tbglover Posted July 10, 2012 ID:568632 Share Posted July 10, 2012 My computer started to act funny a couple of days ago and it appears that trojans have invaded my system. The particular trojans are bc miner as well as ransom trojan and an agent trojan that are both in the registry. What should I do in order to get rid of the infections? Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:568635 Share Posted July 10, 2012 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, download DDS by sUBs and save it to your Desktop. Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
tbglover Posted July 10, 2012 Author ID:568640 Share Posted July 10, 2012 Malwarebytes Anti-Malware (PRO) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.07.09.14Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421tim :: TIM-PC [administrator]Protection: Enabled7/9/2012 8:05:18 PMmbam-log-2012-07-09 (20-11-00)8-15Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 233378Time elapsed: 2 minute(s), 51 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 2HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\tim\LOCALS~1\Temp\mscikzd.bat -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|15129 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msnrjo.exe -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected) Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:568641 Share Posted July 10, 2012 Be sure to remove everything that MBAM finds... Run another Quick Scan and remove everything this time.Then post the DDS log. Link to post Share on other sites More sharing options...
tbglover Posted July 10, 2012 Author ID:568646 Share Posted July 10, 2012 .DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31Run by tim at 20:16:37 on 2012-07-09Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1284 [GMT -4:00].AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Security Suite *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\MHotKey.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\agr64svc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exeC:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Microsoft LifeCam\MSCamS64.exeC:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\DRIVERS\xaudio64.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Windows\system32\RUNDLL32.EXEC:\Windows\ChiFuncExt.exeC:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeC:\Windows\SysWOW64\DllHost.exeC:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\RAVCpl64.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Windows\ehome\ehtray.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exeC:\Windows\CNYHKey.exeC:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exeC:\Windows\ehome\ehmsas.exeC:\Windows\ModLedKey.exeC:\Program Files (x86)\Picasa2\PicasaMediaDetector.exeC:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exeC:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exeC:\Program Files (x86)\PowerISO\PWRISOVM.EXEC:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exeC:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\WinRAR\WinRAR.exeC:\Program Files (x86)\WinRAR\WinRAR.exeC:\Program Files (x86)\WinRAR\WinRAR.exeC:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exeC:\Windows\system32\consent.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\msiexec.exe"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDnsC:\Windows\notepad.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exe"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDnsC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.bgol.us/board/forumdisplay.php?f=41&order=descmStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0109&m=dx4200-09uInternet Settings,ProxyOverride = *.localmSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dlluURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dlluWindows: Load=C:\Users\tim\LOCALS~1\Temp\mscikzd.batBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dllBHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLLBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dllTB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dllTB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduleruRun: [ehTray.exe] C:\Windows\ehome\ehTray.exeuRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quietuRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenuRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [LchDrvKey] LchDrvKey.exemRun: [LedKey] CNYHKey.exemRun: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -AmRun: [eRecoveryService] mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"mRun: [WD Button Manager] WDBtnMgr.exemRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startupmRun: [Picasa Media Detector] "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe"mRun: [<NO NAME>] mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"mRun: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"mRun: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"mRun: [Prolific_OneButton] C:\Program Files (x86)\USBFast\OneBtn.exemRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStartmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md ImRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymExplorerRun: [15129] C:\PROGRA~3\LOCALS~1\Temp\msnrjo.exeStartupFolder: C:\Users\tim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WDANYW~1.LNK - C:\Users\tim\AppData\Roaming\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: EnableLinkedConnections = 1 (0x1)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: {05BA0540-AFBA-4046-AB45-6FF554DFB9A2} - {B42BB49F-1437-447D-998C-7566DFF8AC83} - C:\Program Files (x86)\Advanced IE History Bar\AdvHistoryBar.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLLSP: mswsock.dllDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{DAF42361-B95B-444F-B664-47AF6257FC2F} : DhcpNameServer = 192.168.1.1mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dllBHO-X64: 0x1 - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllBHO-X64: AskBar BHO - No FileBHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dllBHO-X64: Symantec NCO BHO - No FileBHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dllBHO-X64: facemoods Helper - No FileBHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLLBHO-X64: Symantec Intrusion Prevention - No FileBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dllTB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dllTB-X64: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllTB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dllTB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dllTB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllmRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [LchDrvKey] LchDrvKey.exemRun-x64: [LedKey] CNYHKey.exemRun-x64: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -AmRun-x64: [eRecoveryService] mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"mRun-x64: [WD Button Manager] WDBtnMgr.exemRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startupmRun-x64: [Picasa Media Detector] "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe"mRun-x64: [(Default)] mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"mRun-x64: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"mRun-x64: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"mRun-x64: [Prolific_OneButton] C:\Program Files (x86)\USBFast\OneBtn.exemRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStartmRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"mRun-x64: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md ImRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray.