013-11-02 13:51 - 2013-11-02 13:07 - 00002690 _____ C:\Users\Washbourne Family\Desktop\Rkill.txt
2013-11-02 13:37 - 2013-10-09 01:21 - 00011856 _____ C:\Windows\PFRO.log
2013-11-02 13:25 - 2009-07-13 21:13 - 00779724 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-02 13:22 - 2013-04-05 19:17 - 00000976 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2195961263-464121770-3478560088-1000UA.job
2013-11-02 13:14 - 2013-11-02 13:14 - 00000616 _____ C:\Users\Washbourne Family\Desktop\iExplore - Shortcut.lnk
2013-11-02 13:13 - 2013-11-02 13:13 - 00000630 _____ C:\Users\Washbourne Family\Desktop\mbam-setup - Shortcut.lnk
2013-11-02 13:07 - 2013-11-02 13:07 - 00000000 ____D C:\Users\Washbourne Family\Desktop\rkill
2013-11-02 12:52 - 2013-11-02 12:29 - 00000000 ____D C:\Users\Washbourne Family\AppData\Local\NPE
2013-11-02 12:47 - 2012-05-21 10:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-02 12:42 - 2011-05-31 14:49 - 00000000 ____D C:\ProgramData\Norton
2013-11-02 12:39 - 2011-08-12 17:48 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-02 12:39 - 2009-07-13 20:45 - 00465424 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-02 12:36 - 2011-08-12 16:24 - 01212378 _____ C:\Windows\WindowsUpdate.log
2013-11-02 12:28 - 2013-11-02 12:26 - 00000000 ____D C:\ProgramData\WpD73333
2013-11-02 12:27 - 2013-11-02 12:27 - 00000000 _____ C:\Users\Washbourne Family\AppData\Roaming\SharedSettings.ccs
2013-11-02 12:27 - 2012-01-12 10:53 - 00000000 ____D C:\Users\Washbourne Family\AppData\Local\CrashDumps
2013-11-02 11:47 - 2013-01-02 12:20 - 00000000 ____D C:\Users\Washbourne Family\AppData\Local\CouponAlert_2p
2013-11-02 11:46 - 2013-07-21 08:14 - 00000380 _____ C:\Windows\Tasks\HPCeeScheduleForWashbourne Family.job
2013-11-01 20:43 - 2013-04-05 19:17 - 00000954 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2195961263-464121770-3478560088-1000Core.job
2013-10-30 21:07 - 2011-08-12 16:29 - 00118056 _____ C:\Users\Washbourne Family\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-25 12:08 - 2013-10-25 11:55 - 00012499 _____ C:\Users\Washbourne Family\Documents\Proposed Budget.xlsx
2013-10-25 11:04 - 2012-01-20 18:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-19 20:41 - 2011-10-29 13:29 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-19 20:41 - 2011-08-27 12:25 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-19 20:40 - 2011-08-14 01:01 - 00000000 ____D C:\Users\Washbourne Family\AppData\Roaming\HP Support Assistant
2013-10-19 20:40 - 2011-08-14 01:00 - 00000000 ____D C:\Users\Washbourne Family\AppData\Roaming\HpUpdate
2013-10-18 08:45 - 2013-07-21 08:14 - 00003258 _____ C:\Windows\System32\Tasks\HPCeeScheduleForWashbourne Family
2013-10-16 16:56 - 2013-10-16 16:56 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-10-16 16:56 - 2013-10-07 09:59 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-16 16:56 - 2013-09-11 10:26 - 00002321 _____ C:\Users\Public\Desktop\Norton 360.lnk
2013-10-16 16:56 - 2011-10-24 13:11 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-10-15 01:02 - 2009-07-13 18:34 - 00000513 _____ C:\Windows\win.ini
2013-10-14 23:34 - 2011-08-12 17:48 - 00003916 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-14 23:34 - 2011-08-12 17:48 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-14 08:26 - 2013-10-12 12:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-10-13 15:50 - 2013-10-12 15:04 - 00000000 ____D C:\Program Files\office.tmp
