Pop ups referencing IE version in title

[Mikeyb85]

Hi All, I am getting pop ups that refernce the internet explorer version in the header. Malware bytes identified and removed a virus however the issue then returned. So far I have taken the following actions: 1) Scanned With Kaspersky - removed but returned 2) Scanned with malware bytes and re-created the MBR Please find attached my logs. Any help would be great!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Giles Whitehead at 17:37:14 on 2012-04-12

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2014.931 [GMT 1:00]

.

AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\PGPserv.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\AMT\UNS.exe

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Intel\AMT\atchk.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Exodus\Exodus.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\MI3AA1~1\wcescomm.exe

C:\Documents and Settings\Giles Whitehead.SPRINGFIELD\Local Settings\Application Data\AppCore\ACFinder\ACFinder.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearch Page = hxxp://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk

uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4080518

uSearch Bar = hxxp://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Exodus] "c:\program files\exodus\Exodus.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [H/PC Connection Agent] "c:\progra~1\mi3aa1~1\wcescomm.exe"

uRun: [ACFinder] "c:\documents and settings\giles whitehead.springfield\local settings\application data\appcore\acfinder\ACFinder.exe"

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [atchk] "c:\program files\intel\amt\atchk.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe"

mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{882025a7-7599-4989-8fcd-7604fb90d6a9}\Icon6560581611.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\ie_banner_deny.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\scieplgn.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

Trusted Zone: metapack.com\www

Trusted Zone: netfulfilment.com\www

DPF: {09D6F55E-F235-4102-9C60-1D09CFD9FAFF} - hxxps://10.1.1.248/vpclient4102.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211371589622

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211374275261

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.1.1.15 10.1.1.17

TCP: Interfaces\{DDFD0766-108F-416B-92D3-3DFA74E26680} : DhcpNameServer = 10.1.1.15 10.1.1.17

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: PGPmapih.dll, c:\progra~1\kasper~1\kasper~2.0fo\adialhk.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 relog_ap

LSA: Notification Packages = scecli PGPpwflt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\giles whitehead.springfield\application data\mozilla\firefox\profiles\462fw1m1.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - plugin: c:\program files\common files\vmware\vmware vmrc plug-in\firefox\np-vmware-vmrc.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

.

============= SERVICES / DRIVERS ===============

.

R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-8-10 97792]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-11-12 126480]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-7-20 231512]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2008-8-6 33824]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]

R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe [2010-3-12 311680]

R2 klnagent;Kaspersky Lab Network Agent;c:\program files\kaspersky lab\networkagent 8\klnagent.exe [2010-3-10 136352]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-11 654408]

R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2010-4-3 214880]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-5-17 2521880]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-6-1 609904]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2009-9-3 24848]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-11 22344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 253600]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 Xceed.Chart.Renderer.Service;Xceed Chart for ASP.NET Renderer Service;c:\program files\xceed components\bin\.net\Xceed.Chart.Renderer.Service.exe [2010-7-21 106496]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

.

=============== Created Last 30 ================

.

2012-04-12 11:06:11 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2012-04-12 11:06:08 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2012-04-12 11:06:07 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2012-04-12 11:06:04 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2012-04-12 11:06:00 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2012-04-12 11:05:44 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2012-04-12 11:05:40 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2012-04-12 11:05:39 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2012-04-12 11:05:36 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys

2012-04-12 11:05:35 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2012-04-12 11:05:34 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2012-04-12 11:05:15 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys

2012-04-12 11:05:12 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys

2012-04-12 11:05:09 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys

2012-04-12 11:05:00 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys

2012-04-12 11:03:58 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2012-04-12 11:02:57 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll

2012-04-12 11:01:55 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys

2012-04-12 11:00:59 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys

2012-04-12 10:59:58 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll

2012-04-12 10:58:58 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys

2012-04-12 10:57:58 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys

2012-04-12 10:56:59 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll

2012-04-12 10:55:57 19840 ----a-w- c:\windows\system32\dllcache\philtune.sys

2012-04-12 10:54:57 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys

2012-04-12 10:53:57 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll

2012-04-12 10:52:57 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys

2012-04-12 10:51:58 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll

2012-04-12 10:50:31 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll

2012-04-12 10:49:58 38784 ----a-w- c:\windows\system32\dllcache\io8.sys

2012-04-12 10:48:58 28700 ----a-w- c:\windows\system32\dllcache\ibmexmp.sys

2012-04-12 10:47:59 68608 ----a-w- c:\windows\system32\dllcache\hpgt53tk.dll

2012-04-12 10:46:59 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys

2012-04-12 10:45:58 34816 ----a-w- c:\windows\system32\dllcache\esuimg.dll

2012-04-12 10:44:56 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys

2012-04-12 10:43:57 7424 ----a-w- c:\windows\system32\dllcache\ddsmc.sys

2012-04-12 10:42:59 44032 ----a-w- c:\windows\system32\dllcache\cnusd.dll

2012-04-12 10:41:58 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys

2012-04-12 10:40:55 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll

2012-04-12 10:39:59 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2012-04-12 10:39:50 2192768 ----a-w- c:\windows\system32\dllcache\OLD211.tmp

2012-04-12 10:39:37 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe

2012-04-12 10:39:37 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll

2012-04-12 10:39:35 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll

2012-04-12 10:39:34 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll

2012-04-12 10:39:33 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe

2012-04-12 10:39:31 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll

2012-04-11 12:08:40 -------- d-----w- c:\documents and settings\giles whitehead.springfield\application data\Malwarebytes

2012-04-11 12:08:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-04-11 12:08:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-11 12:08:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-11 08:34:02 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-11 08:34:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-29 14:42:01 -------- d-----w- c:\documents and settings\giles whitehead.springfield\local settings\application data\AppCore

2012-03-19 09:22:57 293376 ------w- c:\windows\system32\browserchoice.exe

2012-03-16 09:22:52 3072 ------w- c:\windows\system32\iacenc.dll

2012-03-16 09:22:52 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

.

==================== Find3M ====================

.

2012-04-12 08:03:15 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-04-12 08:03:15 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 17:40:08.36 ===============

dds.txt

attach.7z

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!