================= FIREFOX ===================.FF - ProfilePath - C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\f34b32ao.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - prefs.js: browser.search.selectedEngine - Facemoods SearchFF - prefs.js: browser.startup.homepage - hxxp://www.bgol.us/board/forumdisplay.php?f=41&order=descFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dllFF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dllFF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dllFF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dllFF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dllFF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dllFF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dllFF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true============= SERVICES / DRIVERS ===============.R0 DRVECDB;DRVECDB;C:\Windows\system32\Drivers\DRVECDB.SYS --> C:\Windows\system32\Drivers\DRVECDB.SYS [?]R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [?]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [?]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-21 1156216]R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [?]R1 DLARTL_E;DLARTL_E;C:\Windows\system32\Drivers\DLARTL_E.SYS --> C:\Windows\system32\Drivers\DLARTL_E.SYS [?]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111223.001\IDSviA64.sys [2011-12-23 488568]R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [?]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]R2 DLABMFSE;DLABMFSE;C:\Windows\system32\DLA\DLABMFSE.SYS --> C:\Windows\system32\DLA\DLABMFSE.SYS [?]R2 DLABOIOE;DLABOIOE;C:\Windows\system32\DLA\DLABOIOE.SYS --> C:\Windows\system32\DLA\DLABOIOE.SYS [?]R2 DLADResE;DLADResE;C:\Windows\system32\DLA\DLADResE.SYS --> C:\Windows\system32\DLA\DLADResE.SYS [?]R2 DLAIFS_E;DLAIFS_E;C:\Windows\system32\DLA\DLAIFS_E.SYS --> C:\Windows\system32\DLA\DLAIFS_E.SYS [?]R2 DLAOPIOE;DLAOPIOE;C:\Windows\system32\DLA\DLAOPIOE.SYS --> C:\Windows\system32\DLA\DLAOPIOE.SYS [?]R2 DLAPoolE;DLAPoolE;C:\Windows\system32\DLA\DLAPoolE.SYS --> C:\Windows\system32\DLA\DLAPoolE.SYS [?]R2 DLAUDF_E;DLAUDF_E;C:\Windows\system32\DLA\DLAUDF_E.SYS --> C:\Windows\system32\DLA\DLAUDF_E.SYS [?]R2 DLAUDFAE;DLAUDFAE;C:\Windows\system32\DLA\DLAUDFAE.SYS --> C:\Windows\system32\DLA\DLAUDFAE.SYS [?]R2 DRVEDDM;DRVEDDM;C:\Windows\system32\Drivers\DRVEDDM.SYS --> C:\Windows\system32\Drivers\DRVEDDM.SYS [?]R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-1-21 24576]R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-30 654408]R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-11-4 126400]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]S1 DLACDBHE;DLACDBHE;C:\Windows\system32\Drivers\DLACDBHE.SYS --> C:\Windows\system32\Drivers\DLACDBHE.SYS [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate1ca6d577e060a90;Google Update Service (gupdate1ca6d577e060a90);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-24 133104]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-13 138360]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-24 133104]S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-28 113120]S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);C:\Windows\system32\DRIVERS\MRVW24C.sys --> C:\Windows\system32\DRIVERS\MRVW24C.sys [?]S3 MSHUSBVideo;NX3000/NX6000/VX5000/VX5500/VX2000/VX7000 Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 PLTurbh;Prolific turbo filter driver for hdd;C:\Windows\system32\drivers\plturbh.sys --> C:\Windows\system32\drivers\plturbh.sys [?]S3 PLTurbo;Prolific turbo filter driver for odd;C:\Windows\system32\drivers\plturbo.sys --> C:\Windows\system32\drivers\plturbo.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-31 89920].=============== File Associations ===============.JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================.2012-07-09 09:27:19 -------- d-----w- C:\Windows\SysWow64\??2012-07-07 10:18:28 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%2012-07-06 10:04:25 98816 ----a-w- C:\Windows\sed.exe2012-07-06 10:04:25 518144 ----a-w- C:\Windows\SWREG.exe2012-07-06 10:04:25 256000 ----a-w- C:\Windows\PEV.exe2012-07-06 10:04:25 208896 ----a-w- C:\Windows\MBR.exe2012-07-06 10:03:42 -------- d-s---w- C:\ComboFix2012-07-05 21:16:35 -------- d-----w- C:\Users\tim\AppData\Roaming\Tific2012-06-30 00:19:46 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll2012-06-30 00:19:46 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll2012-06-28 05:17:03 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service2012-06-28 05:16:58 624608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll2012-06-28 05:16:58 43488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll2012-06-28 05:16:58 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe2012-06-28 05:16:58 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe2012-06-25 19:37:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-25 19:36:41 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-25 19:36:41 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll2012-06-25 19:36:10 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-25 19:36:10 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe2012-06-25 19:36:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-25 19:36:10 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll2012-06-24 02:24:14 -------- d-----w- C:\Users\tim\AppData\Local\Macromedia2012-06-12 23:16:56 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2012-06-12 23:16:54 2767360 ----a-w- C:\Windows\System32\win32k.sys2012-06-12 23:16:38 1267200 ----a-w- C:\Windows\System32\crypt32.dll2012-06-12 23:16:37 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll2012-06-12 23:16:37 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll2012-06-12 23:16:37 174592 ----a-w- C:\Windows\System32\cryptsvc.dll2012-06-12 23:16:37 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2012-06-12 23:16:37 132096 ----a-w- C:\Windows\System32\cryptnet.dll.==================== Find3M ====================.2012-06-24 00:09:26 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-06-24 00:09:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb.============= FINISH: 20:20:07.00 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:568648 Share Posted July 10, 2012 Hi,Please visit this webpage for instructions for running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
tbglover Posted July 10, 2012 Author ID:568674 Share Posted July 10, 2012 Sorry it's taking this long. Combofix has been hitting an error on a particular file. Link to post Share on other sites More sharing options...
