Jump to content

IE blocks all deletes all downloads as infected

Lynettecan
 Share

Recommended Posts

Lynettecan

Lynettecan

Posted
Posted

Hello

So I have been trying to fix this computer.

It is running vista. When you download a file with IE, there is a tool bar at the bottom with a yellow line at the top that asks if you want to open or save the file. If you pick either open or save, it will download the file then at the end will say that there was a virus, and delete it. I have tried the steps from an earlier thread, and will post the logs. Currently it happens in both Chrome and IE but not Firefox. I am concerned that if it is a virus, that it will infect Firefox eventually.

Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.20.08

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

nadine :: NADINE-PC [administrator]

Protection: Enabled

20/05/2013 9:11:13 PM

mbam-log-2013-05-20 (21-11-13).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 401491

Time elapsed: 1 hour(s), 47 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16483

Run by nadine at 15:46:53 on 2013-05-21

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2153 [GMT -7:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Windows\Samsung\PanelMgr\caller64.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Windows\system32\conime.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - LocalServer32 - <no file>

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - LocalServer32 - <no file>

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth

mRun: [NDSTray.exe] NDSTray.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

mRun: [symantec PIF AlertEng] "C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [Conime] C:\Windows\System32\conime.exe

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{33FE97B1-F8D7-4CEF-9929-FB0B94BFAE92} : DHCPNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

x64-mStart Page = hxxp://www.shoptoshiba.ca/welcome

x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe

x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe

x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [HDMICtrlMan] C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

x64-mPolicies-Explorer: NoDrives = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\nadine\AppData\Roaming\Mozilla\Firefox\Profiles\dsgn8bio.default\

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\npsitesafety.dll

FF - ExtSQL: !HIDDEN! 2009-12-29 12:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 AvgMfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2008-8-26 531968]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 AvgLdx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 AvgTdiA;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-2-17 39768]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]

R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-20 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-20 701512]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2006-12-8 11576]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]

R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-4-5 990896]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2008-8-26 293376]

R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\CHDART64.sys [2008-2-19 222720]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-20 25928]

R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2008-2-19 3196416]

R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2008-1-14 58328]

R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-1-8 51544]

R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2007-4-9 9728]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-2-19 391680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-29 167264]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-4 89920]

.

=============== File Associations ===============

.

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2013-05-16 10:09:54 75016696 ----a-w- C:\Windows\System32\mrt.exe

2013-05-10 07:57:38 27208 ----a-w- C:\Windows\System32\AdobePDFUI.dll

2013-05-10 07:57:34 55872 ----a-w- C:\Windows\System32\AdobePDF.dll

2013-05-09 08:58:11 287840 ----a-w- C:\Windows\System32\aswBoot.exe

2013-05-05 21:36:54 17818624 ----a-w- C:\Windows\System32\mshtml.dll

2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-05 19:25:43 12324864 ----a-w- C:\Windows\SysWow64\mshtml.dll

2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-15 14:17:12 901496 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-13 03:34:30 47104 ----a-w- C:\Windows\System32\cdd.dll

2013-04-09 01:55:57 2774016 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 20:39:58 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-04-05 01:19:09 10926080 ----a-w- C:\Windows\System32\ieframe.dll

2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 01:01:06 1346560 ----a-w- C:\Windows\System32\urlmon.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-05 00:58:59 237056 ----a-w- C:\Windows\System32\url.dll

2013-04-05 00:57:27 85504 ----a-w- C:\Windows\System32\jsproxy.dll

2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-05 00:55:57 816640 ----a-w- C:\Windows\System32\jscript.dll

2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-05 00:54:50 729088 ----a-w- C:\Windows\System32\msfeeds.dll

2013-04-05 00:54:25 2147840 ----a-w- C:\Windows\System32\iertutil.dll

2013-04-05 00:51:52 96768 ----a-w- C:\Windows\System32\mshtmled.dll

2013-04-05 00:46:50 248320 ----a-w- C:\Windows\System32\ieui.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-04 22:09:30 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:58 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll

2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-04 22:01:35 231936 ----a-w- C:\Windows\SysWow64\url.dll

2013-04-04 21:59:49 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll

2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-04 21:58:24 717824 ----a-w- C:\Windows\SysWow64\jscript.dll

2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-04 21:56:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll

2013-04-04 21:55:19 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll

2013-04-04 21:54:42 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll

2013-04-04 21:50:34 176640 ----a-w- C:\Windows\SysWow64\ieui.dll

2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-12 08:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-11 13:33:42 4691304 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-09 04:16:35 85504 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-09 01:48:36 75264 ----a-w- C:\Windows\System32\smss.exe

2013-03-08 04:18:52 451072 ----a-w- C:\Windows\System32\winsrv.dll

2013-03-08 04:17:12 2425344 ----a-w- C:\Windows\System32\mstscax.dll

2013-03-08 03:52:22 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-03-03 19:13:14 1513320 ----a-w- C:\Windows\System32\drivers\ntfs.sys

.

============= FINISH: 15:47:26.12 ===============

Combofix log:

ComboFix 13-05-21.01 - nadine 21/05/2013 15:09:33.2.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2425 [GMT -7:00]

Running from: c:\users\nadine\Downloads\firefox downloads\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Default\AppData\Roaming\DPInst.exe

c:\users\Default\AppData\Roaming\gacutil.exe

c:\users\Default\AppData\Roaming\PnPutil.exe

c:\users\nadine\Documents\~WRL0001.tmp

c:\users\nadine\Documents\~WRL0002.tmp

c:\users\nadine\Documents\~WRL0003.tmp

c:\users\nadine\Documents\~WRL0004.tmp

c:\users\nadine\Documents\~WRL0005.tmp

c:\users\nadine\Documents\~WRL0006.tmp

c:\users\nadine\Documents\~WRL0007.tmp

c:\users\nadine\Documents\~WRL0008.tmp

c:\users\nadine\Documents\~WRL0009.tmp

c:\users\nadine\Documents\~WRL0206.tmp

c:\users\nadine\Documents\~WRL0435.tmp

c:\users\nadine\Documents\~WRL0484.tmp

c:\users\nadine\Documents\~WRL0592.tmp

c:\users\nadine\Documents\~WRL0605.tmp

c:\users\nadine\Documents\~WRL0625.tmp

c:\users\nadine\Documents\~WRL0649.tmp

c:\users\nadine\Documents\~WRL0793.tmp

c:\users\nadine\Documents\~WRL0810.tmp

c:\users\nadine\Documents\~WRL0811.tmp

c:\users\nadine\Documents\~WRL1059.tmp

c:\users\nadine\Documents\~WRL1244.tmp

c:\users\nadine\Documents\~WRL1330.tmp

c:\users\nadine\Documents\~WRL1380.tmp

c:\users\nadine\Documents\~WRL1733.tmp

c:\users\nadine\Documents\~WRL2330.tmp

c:\users\nadine\Documents\~WRL2526.tmp

c:\users\nadine\Documents\~WRL2622.tmp

c:\users\nadine\Documents\~WRL2760.tmp

c:\users\nadine\Documents\~WRL2803.tmp

c:\users\nadine\Documents\~WRL3030.tmp

c:\users\nadine\Documents\~WRL3139.tmp

c:\users\nadine\Documents\~WRL3400.tmp

c:\users\nadine\Documents\~WRL3633.tmp

c:\users\nadine\Documents\~WRL3744.tmp

c:\users\nadine\Documents\~WRL3766.tmp

c:\users\nadine\Documents\~WRL3813.tmp

c:\users\nadine\Documents\~WRL3976.tmp

.

.

((((((((((((((((((((((((( Files Created from 2013-04-21 to 2013-05-21 )))))))))))))))))))))))))))))))

.

.

