Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Google Redirect, GMER bsod on scan


yogurt
 Share

Recommended Posts

Hey there. I have been suffering from some kind of virus that is redirecting my google links on a regular basis. I believe I am not the only one here suffering from this, but I would like to get some help if possible :blink:

I use Mozilla Firefox on a Windows 7. When the redirection happens, it'll flicker through some random site like this before redirecting the page to another random ad site.

uFqkD.jpg

I ran through the basic preparation you guys have for malware removal, and I got through the first couple of steps fine. I ran MBAM and AVG (my anti-virus software), and MBAM found one file and killed it, but the problem is still occurring. I disabled the emulation software with DeFogger, and I ran DDS, which gave me the DDS.txt and Attach.txt as mentioned. When it got down to running GMER however, I have been constantly running into a BSOD, and have not been able to hurdle past this step.

Not sure whether I should attach the files I have, since I am missing GMER stuff. Help would be very appreciated :welcome:

Link to post
Share on other sites

Hi yogurt,

Please copy/paste DDS.txt into your next reply.

Also, if you're running Windows 7 and have Google redirects the likely candidate is TDL4 so also perform these steps.

Forget about Gmer for now because that version is not fully compatible with Win 7.

Download Microsoft's Malicious Software Removal Tool (MSRT) to your desktop

Save and Rename it as You download it to iexplore.exe

Double-click iexplore.exe on your Desktop to run it

In the "Scan Type" window, select Full Scan

Perform a scan and the Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

More Information on performing the scan can be found here:

http://secure-computer-solutions.com/blog/...ng_malware.html

1) Click on Start, Run

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Additional information concerning these Instructions can be found here:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Please post back:

1. DDS.txt

2. The MSRT log

3. The TDSSKiller Log

Thanks!

Link to post
Share on other sites

The DDS.txt and the TDSSkiller log is attached to the post, and here is my MSRT log. Attach.txt was not asked for, so I didn't attach it. Thanks in advance!

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.12, October 2010

Started On Sat Oct 16 22:35:06 2010

Extended Scan Results

----------------

->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\Program Files\Graal\Graal4.exe (code 0x0000000D (13))

->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{ef84c2f3-d970-11df-83b4-001a920a660a}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\Program Files\Graal\Graal4.exe (code 0x0000000D (13))

Threat detected: Rogue:Win32/FakeCog

file://C:\Users\Milda\AppData\Local\Temp\5eda.tmp

SigSeq: 0x000010805B231F1B

SHA1: 51037CE29FBE205A443F31054FDC268142B5C4A5

file://C:\Users\Milda\AppData\Local\Temp\fb09.tmp

SigSeq: 0x000010805B231F1B

SHA1: 51037CE29FBE205A443F31054FDC268142B5C4A5

Threat detected: Virus:Win32/Alureon.H

rootkit://Alureon->blbdrive

SigSeq: 0x000033A9F884A26F

Extended Scan Removal Results

----------------

Start 'clean' for rootkit://Alureon->blbdrive

Operation was scheduled to be completed after next reboot.

Start 'remove' for file://\\?\C:\Users\Milda\AppData\Local\Temp\fb09.tmp

Operation succeeded !

Start 'remove' for file://\\?\C:\Users\Milda\AppData\Local\Temp\5eda.tmp

Operation succeeded !

Results Summary:

----------------

Found Rogue:Win32/FakeCog and Removed!

DDS.txt

TDSSKiller.2.4.4.0_17.10.2010_11.16.29_log.txt

Link to post
Share on other sites

Hi yogurt,

The MSRT successfully disinfected Alureon which is a Google redirect trojan/rootkit

TDSSKiller log is clean!

Please run another DDS.scr scan and COPY/PASTE the report into your next reply since MSRT removed things and your attached scan reflects the state of your system on 10-14 (pre-malware removal).

Please also download MBRCheck to your Desktop

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

* Right-click MBRCheck.exe and select Run as Administrator

* It will Open a Command Prompt window with some data on it

* A report called MBRcheck.txt will be on your desktop

* Open this report (MBRCheck.txt) in Notepad or your default TXT editor by double-clicking it.

* Please copy/paste that report into your next reply!

So I need:

1. DDS.txt (new NOT attached)

2. MBRCheck.txt

3. Please let me know if You're still getting redirected

Thanks!