tbglover Posted July 10, 2012 Author ID:568681 Share Posted July 10, 2012 Combofix continues to hit an error on a file. I tell it to ignore the file and it continues to run. Unfortunately it has not produced a log for me. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:568683 Share Posted July 10, 2012 Hi,Provide the exact error please.Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com (ensure that the Save As type is "All Files").Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).Click Start --> Run, and enter this command exactly as shown:"%userprofile%\desktop\sega.com" /killallSee if it will run successfully now. Stop it after half an hour of no activity. Link to post Share on other sites More sharing options...
tbglover Posted July 10, 2012 Author ID:568689 Share Posted July 10, 2012 The exact error saysError opening file for writing:C:\32788R22FWJFw\License\iexplore.exeClick Abort to stop the installationRetry to try again orIgnore to skip this file Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:568691 Share Posted July 10, 2012 Okay. Try my most recent instructions above. Link to post Share on other sites More sharing options...
tbglover Posted July 10, 2012 Author ID:568737 Share Posted July 10, 2012 I tried your instructions. It seemed to go through okay. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 10, 2012 Staff ID:568915 Share Posted July 10, 2012 Do you have the log?? Link to post Share on other sites More sharing options...
tbglover Posted July 10, 2012 Author ID:569081 Share Posted July 10, 2012 I thought it went through but I do not see a log. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 11, 2012 Staff ID:569169 Share Posted July 11, 2012 Open this file:C:\ComboFix.txtIf that's not there, take a screenshot of the root of your drive (C:\) and post it here. Link to post Share on other sites More sharing options...
tbglover Posted July 11, 2012 Author ID:569214 Share Posted July 11, 2012 Link to post Share on other sites More sharing options...
Staff screen317 Posted July 11, 2012 Staff ID:569355 Share Posted July 11, 2012 Hi,Thank you.Open the folder Qoobox and take another screenshot. Link to post Share on other sites More sharing options...
tbglover Posted July 12, 2012 Author ID:569552 Share Posted July 12, 2012 Link to post Share on other sites More sharing options...
Staff screen317 Posted July 13, 2012 Staff ID:570194 Share Posted July 13, 2012 Okay thank you.Try running it once more; see if it produces a log this time. Are you interrupting it at any point?? Is it just closing on you somewhere?? Link to post Share on other sites More sharing options...
tbglover Posted July 14, 2012 Author ID:570494 Share Posted July 14, 2012 One second it seems to be running fine, then it slows down considerably and then it's just done with no notification or anything.Here's another look at my C drive if you need to see it. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 16, 2012 Staff ID:571215 Share Posted July 16, 2012 Can you be more specific? Does it list a number of stages that it goes through? At what point does it 'stop'? Link to post Share on other sites More sharing options...
tbglover Posted July 16, 2012 Author ID:571639 Share Posted July 16, 2012 Usually it starts up quickly then it slows down on I believe C drive output. Briefly a something pops up that has to lines of differing colors but it comes on screen and is gone very quickly. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 18, 2012 Staff ID:572223 Share Posted July 18, 2012 Can you take a screenshot of it please? Sorry to drag this out but I want to make sure you downloaded the correct program. Link to post Share on other sites More sharing options...
tbglover Posted July 19, 2012 Author ID:572784 Share Posted July 19, 2012 I understand. Besides you're trying to help me so I have no reason to get upset. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 19, 2012 Staff ID:573121 Share Posted July 19, 2012 Okay let's try something else.Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)Please post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply. Link to post Share on other sites More sharing options...
Recommended Posts