2013-05-21 22:34 . 2013-05-21 22:34 -------- d-----w- c:\users\nadine\AppData\Local\temp

2013-05-21 22:34 . 2013-05-21 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-21 21:38 . 2013-05-21 22:06 -------- d-----w- C:\32788R22FWJFW

2013-05-21 19:48 . 2013-05-21 19:48 -------- d-s---w- c:\windows\SysWow64\Microsoft

2013-05-21 18:54 . 2013-05-21 18:54 -------- d-----w- c:\users\nadine\AppData\Roaming\toshiba

2013-05-21 06:14 . 2013-05-21 19:51 -------- d-----w- c:\program files\Google

2013-05-21 06:11 . 2013-05-21 19:23 -------- d-----w- c:\users\nadine\AppData\Local\Google

2013-05-21 06:11 . 2013-05-21 19:51 -------- d-----w- c:\program files (x86)\Google

2013-05-21 06:11 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-05-21 06:07 . 2013-05-21 06:07 -------- d-----w- c:\program files\AVAST Software

2013-05-21 06:06 . 2013-05-21 19:51 -------- d-----w- c:\programdata\AVAST Software

2013-05-21 04:09 . 2013-05-21 04:09 -------- d-----w- c:\users\nadine\AppData\Roaming\Malwarebytes

2013-05-21 04:09 . 2013-05-21 04:09 -------- d-----w- c:\programdata\Malwarebytes

2013-05-21 04:09 . 2013-05-21 04:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-21 04:09 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-21 03:36 . 2013-05-21 21:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-05-21 03:35 . 2013-05-21 22:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-05-21 03:07 . 2013-05-21 19:24 -------- d-----w- c:\program files (x86)\MemTurbo 4

2013-05-16 10:00 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-16 10:00 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-16 10:00 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-15 16:02 . 2013-04-09 01:55 2774016 ----a-w- c:\windows\system32\win32k.sys

2013-05-15 16:02 . 2013-04-15 14:17 901496 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 16:02 . 2013-04-13 03:34 47104 ----a-w- c:\windows\system32\cdd.dll

2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2013-05-10 07:57 . 2013-05-10 07:57 27208 ----a-w- c:\windows\system32\AdobePDFUI.dll

2013-05-10 07:57 . 2013-05-10 07:57 55872 ----a-w- c:\windows\system32\AdobePDF.dll

2013-04-24 23:59 . 2013-03-03 19:13 1513320 ----a-w- c:\windows\system32\drivers\ntfs.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-16 10:09 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe

2013-04-05 20:39 . 2013-02-17 23:35 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-03-15 06:28 . 2013-04-05 20:32 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{905F2DB6-360B-46E4-B444-BCAEA76A6AF5}\mpengine.dll

2013-03-12 08:10 . 2009-10-18 20:46 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-03-11 13:33 . 2013-04-17 20:12 4691304 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-09 04:16 . 2013-04-17 20:12 85504 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-09 01:48 . 2013-04-17 20:12 75264 ----a-w- c:\windows\system32\smss.exe

2013-03-08 04:18 . 2013-04-17 20:12 451072 ----a-w- c:\windows\system32\winsrv.dll

2013-03-08 04:17 . 2013-04-17 20:11 2425344 ----a-w- c:\windows\system32\mstscax.dll

2013-03-08 03:52 . 2013-04-17 20:11 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 432640]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-03 12008296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NDSTray.exe"="NDSTray.exe" [bU]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]

"Symantec PIF AlertEng"="c:\program files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-02-12 536576]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-04-05 1219248]

"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1216808]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: shawcable.com\webmail

Trusted Zone: unbc.ca\exch

Trusted Zone: unbc.ca\www

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll

FF - ProfilePath - c:\users\nadine\AppData\Roaming\Mozilla\Firefox\Profiles\dsgn8bio.default\

FF - ExtSQL: !HIDDEN! 2009-12-29 12:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2013-05-21 15:39:59

ComboFix-quarantined-files.txt 2013-05-21 22:39

.

Pre-Run: 238,180,188,160 bytes free

Post-Run: 238,264,012,800 bytes free

.

- - End Of File - - 29A8CD0F2E8FC0E9F5130EE90CE540F8

The problem still happens with IE and Chrome.

Any suggestions would be helpful.

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Hello Lynettecan and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept