Sean_M84

My boss was fairly adamant that Microsoft Security Essentials was being mimicked by the virus. So he wanted me to ask if there is an alternative to use for now until he's sure of MSE being safe. We had it prior and it failed to recognize the virus or trojans. The little window would pop up in the corner informing us that the computer needed cleaning.

I had reinstalled AdwCleaner so the log is going to be named R1 again. AdwCleanerR1.txtAdwCleanerR1.txt AdwCleanerS1.txt checkup.txt

AdwCleanerR1.txt

I haven't used the Internet Browser since the fixes, I'm going to use our other PC for surfing until I can find a antivirus program that is compatible with the paid version of Malwarebytes AntiMalware. The system seems fine and I haven't experienced any blue screens at all. Thanks again for all your help, it is greatly appreciated. mbam-log-2012-11-03 (10-26-07).txt

Sorry for the delay. ComboFix.txt

Ok, I'll have to run Combofix tomorrow morning unfortunately since I won't have 30-45 mins to leave my register locked. I'm extremetly grateful for your help thus far.

I did do a quick scan and MBAM did find the svchost.exe trojan again. But no longer am I prompted upon restarting to Quarantine that item.

Upon finishing the scan with TDSSKiller, there were no threats detected. I made sure Malwarebytes AntiMalware wasn't active in the background. Upon restarting, MBAM didn't detect the SVChost.exe trojan.

RKreport2.txtRKreport3.txtTDSSKiller.2.8.15.0_02.11.2012_11.58.35_log.txtTDSSKiller.2.8.15.0_02.11.2012_11.55.04_log.txtTDSSKiller.2.8.15.0_02.11.2012_11.52.38_log.txt

RogueKiller V8.2.1 [10/29/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Website: http://tigzy.geeksto...roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Ryans Comics Vaio [Admin rights] Mode : Scan -- Date : 11/02/2012 11:08:16 ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 11 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Run : dinrt ("C:\Windows\System32\rundll32.exe" "C:\Users\Ryans Comics Vaio\AppData\Roaming\dinrt.dll",NewException) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 activate.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3500418AS +++++ --- User --- [MBR] 700fecc1cccaff4e4552432ff261bd8e [bSP] 89712d73d296efc80c5a15381b2724d4 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11253 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23048192 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23252992 | Size: 465585 Mo User != LL1 ... KO! --- LL1 --- [MBR] ca562baced8ede3066907aa5a28a378e [bSP] 89712d73d296efc80c5a15381b2724d4 : Windows 7 MBR Code Partition table: 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11253 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23048192 | Size: 100 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23252992 | Size: 465585 Mo User != LL2 ... KO! --- LL2 --- [MBR] ca562baced8ede3066907aa5a28a378e [bSP] 89712d73d296efc80c5a15381b2724d4 : Windows 7 MBR Code Partition table: 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11253 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23048192 | Size: 100 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23252992 | Size: 465585 Mo Finished : << RKreport[1].txt >> RKreport[1].txt RKreport1.txt

My Sony Vaio PC that I use as a cash register for the business that I work for as contracted a virus via Google Toolbar and I've hence deleted anything Google related and tried my best to remove the Trojan, but it doesn't go away. It shows up everytime I scan with Malwarebytes AntiMalware scanner. It shows up as "svchost.exe." is infected and quarantined everytime I start up the PC. Thank you for help and time. We open the store soon, but I'll try to work some fixes inbetween customers. dds.txtattach.txt