2013-10-12 15:13 - 2013-10-12 15:13 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-10-12 15:13 - 2013-10-12 15:13 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-10-12 15:07 - 2011-08-19 19:06 - 00000000 ____D C:\Users\Washbourne Family\AppData\Roaming\SoftGrid Client
2013-10-12 15:05 - 2011-05-31 14:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-10-12 12:16 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-10-12 12:15 - 2013-10-12 12:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2013-10-12 12:15 - 2010-11-20 23:16 - 00000000 ____D C:\Windows\ShellNew
2013-10-12 12:14 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-12 12:13 - 2013-10-12 12:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-10-12 12:13 - 2011-08-19 19:06 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-11 21:22 - 2013-10-11 21:22 - 00000000 ___RD C:\Users\Washbourne Family\SkyDrive
2013-10-11 21:22 - 2013-10-11 21:22 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-11 21:22 - 2013-10-11 21:22 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-10-11 21:22 - 2011-08-12 16:24 - 00000000 ____D C:\users\Washbourne Family
2013-10-11 21:14 - 2013-10-11 21:14 - 00572088 _____ (Microsoft Corporation) C:\Users\Washbourne Family\Downloads\Setup.X86.en-US_O365HomePremRetail_cfbbd6e7-a54d-4595-9185-b09c0500354c_TX_PR_.exe
2013-10-11 19:11 - 2012-12-04 16:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-11 14:26 - 2012-11-16 18:31 - 00000000 ____D C:\Users\Washbourne Family\Documents\My Scans
2013-10-09 02:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-10-09 01:21 - 2013-10-09 01:21 - 00000000 _____ C:\Windows\setuperr.log
2013-10-09 01:21 - 2013-03-13 01:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 01:21 - 2013-03-13 01:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 01:10 - 2011-02-11 09:15 - 00773448 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 01:07 - 2013-08-19 01:01 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 01:05 - 2012-01-05 13:00 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-08 12:47 - 2012-05-21 10:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 12:47 - 2012-05-21 10:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 12:47 - 2011-08-12 19:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-07 19:56 - 2011-11-05 18:59 - 00000000 ____D C:\Users\Washbourne Family\Documents\ISO Movie Files
2013-10-07 19:49 - 2011-08-12 17:45 - 00000000 ____D C:\ProgramData\DVD Shrink
2013-10-07 19:49 - 2011-08-12 16:31 - 00000000 ____D C:\Users\Washbourne Family\AppData\Local\VirtualStore
2013-10-07 16:59 - 2013-08-07 13:07 - 00000000 ____D C:\Windows\Minidump
2013-10-07 14:14 - 2012-12-03 08:23 - 00000334 _____ C:\Windows\Tasks\HPCeeScheduleForFERB$.job
2013-10-07 14:14 - 2011-11-20 14:01 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFERB$
2013-10-06 11:45 - 2013-10-06 11:45 - 00000000 ____D C:\Windows\System32\Tasks\Norton One
2013-10-06 11:44 - 2011-10-24 10:49 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-06 11:43 - 2013-10-06 11:43 - 00000000 ____D C:\Windows\System32\Drivers\MCLIENTx64
2013-10-06 11:43 - 2013-10-06 11:43 - 00000000 ____D C:\Program Files (x86)\Norton One
2013-10-06 11:43 - 2013-10-06 11:12 - 00001284 _____ C:\Users\Washbourne Family\Desktop\Norton Installation Files.lnk

