macr8e Posted March 14, 2013 Author ID:657191 Share Posted March 14, 2013 Found it.protection-log-2013-03-14.txt Link to post Share on other sites More sharing options...
MrCharlie Posted March 15, 2013 ID:657304 Share Posted March 15, 2013 What browser is open when you get these warnings?Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select "Show in Results List and Check for removal".Then............Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.MrC Link to post Share on other sites More sharing options...
macr8e Posted March 15, 2013 Author ID:657481 Share Posted March 15, 2013 Firefox Link to post Share on other sites More sharing options...
macr8e Posted March 15, 2013 Author ID:657484 Share Posted March 15, 2013 Donembam-log-2013-03-15 (19-08-54).txt Link to post Share on other sites More sharing options...
MrCharlie Posted March 15, 2013 ID:657486 Share Posted March 15, 2013 Download and run Avast Browser Cleanup, see if it detects any bad items.MrC Link to post Share on other sites More sharing options...
macr8e Posted March 15, 2013 Author ID:657490 Share Posted March 15, 2013 Result Link to post Share on other sites More sharing options...
MrCharlie Posted March 15, 2013 ID:657493 Share Posted March 15, 2013 I would like you to remove those and see if there's any difference.If not......Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://www.itxassociates.com/OT-Tools/OTL.exehttp://oldtimer.geekstogo.com/OTL.com (<---renamed version)Save it to your desktop.Double click on the icon on your desktop.Click the Scan All Users checkbox.Push the Quick Scan button.The scan will take about 10 minutes...depends on your hard drive size.Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedMrC Link to post Share on other sites More sharing options...
macr8e Posted March 16, 2013 Author ID:657550 Share Posted March 16, 2013 otl reportsOTL.TxtExtras.Txt Link to post Share on other sites More sharing options...
MrCharlie Posted March 16, 2013 ID:657608 Share Posted March 16, 2013 Do you know what this is:[2013/03/15 20:27:18 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\Lzehqsn.job--------------------------Please do this:Run OTL[*]Under the Custom Scans/Fixes box at the bottom, paste in bold::OTLO4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not foundO21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[EMPTYJAVA][emptytemp][EMPTYFLASH][*]Then click the Run Fix button at the top[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.MrC Link to post Share on other sites More sharing options...
macr8e Posted March 16, 2013 Author ID:657820 Share Posted March 16, 2013 Don't know what that is.03162013_180956.log Link to post Share on other sites More sharing options...
macr8e Posted March 16, 2013 Author ID:657833 Share Posted March 16, 2013 Still popping up. Link to post Share on other sites More sharing options...
MrCharlie Posted March 16, 2013 ID:657839 Share Posted March 16, 2013 With Firefox running, use CTRL+ALT+DEL and see if rundll32.exe is runningIf so....go to Start > Run > type CMD > EnterCopy and paste this in:tasklist /m /fi "IMAGENAME eq rundll32.exe" >C:\rundll.txtIt should produce a text called rundll.txt in C:\Copy and paste it back here.MrC Link to post Share on other sites More sharing options...
macr8e Posted March 17, 2013 Author ID:658179 Share Posted March 17, 2013 Did CTRL+ALT+DEL. Got choices:Lock computerSwitch UserLog OffChange PasswordStart Task ManagerClicked Task Manager and rundll32.exe was not showing as a task. Link to post Share on other sites More sharing options...
MrCharlie Posted March 17, 2013 ID:658181 Share Posted March 17, 2013 Do this anyway:go to Start > Run > type CMD > EnterCopy and paste this in:tasklist /m /fi "IMAGENAME eq rundll32.exe" >C:\rundll.txtIt should produce a text called rundll.txt in C:\Copy and paste it back here.MrC Link to post Share on other sites More sharing options...
macr8e Posted March 18, 2013 Author ID:658217 Share Posted March 18, 2013 Access is denied Link to post Share on other sites More sharing options...
MrCharlie Posted March 18, 2013 ID:658316 Share Posted March 18, 2013 Use "Elevated Command Prompt"1. Click on Windows 7 Start Button2. Go to All Programs-> Accessories3. Now right on Command Prompt and select “Run as Administrator” from context menu.4. This should bring elevated command prompt mode with full Administrators rights.Now try it again. MrC Link to post Share on other sites More sharing options...
macr8e Posted March 18, 2013 Author ID:658378 Share Posted March 18, 2013 got in, but this is what I got Link to post Share on other sites More sharing options...
MrCharlie Posted March 18, 2013 ID:658394 Share Posted March 18, 2013 Did it produce this text----->>> C:\rundll.txtMrC Link to post Share on other sites More sharing options...
macr8e Posted March 18, 2013 Author ID:658409 Share Posted March 18, 2013 No, the picture is all I got. Link to post Share on other sites More sharing options...
MrCharlie Posted March 18, 2013 ID:658414 Share Posted March 18, 2013 edit Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2013 ID:658793 Share Posted March 19, 2013 I just ran this command on my W7 system and it produced a log in C:\tasklist /m /fi "IMAGENAME eq rundll32.exe" >C:\rundll.txtDid you look in C:\ for the rundll.txtLet me know....MrC Link to post Share on other sites More sharing options...
MrCharlie Posted March 20, 2013 ID:659154 Share Posted March 20, 2013 Delete your copy of ComboFix and download run and run a fresh copy.MrC Link to post Share on other sites More sharing options...
macr8e Posted March 25, 2013 Author ID:660580 Share Posted March 25, 2013 Ran see attached.ComboFix.txt Link to post Share on other sites More sharing options...
MrCharlie Posted March 25, 2013 ID:660593 Share Posted March 25, 2013 These appear to be an Office activation crack, is that so??2013-03-24 c:\windows\Tasks\AutoKMS.job- c:\windows\AutoKMS\AutoKMS.exe [2012-11-15 21:39].2013-03-24 c:\windows\Tasks\AutoKMSDaily.job- c:\windows\AutoKMS\AutoKMS.exe [2012-11-15 21:39]MrC Link to post Share on other sites More sharing options...
macr8e Posted March 25, 2013 Author ID:660947 Share Posted March 25, 2013 I don't understand. Link to post Share on other sites More sharing options...
Recommended Posts