Link to post
Share on other sites

Thanks! I don't appear to be getting the redirects, the random popups, or my svchost crashing anymore.

Here's my DDS:

DDS (Ver_10-10-10.03) - NTFSx86

Run by Milda at 13:55:45.21 on Sun 10/17/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.848 [GMT -10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Windows\system32\drivers\CDAC11BA.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Planex\Common\RalinkRegistryWriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files\Guitar Pro 5\GP5.exe

C:\Users\Milda\Downloads\dds.com

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uURLSearchHooks: N/A: {0a94b116-4504-4e26-ab05-e61e474aa38b} - c:\program files\askpbar\srchastt\1.bin\A9SRCHAS.DLL

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Ask Search Assistant BHO: {0a94b111-4504-4e26-ab05-e61e474aa38b} - c:\program files\askpbar\srchastt\1.bin\A9SRCHAS.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdmcks.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Ask Toolbar BHO: {f4d76f01-7896-458a-890f-e1f05c46069f} - c:\program files\askpbar\bar\1.bin\ASKPBAR.DLL

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: Ask Toolbar: {f4d76f09-7896-458a-890f-e1f05c46069f} - c:\program files\askpbar\bar\1.bin\ASKPBAR.DLL

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [<NO NAME>]

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\users\milda\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

StartupFolder: c:\users\milda\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll

AppInit_DLLs: avgrsstx.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll

STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\progra~1\stardock\object~1\desksc~1\DESKSC~2.DLL

STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\progra~1\stardock\object~1\desksc~1\DESKTO~1.DLL

STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\progra~1\stardock\object~1\desksc~1\DREAMC~1.DLL

STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\milda\appdata\roaming\mozilla\firefox\profiles\t2th8ref.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\users\milda\appdata\roaming\mozilla\plugins\npoctoshape.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {E79EC646-6F66-4AE5-808E-0742E2701C49} - c:\users\milda\appdata\local\{e79ec646-6f66-4ae5-808e-0742e2701c49}\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-14 64160]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-3-4 11448]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-8 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-8 29584]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-29 243024]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\planex\common\RalinkRegistryWriter.exe [2009-5-5 69632]

R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]

R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-1-23 28800]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-2-26 430152]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2006-5-30 29184]

S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-5-20 36928]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-31 1343400]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-10-17 21:02:34 35328 ----a-w- c:\windows\system32\drivers\BLBDRIVE.SYS

2010-10-17 08:36:44 -------- d-----w- c:\windows\system32\MpEngineStore

2010-10-14 04:47:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-10-14 04:43:49 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2010-10-02 05:59:07 -------- d-----w- c:\program files\common files\Software Update Utility

2010-09-25 07:30:16 -------- d-----w- c:\users\milda\appdata\local\Autodesk

2010-09-25 07:30:16 -------- d-----w- c:\program files\Autodesk

2010-09-25 07:28:05 -------- d-----w- c:\program files\common files\Autodesk Shared

2010-09-25 04:41:29 -------- d-----w- c:\users\milda\appdata\roaming\Autodesk

2010-09-25 04:33:44 -------- d-----w- C:\Autodesk

2010-09-25 02:05:48 -------- d-----w- c:\program files\common files\Akamai

==================== Find3M ====================

2010-09-16 07:53:14 234280 ----a-w- c:\windows\system32\PnkBstrB.xtr

2010-09-16 07:31:19 234280 ----a-w- c:\windows\system32\PnkBstrB.exe

============= FINISH: 13:57:43.39 ===============

And here's my MBRcheck log:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: Phoenix Technologies, LTD

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x0000007d

Kernel Drivers (total 170):

0x82A40000 \SystemRoot\system32\ntkrnlpa.exe

0x82A09000 \SystemRoot\system32\halmacpi.dll

0x80BAC000 \SystemRoot\system32\kdcom.dll

0x88A38000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x88AB0000 \SystemRoot\system32\PSHED.dll

0x88AC1000 \SystemRoot\system32\BOOTVID.dll

0x88AC9000 \SystemRoot\system32\CLFS.SYS

0x88B0B000 \SystemRoot\system32\CI.dll

0x88C17000 \SystemRoot\system32\drivers\Wdf01000.sys

0x88C88000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x88C96000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x88CDE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x88CE7000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x88CF2000 \SystemRoot\system32\DRIVERS\pci.sys

0x88D1C000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x88D24000 \SystemRoot\System32\drivers\partmgr.sys

0x88D35000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x88D45000 \SystemRoot\System32\drivers\volmgrx.sys

0x88D90000 \SystemRoot\system32\DRIVERS\pciide.sys

0x88D97000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x88DA5000 \SystemRoot\System32\drivers\mountmgr.sys

0x88DBB000 \SystemRoot\system32\DRIVERS\atapi.sys

0x88DC4000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x88BB6000 \SystemRoot\system32\DRIVERS\nvstor.sys

0x88E20000 \SystemRoot\system32\DRIVERS\storport.sys

0x88E67000 \SystemRoot\system32\DRIVERS\msahci.sys

0x88E71000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x88E7A000 \SystemRoot\system32\drivers\fltmgr.sys

0x88EAE000 \SystemRoot\system32\drivers\fileinfo.sys

0x88EBF000 \SystemRoot\system32\DRIVERS\Lbd.sys

0x88ECE000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x8900A000 \SystemRoot\System32\Drivers\Ntfs.sys

0x89139000 \SystemRoot\System32\Drivers\msrpc.sys

0x89164000 \SystemRoot\System32\Drivers\ksecdd.sys

0x89177000 \SystemRoot\System32\Drivers\cng.sys

0x891D4000 \SystemRoot\System32\drivers\pcw.sys

0x891E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x88ED7000 \SystemRoot\system32\drivers\ndis.sys

0x88F8E000 \SystemRoot\system32\drivers\NETIO.SYS

0x88FCC000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8923A000 \SystemRoot\System32\drivers\tcpip.sys

0x89383000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x893B4000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x893BD000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x89200000 \SystemRoot\System32\Drivers\spldr.sys

0x89208000 \SystemRoot\System32\drivers\sfhlp02.sys

0x88A00000 \SystemRoot\System32\drivers\rdyboost.sys

0x89210000 \SystemRoot\System32\Drivers\mup.sys

0x89220000 \SystemRoot\System32\drivers\hwpolicy.sys

0x89419000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8944B000 \SystemRoot\system32\DRIVERS\disk.sys

0x8945C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x894D7000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x894F6000 \SystemRoot\System32\Drivers\Null.SYS

0x894FD000 \SystemRoot\System32\Drivers\Beep.SYS

0x89504000 \SystemRoot\System32\drivers\vga.sys

0x89510000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x89531000 \SystemRoot\System32\drivers\watchdog.sys

0x8953E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x89546000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8954E000 \SystemRoot\system32\drivers\rdprefmp.sys

0x89556000 \SystemRoot\System32\Drivers\Msfs.SYS

0x89561000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8956F000 \SystemRoot\system32\DRIVERS\tdx.sys

0x89586000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x89591000 \SystemRoot\System32\Drivers\avgtdix.sys

0x895CB000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8DC1F000 \SystemRoot\system32\drivers\afd.sys

0x8DC79000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x8DC80000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8DC9F000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x8DCB0000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8DCBE000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8DCD1000 \SystemRoot\system32\DRIVERS\termdd.sys

0x8DCE1000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8DD22000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8DD2C000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8DD36000 \SystemRoot\System32\drivers\discache.sys

0x8DD42000 \SystemRoot\system32\drivers\csc.sys

0x8DDA6000 \SystemRoot\System32\Drivers\dfsc.sys

0x8DDBE000 \SystemRoot\SYSTEM32\DRIVERS\BLBDRIVE.SYS

0x8DDCC000 \SystemRoot\System32\Drivers\avgmfx86.sys

0x8EC28000 \SystemRoot\System32\Drivers\avgldx86.sys

0x8EC5C000 \SystemRoot\system32\drivers\AsUpIO.sys

0x8EC5E000 \SystemRoot\system32\drivers\AsIO.sys

0x8EC5F000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x8EC80000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x9022D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x90B4E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x8EC92000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x90B50000 \SystemRoot\System32\drivers\dxgmms1.sys

0x90B89000 \SystemRoot\system32\DRIVERS\fdc.sys

0x90B94000 \SystemRoot\system32\DRIVERS\serial.sys

0x90BAE000 \SystemRoot\system32\DRIVERS\serenum.sys

0x90BB8000 \SystemRoot\system32\DRIVERS\parport.sys

0x90BD0000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x8ED49000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x90BDA000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x90BE9000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0x90200000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x8ED94000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x8F43A000 \SystemRoot\system32\DRIVERS\nvm62x32.sys

0x8F48F000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x8F497000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x8F4A4000 \SystemRoot\system32\drivers\PPJoyBus.sys

0x8F4A8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x8F4BA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8F4D2000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8F4DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8F4FF000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x8F517000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8F52E000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x8F54A000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x8F554000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x8F561000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x8F56E000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8F570000 \SystemRoot\system32\DRIVERS\ks.sys

0x8F5A4000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8F5B2000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0x8F5BC000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x8F400000 \SystemRoot\system32\drivers\PPortJoy.sys

0x8F408000 \SystemRoot\system32\drivers\HIDCLASS.SYS

0x8F41B000 \SystemRoot\system32\drivers\HIDPARSE.SYS

0x8F422000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8FA26000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x8FBB9000 \SystemRoot\system32\drivers\portcls.sys

0x8FA00000 \SystemRoot\system32\drivers\drmk.sys

0x8FA19000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x8FA24000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x8FBE8000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x8EDB3000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x8EDCA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x8FBF3000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x8EDE1000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x90BF0000 \SystemRoot\System32\Drivers\crashdmp.sys

0x8EC00000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0x8DDD2000 \SystemRoot\System32\Drivers\dump_nvstor.sys

0x8EC0A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x82490000 \SystemRoot\System32\win32k.sys

0x8EC1B000 \SystemRoot\System32\drivers\Dxapi.sys

0x8DC00000 \SystemRoot\system32\DRIVERS\monitor.sys

0x826F0000 \SystemRoot\System32\TSDDD.dll

0x82720000 \SystemRoot\System32\cdd.dll

0x82740000 \SystemRoot\System32\ATMFD.DLL

0x89481000 \SystemRoot\system32\drivers\luafv.sys

0x8949C000 \SystemRoot\system32\drivers\WudfPf.sys

0x8DC0B000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x99E14000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x99E5A000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x99E6A000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x99E7D000 \SystemRoot\system32\drivers\HTTP.sys

0x99F02000 \SystemRoot\system32\DRIVERS\bowser.sys

0x99F1B000 \SystemRoot\System32\drivers\mpsdrv.sys

0x99F2D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x99F50000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x99F8B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x99FA6000 \SystemRoot\system32\DRIVERS\parvdm.sys

0x99FAD000 \SystemRoot\System32\Drivers\Aspi32.SYS

0x99FF4000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0x9E012000 \SystemRoot\system32\drivers\peauth.sys

0x9E0A9000 \SystemRoot\System32\Drivers\secdrv.SYS

0x9E0B3000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x9E0D4000 \SystemRoot\System32\drivers\tcpipreg.sys

0x9E0E1000 \SystemRoot\System32\DRIVERS\srv2.sys

0x9E130000 \SystemRoot\System32\DRIVERS\srv.sys

0x9E181000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x9E1B4000 \??\C:\Users\Milda\AppData\Local\Temp\uglcypob.sys

