Jump to content

Recommended Posts

Hello,

I got the Windows 2012 security virus about 3 weeks ago. I searched the forums and learned the solution was RKill and MBAM. I ran Rkill and MBAM and resolved my hijacked computer issues. However, ever since my computer crashes. When I run RKILL the same process (globalhost/systemroot exe) comes up. Today I got a pop up that said that it was attempting to run on 32 bit and to see if it had a 64 bit version, which made me think that this is what is making my computer crash. I have run the dds and here is my results, if anyone could help me I would appreciate it so much as this is my work and school computer.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27

Run by Owner at 13:11:11 on 2012-01-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.879 [GMT -6:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\igfxext.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\splwow64.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5336&r=27360411m015l0404z155v47421858

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5336&r=27360411m015l0404z155v47421858

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5336&r=27360411m015l0404z155v47421858

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll

uURLSearchHooks: H - No File

uURLSearchHooks: FCToolbarURLSearchHook Class: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: CP-Autos.com Toolbar: {9047c5a8-3500-4b40-b6cf-51169f683ac9} - C:\Program Files (x86)\CP-Autos.com\prxtbCP-A.dll

mURLSearchHooks: CP-Autos.com Toolbar: {9047c5a8-3500-4b40-b6cf-51169f683ac9} - C:\Program Files (x86)\CP-Autos.com\prxtbCP-A.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Gamers Unite! Snag Bar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: CP-Autos.com Toolbar: {9047c5a8-3500-4b40-b6cf-51169f683ac9} - C:\Program Files (x86)\CP-Autos.com\prxtbCP-A.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll

TB: CP-Autos.com Toolbar: {9047c5a8-3500-4b40-b6cf-51169f683ac9} - C:\Program Files (x86)\CP-Autos.com\prxtbCP-A.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File

TB: {DA566842-D620-41BF-8A10-149CFA14035D} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: convergysworkathome.com\www

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5DDE4681-FB88-452A-B0BD-F2DDF49D960F} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5DDE4681-FB88-452A-B0BD-F2DDF49D960F}\34F6D607574756273705C65737 : DhcpNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{5DDE4681-FB88-452A-B0BD-F2DDF49D960F}\94E63796768647F577966696F563739373 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5DDE4681-FB88-452A-B0BD-F2DDF49D960F}\96E63796768647F577966696F563739373 : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Gamers Unite! Snag Bar BHO: {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll

BHO-X64: FCTBPos00Pos - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: CP-Autos.com Toolbar: {9047c5a8-3500-4b40-b6cf-51169f683ac9} - C:\Program Files (x86)\CP-Autos.com\prxtbCP-A.dll

BHO-X64: CP-Autos.com - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll

TB-X64: CP-Autos.com Toolbar: {9047c5a8-3500-4b40-b6cf-51169f683ac9} - C:\Program Files (x86)\CP-Autos.com\prxtbCP-A.dll

TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File

TB-X64: {DA566842-D620-41BF-8A10-149CFA14035D} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\nto55wiv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3052046&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, c0e2047c-c6bb-44f2-90e9-ed657176cd16

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 HP8107Fltr;HP-HP8107;C:\Windows\system32\DRIVERS\HP8107.sys --> C:\Windows\system32\DRIVERS\HP8107.sys [?]

.

=============== Created Last 30 ================

.

2011-12-28 14:55:55 20480 ------w- C:\Windows\svchost.exe

2011-12-27 23:58:40 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-12-16 03:05:05 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-12-16 03:05:02 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-16 03:05:00 860672 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2011-12-16 03:05:00 1013248 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2011-12-15 14:24:24 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-15 14:23:40 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-15 14:23:38 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-15 14:23:38 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-15 14:23:27 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-15 14:23:27 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-12 12:44:38 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

2011-12-12 12:43:50 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-12-12 12:43:50 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-12-10 11:08:22 -------- d-----w- C:\Users\Owner\AppData\Local\Symantec

2011-12-10 11:02:42 -------- d-----w- C:\Users\Owner\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

2011-12-10 11:02:28 -------- d-----w- C:\ProgramData\Virtualized Applications

2011-12-10 10:46:41 0 ----a-w- C:\Windows\SysWow64\shoA862.tmp

2011-12-10 10:40:02 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-10 10:40:02 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

2011-12-09 17:58:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\AVG2012

2011-12-09 17:55:55 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2011-12-09 17:55:13 -------- d-----w- C:\Windows\System32\drivers\AVG

2011-12-09 17:13:41 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8B284398-0079-43E1-9EB9-70D4041B9AB4}\mpengine.dll

2011-12-09 16:30:25 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes

2011-12-09 16:30:10 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-09 16:30:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-09 16:14:06 -------- d--h--w- C:\$AVG

2011-12-09 15:56:06 -------- d--h--w- C:\ProgramData\Common Files

2011-12-09 15:55:33 -------- d-----w- C:\ProgramData\AVG2012

2011-12-09 15:54:32 -------- d-----w- C:\Program Files (x86)\AVG

2011-12-09 15:51:45 -------- d-----w- C:\ProgramData\MFAData

2011-12-09 15:41:14 -------- d-----we C:\Windows\system64

.

==================== Find3M ====================

.

2011-12-21 19:56:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-15 20:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-11 23:24:13 0 ----a-w- C:\Windows\SysWow64\shoFBE0.tmp

2011-10-07 12:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

.

============= FINISH: 13:18:37.26 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 4/28/2011 1:06:51 PM

System Uptime: 1/1/2012 12:44:38 PM (1 hours ago)

.

Motherboard: Acer | | Aspire 5336

Processor: Intel® Celeron® CPU 900 @ 2.20GHz | uPGA-478 | 2194/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 220 GiB total, 104.413 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

µTorrent

7-Zip 4.65

Acer Backup Manager

Acer Crystal Eye webcam Ver:1.1.188.706

Acer ePower Management

Acer eRecovery Management

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Software Update

Backup Manager Basic

CEP (Color Enable Package) v.9.2 (beta)

Convergys Health Checker

CP-Autos.com Toolbar

CyberLink PowerDVD 9

D3DX10

DAEMON Tools Lite

eSobi v2

Gamers Unite! Snag Bar

Genius

Google Chrome

Identity Card

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 27

Junk Mail filter update

Launch Manager

MagicDisc 2.7.106

MAGIX Slideshow Maker 2

Malwarebytes' Anti-Malware version 1.51.2.1300

Mavis Beacon Teaches Typing Platinum 20

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Live Meeting 2007

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 8.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MyWinLocker

MyWinLocker Suite

Norton Online Backup

NTI Media Maker 9

Q-Xpress Installer 1.1.9

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Scriptorium for TS2

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Shredder

Sims 2 Collection Creator v1.1.1

swMSM

The Sims 2

The Sims 2 Family Fun Stuff

The Sims 2 Glamour Life Stuff

The Sims 2 Nightlife

The Sims 2 Open For Business

The Sims 2 Pets

The Sims 2 University

The Sims™ 2 Apartment Life

The Sims™ 2 Bon Voyage

The Sims™ 2 Celebration! Stuff

The Sims™ 2 FreeTime

The Sims™ 2 H&M® Fashion Stuff

The Sims™ 2 IKEA® Home Stuff

The Sims™ 2 Kitchen & Bath Interior Design Stuff

The Sims™ 2 Seasons

The Sims™ 2 Teen Style Stuff

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

User Feel Recording Application

VideoLAN VLC media player 0.8.6f

Visual Studio 2008 x64 Redistributables

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

12/31/2011 9:51:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NTI IScheduleSvc service to connect.

12/31/2011 9:51:22 AM, Error: Service Control Manager [7000] - The NTI IScheduleSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/31/2011 5:33:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/31/2011 5:25:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000df, 0x0000000000000002, 0x0000000000000001, 0xfffff80003300ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123111-44600-01.

12/31/2011 5:23:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

12/31/2011 5:23:22 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/31/2011 5:23:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/31/2011 5:22:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Online Backup service to connect.

12/31/2011 5:22:09 PM, Error: Service Control Manager [7000] - The Norton Online Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/31/2011 5:21:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff9600013e753, 0xfffff88005ff51a0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123111-36332-01.

12/31/2011 1:40:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035c6a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123111-52338-01.

12/30/2011 8:56:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003265f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123011-57642-01.

12/30/2011 6:47:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/30/2011 6:13:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff9600009e627, 0xfffff880033f9d30, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123011-49296-01.

12/30/2011 11:00:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.

12/30/2011 11:00:53 AM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/29/2011 9:40:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

12/29/2011 9:40:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.

12/29/2011 9:40:10 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

12/29/2011 9:40:10 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

12/29/2011 9:40:10 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/28/2011 9:06:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

12/28/2011 8:52:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/28/2011 8:39:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 BHDrvx64 discache eeCtrl IDSVia64 mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr SRTSPX SymIRON SymNetS Wanarpv6

12/28/2011 8:39:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800032c1ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122811-68234-01.

12/28/2011 8:31:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80003302ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122811-117780-01.

12/28/2011 8:23:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003303ab5, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122811-96985-01.

12/28/2011 6:46:25 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035c8a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122811-52104-01.

12/28/2011 6:40:01 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800032b3f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122811-45162-01.

12/27/2011 6:07:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035d8a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122711-37799-01.

12/27/2011 5:55:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc000001d, 0xfffffa80075f7016, 0xfffff8800354da28, 0xfffff8800354d280). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122711-43867-01.

12/26/2011 7:20:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

1/1/2012 12:48:37 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

1/1/2012 12:47:41 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

1/1/2012 12:47:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

1/1/2012 12:47:41 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/1/2012 12:47:12 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

1/1/2012 12:45:56 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

1/1/2012 12:45:51 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

1/1/2012 12:45:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

1/1/2012 12:26:36 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/1/2012 12:26:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/1/2012 12:26:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/1/2012 12:26:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/1/2012 12:26:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/1/2012 12:26:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6

1/1/2012 12:26:06 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/1/2012 12:26:06 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

1/1/2012 10:24:11 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000088, 0x0000000000000002, 0x0000000000000001, 0xfffff8000325f3a6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010112-46472-01.

.

==== End Of File ===========================

Link to post
Share on other sites

  • 1 month later...

Hello,

Save and close any work documents, close any apps that you started.

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

If and only if your system is Windows 7 x64, Vista x64, Windows XP x64 and Windows 2008/2003 x64 computers.

Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

http://www.microsoft.com/downloads/details.aspx?familyid=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.microsoft.com/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the contents of last scan log into reply.

If we do not hear back from you in 3 days, this thread will be closed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.