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

8
Restore point made on: 2013-10-09 01:00:36
Restore point made on: 2013-10-12 12:11:27
Restore point made on: 2013-10-12 15:13:17
Restore point made on: 2013-10-14 08:21:59
Restore point made on: 2013-10-15 01:00:44
Restore point made on: 2013-10-22 08:22:47
Restore point made on: 2013-10-30 01:38:04
Restore point made on: 2013-11-02 12:34:44

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 7935.29 MB
Available physical RAM: 6919.77 MB
Total Pagefile: 7933.48 MB
Available Pagefile: 6886.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.27 GB) (Free:563.59 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:3.74 GB) (Free:3.65 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: C22C49E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-10-30 22:10

==================== End Of Log ============================



#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:27 PM

Posted 05 November 2013 - 08:34 PM

Please do the following:

Open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code');
Save it on the flash drive that has FRST and name it: fixlist.txt

 
start
HKLM\...\Run: [AS2014] - C:\ProgramData\WpD73333\WpD73333.exe [594736 2013-11-02] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\WpD73333\WpD73333.exe -sm,
HKLM-x32\...\Run: [] - [x]
HKU\Washbourne Family\...\Run: [AS2014] - C:\ProgramData\WpD73333\WpD73333.exe [594736 2013-11-02] ()
2013-11-02 13:48 - 2013-11-04 11:40 - 00001668 _____ C:\Users\Washbourne Family\Desktop\Antivirus Security Pro.lnk
2013-11-02 13:48 - 2013-11-04 11:40 - 00000118 _____ C:\Users\Washbourne Family\Desktop\Antivirus Security Pro support.url
2013-11-02 12:26 - 2013-11-02 12:28 - 00000000 ____D C:\ProgramData\WpD73333
end
NOTICE: This script is written specifically for this computer!!
Running this on another computer may cause damage to the Operating System.


Now, please enter System Recovery Options and select the Command Prompt as done before.

Run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the pendrive called: Fixlog.txt

Please post the Fixlog.txt in your reply.

Edited by Aaflac, 05 November 2013 - 08:34 PM.

Old duck...


#5 jbwashbourne

jbwashbourne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 06 November 2013 - 05:12 PM

THANK YOU!!!!  I was able to get on the internet after running the fix.  You are amazing.  Here you go:

 

Content of fixlist:
*****************
start
HKLM\...\Run: [AS2014] - C:\ProgramData\WpD73333\WpD73333.exe [594736 2013-11-02] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\WpD73333\WpD73333.exe -sm,
HKLM-x32\...\Run: [] - [x]
HKU\Washbourne Family\...\Run: [AS2014] - C:\ProgramData\WpD73333\WpD73333.exe [594736 2013-11-02] ()
2013-11-02 13:48 - 2013-11-04 11:40 - 00001668 _____ C:\Users\Washbourne Family\Desktop\Antivirus Security Pro.lnk
2013-11-02 13:48 - 2013-11-04 11:40 - 00000118 _____ C:\Users\Washbourne Family\Desktop\Antivirus Security Pro support.url
2013-11-02 12:26 - 2013-11-02 12:28 - 00000000 ____D C:\ProgramData\WpD73333
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\Washbourne Family\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
C:\Users\Washbourne Family\Desktop\Antivirus Security Pro.lnk => Moved successfully.
C:\Users\Washbourne Family\Desktop\Antivirus Security Pro support.url => Moved successfully.
C:\ProgramData\WpD73333 => Moved successfully.

==== End of Fixlog ====



#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:27 PM

Posted 07 November 2013 - 10:42 PM

:thumbup2:

 

Let's press on with some cleaning...

 

:step1:  Please download the Temporary File Cleaner (TFC)

http://oldtimer.geekstogo.com/TFC.exe

Save to your Desktop.

Save any work in progress!! TFC closes open applications and removes unsaved work!! Close all windows.

Right-click TFC.exe and select: Run as Administrator

If prompted, click Yes to reboot.

 

 

:step2: Next, download AdwCleaner to the Desktop.

http://www.bleepingcomputer.com/download/adwcleaner/

•Close all open programs and internet browsers.

•Double-click on AdwCleaner.exe to run the tool.

•Click the Scan button and wait for the process to complete.

 

If you find entries or programs you wish to keep, please uncheck them.

Click on the Clean button to remove the rest, and follow the prompts.

 

A report automatically opens after the scan is finished.

 

>> Please post the content of C:\AdwCleaner[Sn].txt your reply.

 

 

:step3: Next, please run Malwarebytes Anti-Malware:
Download: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Save to the Desktop

Double-click the downloaded MBAM file to run it.

 

When the installation begins, follow the prompts in the setup process.