0x776B0000 \Windows\System32\ntdll.dll

0x47DD0000 \Windows\System32\smss.exe

0x778F0000 \Windows\System32\apisetschema.dll

Processes (total 69):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

408 csrss.exe

468 C:\Windows\System32\wininit.exe

480 csrss.exe

492 C:\Program Files\AVG\AVG9\avgchsvx.exe

500 C:\Program Files\AVG\AVG9\avgrsx.exe

536 C:\Windows\System32\services.exe

544 C:\Windows\System32\lsass.exe

552 C:\Windows\System32\lsm.exe

652 C:\Program Files\AVG\AVG9\avgcsrvx.exe

756 C:\Windows\System32\winlogon.exe

872 C:\Windows\System32\svchost.exe

1008 C:\Windows\System32\nvvsvc.exe

1036 C:\Windows\System32\svchost.exe

1128 C:\Windows\System32\svchost.exe

1188 C:\Windows\System32\svchost.exe

1216 C:\Windows\System32\svchost.exe

1388 C:\Windows\System32\svchost.exe

1488 C:\Windows\System32\svchost.exe

1504 C:\Windows\System32\nvvsvc.exe

1636 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

1800 C:\Windows\System32\spoolsv.exe

1836 C:\Windows\System32\svchost.exe

1964 C:\Windows\System32\svchost.exe

1992 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

2024 C:\Program Files\AVG\AVG9\avgwdsvc.exe

2044 C:\Windows\System32\drivers\CDAC11BA.EXE

384 C:\Windows\System32\svchost.exe

372 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

936 C:\Windows\System32\PnkBstrA.exe

1332 C:\Program Files\Planex\Common\RalinkRegistryWriter.exe

1548 C:\Windows\System32\svchost.exe

2096 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

2124 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

2288 unsecapp.exe

2380 WmiPrvSE.exe

2616 C:\Program Files\AVG\AVG9\avgnsx.exe

2908 WUDFHost.exe

3004 C:\Windows\System32\svchost.exe

3244 C:\Windows\System32\dwm.exe

3252 C:\Windows\System32\taskhost.exe

3324 C:\Windows\explorer.exe

3600 C:\Windows\RtHDVCpl.exe

3608 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

3652 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

3680 C:\Program Files\AVG\AVG9\avgtray.exe

3724 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

3732 C:\Program Files\Windows Sidebar\sidebar.exe

1780 C:\Windows\System32\SearchIndexer.exe

2612 C:\Program Files\Rainmeter\Rainmeter.exe

2916 C:\Program Files\Windows Media Player\wmpnetwk.exe

3908 C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

1596 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

1416 C:\Windows\System32\wuauclt.exe

1712 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

5852 C:\Program Files\Steam\Steam.exe

3288 C:\Program Files\Mozilla Firefox\firefox.exe

4756 C:\Windows\System32\audiodg.exe

5336 C:\Windows\System32\notepad.exe

1520 C:\Windows\System32\svchost.exe

2488 C:\Windows\System32\notepad.exe

5552 C:\Windows\System32\SearchProtocolHost.exe

4956 C:\Windows\System32\SearchFilterHost.exe

4916 C:\Windows\explorer.exe

4232 C:\Windows\System32\dllhost.exe

2360 C:\Users\Milda\Desktop\MBRCheck.exe

4036 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200JS-22PDB0, Rev: 21.0

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Link to post
Share on other sites

This item that DDS shows is a Rogue (Fake) security program, so can you please attach attach.txt. I think this is from a leftover stray registry entry because MSRT removed the active infection.

AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

Also, let's do this:

Please perform a scan with the ESET online virus scanner:

http://www.eset.com/onlinescan/index.php

  • ESET recommends disabling your resident antivirus's auto-protection feature before beginning the scan to avoid conflicts and system hangs
  • Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan.
  • Check the "Yes, I accept the terms of use" box.
  • Click "Start"
  • Approve the installation of the ActiveX control that's required to enable scanning
  • Make sure the box to
    • Remove found threats. is CHECKED!!
    • Click "Start"

    [*]Allow the definition data base to install

    [*]Click "Scan"

When the scan is done, please post the scan report in your next reply. It can be found in this location:

C:\Program Files\EsetOnlineScanner\log.txt

Note to Windows 7 and Vista users, and anyone with restrictive IE security settings:

Depending on your security settings, you may have to allow cookies and put the ESET website, www.eset.com, into the trusted zone of Internet Explorer if the scan has problems starting (in Vista/Windows 7 this is a necessity as IE runs in Protected mode).

To do that, on the Internet Explorer menu click Tools => Internet Options => Security => Trusted Sites => Sites. Then UNcheck "Require server verification for all sites in this zone" checkbox at the bottom of the dialog. Add the above www.eset.com url to the list of trusted sites, by inserting it in the blank box and clicking the Add button, then click Close. For cookies, choose the IE Privacy tab and add the above eset.com url to the exceptions list for cookie blocking.

Also, please perform a fully updated MBAM scan and post the log back in your next reply.

So in your next reply, I need:

1. Attach.txt (attached)

2. The ESET scan report

3. A fresh MBAM scan log

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.