TheDarkKnight

What is MMC?

Hey preconmanager, My mistake. I had a look at the first one so all good. Could you please give me a new summary of the issues on your computer? I just want to see where we are at.

Howdy napotopia. Thank you for the DDS log. Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled. **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.** **Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.** Please include the C:\ComboFix.txt in your next reply for further review.

Hello pgpav2003, This link nicely shows you how to do it: http://www.partition...-partition.html ===== Kaspersky didn't find anything bad. Please try this rescue disc. The Bitdefender Rescue CD is a bootable CD based version of Bitdefender Antivirus. The download is in ISO format. If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn. There is a tutorial on running it at How to Use the BitDefender Rescue CD to Clean Your Infected PC Please download the Bitdefender Rescue CD: http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso Burn the Bitdefender Rescue CD ISO image to CD. Insert the Bitdefender Rescue CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive). Select "Start Bitdefender Rescue CD in English", then press Enter. Once the graphical interface starts, select "Continue". Bitdefender Update will start automatically. When finished updating, scanning will start automatically. When finished scanning, if threats were detected, double-click the Desktop icon "Scan Logs". In the window that opens, double-click the log file and open it with Firefox. To save the log, go to File > Save Page As, enter a file name you will remember such as BDSCAN.TXT, then in the "Save in folder" field select your system drive, and click "Save". The log will save in the root of your system drive (C:\). Close the scanner, restart your system, and post the log in your next reply.

Good morning preconmanager, I have been doing some research into these pipes. browser is a new one that was added in an update Windows did, so it is legitimate. If you take a look at the below link you will see that everything you listed is fine: http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Network-access-Named-Pipes-that-can-be-accessed-anonymously If you would like to disable them please see this Windows Article: http://support.microsoft.com/kb/934539 In short, they are necessary components if you are connecting your computer to other computers or printers on a network. ===== Could you please rerun OTL again, but this time please only post the section of the log that shows Windows Errors.

Hey greyowl, Well, Rkill found a couple of interesting things. Please download the Kaspersky Virus Removal Tool from here to your Desktop. Double-click the Removal Tool. Click the cog in the upper right corner: Select down to and including your main drive. Once done please select the Automatic Scan tab and press Start Scan. Allow AVP to delete all infections found. Once it has finished select the Report tab. Select the Detected threats report from the left and press the Save button. Save it to your Desktop and post the contents in your next reply.

Good morning ratabrach, As daledoc1 mentioned above, unless you have configured MBAM to automatically delete threats then it won't. Often, if MBAM (or most other security programs for that matter) are interrupted midway they will not produce a log. Unfortunately that won't have stopped the Windows Updates from restarting your computer. I suggest running another scan, and if you want to make sure your computer is malware-free you should make a topic in the Malware Removal section of this forum.

Hello ratabrach, MBAM will not doing anything to any files it finds. You can choose to delete them when the scan has completed. This is to avoid false positives etc. Just as daledoc1 said.

Hello ek192010, I am not sure myself, and I am sure some of the other guys here might know. This site had a nice summary which may help: http://pccaresupport.com/early-history-of-computer-viruses/

I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. What is the name of the antivirus program you are trying to install? I have never heard of this file, and there is almost nothing on Google about it. It doesn't sound like an effective or legitimate antivirus program.

I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled. **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.** **Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.** Please include the C:\ComboFix.txt in your next reply for further review.

Howdy Bluedragon07, Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable. Please follow the instructions below to update Java: Please go to the below link and download the latest Windows 7 version: http://www.java.com/en/download/manual.jsp Save it to your Desktop. Please go to Start>Control Panel>Programs. Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: Select Uninstall. Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed. ===== Also, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it: Please go to Start>All Programs>Adobe Reader. Open Adobe Reader and navigate to Help>Check for Updates. Please follow the prompts to install the latest version. ===== In your reply please let me know how the updates go.

Hey preconmanager, Can you turn any of them off?

Hey davejjj, Please try the suggestions in this article: http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/cant-open-the-network-and-sharing-center-and-i/9e114764-93e2-4bb6-8e63-8a37d9e9762d

Howdy Smile2go, Do you recognise this: idsvmnmoll.org Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :OTL [2012/04/24 20:20:45 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP) O4 - HKLM..\Run: [] File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present :Commands [EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ===== Please try this tool. Please download Junkware Removal Tool to your Desktop. Please close your security software to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator. The tool will open and start scanning your system. Please be patient as this can take a while to complete, depending on your system's specifications. On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. Please post the contents of JRT.txt into your reply. ===== Please post the requested logs and information.

Howdy greyowl, Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com). There are 3 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin. You only need to get one of them to run, not all of them. rkill.exe rkill.com rkill.scr It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the Desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive. Before proceeding any further the processes that belong to Windows Recovery need to be terminated so that it does not interfere with the cleaning procedure. Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Windows Recovery and other Rogue programs. === Please do not reboot your computer. Then, please try ComboFix.

Hey MBware, OK sounds good.

Hello majabber, Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :OTL O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2 :Commands [EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ===== Then, please go to http://www.virustotal.com, click on Choose File, and upload the following files for analysis: You will only be able to have one file scanned at a time. C:\Users\Owner\Desktop\8f9o74gs.exe C:\Windows\tasks\ekxaaoya.job Then click Scan It!. Allow the file to be scanned, and then please copy/paste the results here for me to see. Note: If a message appears saying the file has already been analysed, please resend the file. ===== In your reply please provide the results from OTL and VirusTotal.

Hello greyowl, OK well those settings can be dealt with after I see your logs.

Network Access named pipes? What do you mean by these? It doesn't sound normal.

Hello greyowl. That's fine. No need to have it installed for the present. I notice you have a few proxies/IP addresses with your ports. Did you configure all of these settings? Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :OTL O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites) :Commands [EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ===== Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled. **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.** **Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.** Please include the C:\ComboFix.txt in your next reply for further review. ===== In your reply please provide the contents of the OTL fix log and ComboFix.txt.

Hello Smile2go, Please download OTL.exe by OldTimer to your Desktop. Close all windows and double click OTL.exe. In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold: netsvcs drivers32 %SYSTEMDRIVE%\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs Click Run Scan and let the program run uninterrupted. When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread. You may need to use two posts to get it all.

I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. Please download OTL.exe by OldTimer to your Desktop. Close all windows and double click OTL.exe. In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold: netsvcs drivers32 %SYSTEMDRIVE%\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs Click Run Scan and let the program run uninterrupted. When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread. You may need to use two posts to get it all.

G'day IDKWatMNShouldBe, If you do not wish to run ComboFix that's fine. There is a risk of using it if you run it alone and without the help of someone who has been trained to use it. It is a powerful tool, and is very useful for these sorts of situations. As for MBAR, it will remove the infection automatically. It is an extremely effective anti rootkit tool so you do not need to be concerned.

G'day preconmanager, I think the following file is from Kaspersky but I would like to make sure: Pease go to http://www.virustotal.com, click on Choose File, and upload the following file for analysis: You will only be able to have one file scanned at a time. c:\windows\system32\drivers\5DCF3DE2.sys Then click Scan It!. Allow the file to be scanned, and then please copy/paste the results here for me to see. Note: If a message appears saying the file has already been analysed, please resend the file.