Do not make any changes to default settings and when the program has finished installing, make sure only the following options are checked:

>Update Malwarebytes’ Anti-Malware

>Launch Malwarebytes’ Anti-Malware

Uncheck:

>Enable free trial of Malwarebytes Anti-Malware PRO

Click on the Finish button.

 

If an update is found, the program automatically updates itself.

At the program console, on the Scanner tab, and select: Perform Quick Scan

 

Next, click on the Scan button.

 

When the Malwarebytes scan is completed, click on: Show Results

When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

 

When removal is completed, a report opens in Notepad.

 

>> Please copy/paste the entire contents of the MBAM report in your reply.

 

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.


Old duck...


#7 jbwashbourne

jbwashbourne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 08 November 2013 - 10:04 PM

Okay here is the AdwCleaner report:

 

# AdwCleaner v3.011 - Report created 08/11/2013 at 19:37:07
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Washbourne Family - FERB
# Running from : C:\Users\Washbourne Family\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\CouponAlert_2p
Folder Deleted : C:\Users\Washbourne Family\AppData\Local\CouponAlert_2p
Folder Deleted : C:\Users\Washbourne Family\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\Washbourne Family\AppData\Roaming\Mozilla\Firefox\Profiles\zcvty62n.default-1354665403276\Extensions\2pffxtbr@CouponAlert_2p.com
File Deleted : C:\Users\Washbourne Family\AppData\Roaming\Mozilla\Firefox\Profiles\zcvty62n.default-1354665403276\searchplugins\web-search.xml
File Deleted : C:\Users\Washbourne Family\AppData\Roaming\Mozilla\Firefox\Profiles\zcvty62n.default-1354665403276\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Washbourne Family\AppData\Roaming\Mozilla\Firefox\Profiles\zcvty62n.default-1354665403276\prefs.js ]

Line Deleted : user_pref("extensions.sahtb.searchEngineNameSAH", "Web Search");
Line Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n    <XMLVersion Number=\"{bdd09e8b-8dee-478c-9f4e-0db5e30597cc}\" />\r\n    <AnalyticsURL URL=\"hxxp://www.google-analytics.com/__utm.gif?utmw[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=77fc4807&p2=^CD^xpi000^S04220^");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.installDate", "2013022215");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerId", "^CD^xpi000^S04220^");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.success", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.toolbarId", "undefined");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.weather.location", "80501");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "couponalert@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.shopathome.com?user_id={dde83e6c-615b-4329-82da-e6d883214c1d}&q=");

*************************

AdwCleaner[R0].txt - [5782 octets] - [08/11/2013 19:36:32]
AdwCleaner[S0].txt - [5373 octets] - [08/11/2013 19:37:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5433 octets] ##########
 

 

And the MBAM report:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Washbourne Family :: FERB [administrator]

11/8/2013 7:45:22 PM
mbam-log-2013-11-08 (19-45-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230031
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Control Panel\don't load|wscui.cpl (Hijack.SecurityCenter) -> Data: No -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Washbourne Family\Downloads\7zip_installer_d162802(1).exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\Washbourne Family\Downloads\7zip_installer_d162802(2).exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\Washbourne Family\Downloads\7zip_installer_d162802.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.

(end)



#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:27 PM

Posted 08 November 2013 - 11:52 PM

Let's make sure some services are running OK...

Please download Farbar Service Scanner
Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.



Also, lets check your Security status with the following...

Download Security Check:
http://screen317.spywareinfoforum.org/
Save to your Desktop.
Double-click: SecurityCheck.exe
Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, called: checkup.txt
Please post the checkup.txt in your reply.
(Please do not take any corrective actions!)

Edited by Aaflac, 08 November 2013 - 11:57 PM.

Old duck...


#9 jbwashbourne

jbwashbourne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 10 November 2013 - 02:54 PM

Sorry for the delay in response.  I was able to download and run the FSS.exe and I've included the report in my reply.  However, Norton antivirus won't let me download the securitycheck.exe because it says it is an unsafe file.  I just wanted to make sure before I disabled Norton and downloaded it anyway.

