Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


HELP down to 1 laptop,multiplatform virus or intrusion

  • Please log in to reply
3 replies to this topic

#1 Daves_not_here_man


  • Members
  • 3 posts
  • Gender:Male
  • Local time:12:29 AM

Posted 10 March 2014 - 10:25 PM

  :radioactive: My wife first noticed the issue on her iphone it had odd threads in it. She also said the blutooth would turn itself on and her icons were rearranged. So while i was looking up the number to the local mental institution and decided to check out my laptop. I started looking at files and there were several odd ones like $users and several others with $ prefix. I then noticed it was setup in a network but i couldnt locate the domain name which is odd because im not setup as a network. So i then ran my Norton 360 and it showed all clear, so i think ok just a glitch illtake it to the repair shop. Wellafterhaving it foraweek they said they didnt find any issues. So i forget about it. well after a few days im web surfing and noticed im getting redirected so i clear history and change browser. A couple days later it startsdoing it again, run av i get all clear. i try 2 more free av get an error on boyh during install. So i try again work fine run scan no errors. So i start looking in files and folders for anything odd i found users from my other 2 laptops in the setting, I seen another file it looked odd soi open it which ihad to use notepad it contained threads to get name of any av downloaded and basicly intercept it and sent clean results. Called Norton paid for virus removal well they crashed my computer! Now files are being locked and im loseing acess to more and more programs so i need help asap please. Also utf=8 has something to do with the programming. So any help would be greatly appreciated. All laptops are HP running indows 7 premium 64bit

                                          :clapping: :radioactive:

BC AdBot (Login to Remove)


#2 cryptodan


    Bleepin Madman

  • Members
  • 21,868 posts
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:29 AM

Posted 10 March 2014 - 10:36 PM

Please download TDSSKiller exe version to your desktop. Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  •     Click on Change Parameters and click Detect TDLFS File System.
  •     Click the Start Scan button.
  •     Do not use the computer during the scan
  •     If the scan completes with nothing found, click Close to exit.
  •     If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  •     Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  •     Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  •     A TDSSKiller text file would be saved in Local Disk C.
  •     Copy and paste the contents of that file in your next reply.
ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

#3 Daves_not_here_man

  • Topic Starter

  • Members
  • 3 posts
  • Gender:Male
  • Local time:12:29 AM

Posted 10 March 2014 - 11:56 PM

OK i ran all the scans and here are the results:# AdwCleaner v3.021 - Report created 10/03/2014 at 22:17:05
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : DOG - DOG-HP
# Running from : C:\Users\DOG\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\TempDir
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\Software\caphyon

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\DOG\AppData\Roaming\Mozilla\Firefox\Profiles\byykpvqa.default\prefs.js ]


AdwCleaner[R0].txt - [1090 octets] - [10/03/2014 22:14:37]
AdwCleaner[S0].txt - [1026 octets] - [10/03/2014 22:17:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1086 octets] ##########
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by DOG on Mon 03/10/2014 at 22:34:00.38

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ED1D6EFB-A122-47C9-9032-412DD1B17A05}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{ED1D6EFB-A122-47C9-9032-412DD1B17A05}

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\DOG\AppData\Roaming\mozilla\firefox\profiles\byykpvqa.default\minidumps [2 files]

~~~ Event Viewer Logs were cleared

Scan was completed on Mon 03/10/2014 at 22:40:28.58
End of JRT log

Farbar Service Scanner Version: 25-02-2014
Ran by DOG (administrator) on 10-03-2014 at 22:46:17
Running from "C:\Users\DOG\Downloads"
Windows 7 Home Premium  (X64)
Boot Mode: Normal

Internet Services:
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Connection Status:
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:

Firewall Disabled Policy:

System Restore:

System Restore Disabled Policy:

Action Center:

Windows Update:

Windows Autoupdate Disabled Policy:

Windows Defender:
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

Other Services:

File Check:
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
[2014-03-09 07:38] - [2013-01-03 23:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Thanks for the Quick response

#4 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,530 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:01:29 AM

Posted 11 March 2014 - 01:31 PM

Did TDSSKIller find anything, there's no log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users