 

Farbar Service Scanner Version: 10-11-2013
Ran by Washbourne Family (administrator) on 10-11-2013 at 12:49:19
Running from "C:\Users\Washbourne Family\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-08 15:14] - [2013-09-13 18:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-08 15:14] - [2013-09-07 19:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:27 PM

Posted 11 November 2013 - 12:19 AM

Security Check is a safe program. You can search for many instances of it requested on this forum.

You can also download it here:

http://www.bleepingcomputer.com/download/securitycheck/

 

Also, please do the following:

 

Press the Windows key and the R key at the same time.
In the Open area, type: services.msc

 

In the Services console, make sure Security Center is there, and:
Startup Type is set to: Automatic (Delayed Start)
Service Status is set to: Started

 

Also, make sure Windows Update is there, and:
Startup Type is set to: Automatic (Delayed Start)
Service Status is set to: Started

 

When done, please run the Farbar Service Scanner once again, and post its FSS.txt report.


Old duck...


#11 jbwashbourne

jbwashbourne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 13 November 2013 - 06:31 PM

Okay....so I finally got everything to run. 

 

Checkup.txt

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Norton 360 Premier Edition   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 22  
 Java™ 6 Update 35  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (25.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

 

FSS.txt

 

Farbar Service Scanner Version: 10-11-2013
Ran by Washbourne Family (administrator) on 13-11-2013 at 16:29:47
Running from "C:\Users\Washbourne Family\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-08 15:14] - [2013-09-13 18:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-08 15:14] - [2013-09-07 19:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#12 jbwashbourne

jbwashbourne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 13 November 2013 - 06:35 PM

okay...after seeing the results of the first checkup.txt, I ran it again after doing all of the other stuff you had mentioned and here is that report

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton 360 Premier Edition   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 22  
 Java™ 6 Update 35  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (25.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 



#13 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:27 PM

Posted 14 November 2013 - 09:58 PM

UAC is disabled!
Windows 7 has the built-in ability to automatically reduce the potential of security breaches and malware from compromising the operating system.
It does so by automatically enabling the User Account Control (UAC).
Recommend you select the Default setting:
http://www.sevenforums.com/tutorials/299-user-account-control-uac-change-notification-settings.html


Internet Explorer 10 Out of date!
The latest version of Internet Explorer is IE11.
You can download Internet Explorer 11 from Microsoft, here:
http://windows.microsoft.com/en-us/internet-explorer/ie-11-worldwide-languages

In most cases, however, the newest version of Internet Explorer will automatically install at some point after its release via Windows Update.

Internet Explorer will update automatically, keeping all of your favorites, cookies, form history, and saved passwords intact.

You do not need to uninstall your current version of IE to update Internet Explorer.



After doing the above, please provide feeadback as to whether you are still having malware problems.

Old duck...


#14 jbwashbourne

jbwashbourne
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 20 November 2013 - 10:05 PM

Everything is running smoothly!  Thank you for all of your time in helping me with my computer.  You went above and beyond and I do appreciate it.  You provide a wonderful service.  Thanks again.



#15 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:04:27 PM

Posted 23 November 2013 - 12:41 PM

Glad you are no longer having problems!

Let's wrap up, as well as remove the tools used and their reports, since these tools are updated frequently, and it is best to have a new copy:

-FRST, its folder in C:\FRST, and any fixlist or fixlog on the Desktop.
-AdwCleaner > Run the tool, and press: Uninstall
-Farbar Service Scanner, and its report
-Security Check, and its report



Would keep Malwarebytes Anti-Malware, and use it regularly...

If you have USB pendrives or SD cards, connect them to other computers, and then connect them back to your computer, the Perform Full Scan has the
option of selecting which drives you want to scan, and includes removable drives.




Also, make sure your security software is ALL enabled and running!

Consider doing the following to prevent future infections...

Malware is normally installed through vulnerabilities found in out-dated and insecure programs on a computer.
You can use the Secunia Personal Software Inspector to scan for vulnerable programs:
http://secunia.com/vulnerability_scanning/personal/

A tutorial on how to use the program is found here:
http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/



Thanks for following all the instructions and providing the reports!!


Have a great week, jbwashbourne!! :hello:

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users